[英]sql syntax error - not sure why am getting this?
我无法弄清楚,由于某种原因,我收到此错误消息:
Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5
这是我的mysql查询,不知道是什么问题,请有人可以帮我吗?
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = \"$profile_id\"
AND ptb_block_user.user_id = ".$_SESSION['user_id']."
AND ptb_block_user.blocked='1' ";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
您也可以始终执行print $query
查看SQL查询的外观。 发现错误将更加容易。
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = ".mysql_real_escape_string($profile_id)."
AND ptb_block_user.user_id = ".mysql_real_escape_string($_SESSION['user_id'])."
AND ptb_block_user.blocked=1;";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
使用MySqli lib代替MySql: http ://www.php.net/manual/zh/book.mysqli.php
SELECT *
FROM ptb_block_user b
WHERE b.blocked_id = '$profile_id'
AND b.user_id = '{$_SESSION['user_id']}'
AND b.blocked=1
?
如果您使用纯PHP而没有框架,那么sou应该始终使用准备好的语句进行mysql通信。 这更加安全,可以保护您免受mysql注入。
尝试这个。
db = new mysqli("your_ip_or_host","username","password","name_of_database");
$st = $db->prepare("SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = ?
AND ptb_block_user.user_id = ?
AND ptb_block_user.blocked=?");
$st->bind_param('iii', intval($profile_id), intval($_SESSION['user_id']),1);
$st->execute();
$st->store_result();
$st->bind_result($col1, $col2, ... , $colx);
while($st->fetch())
{
echo "col1=$col, col2=$col2, ...., colX=$colx \n";
}
$st->close();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.