Pro语句插入行时出现SQL语法错误

Question

我正在使用以下代码在数据库中插入一行。 我总是出错

{"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show) VALUES('A E Jewelers','Quintin','Schmidt','131 South Rolling Meadows Dr.',' at line 1"}

这是我的查询

xxx/webservice/api.php?action=addStore&name=A%20E%20Jewelers&firstname=Quintin&lastname=Schmidt&address=131%20South%20Rolling%20Meadows%20Dr.&city=Fond%20du%20Lac&state=WI&country=USA&zip=54935&phone=(920)%20933%203601%0A&fax=(920)%20486-1734&email=Diadori@aejewelers.com&latitude=43.775931&longitude=-88.482894&website=www.aejewelers.com&show=1

    function AddStore() 
    {
        $name = trim($_REQUEST['name']);
        $firstname = trim($_REQUEST['firstname']);
        $lastname  = trim($_REQUEST['lastname']);
        $address = trim($_REQUEST['address']);
        $city = trim($_REQUEST['city']);
        $state = trim($_REQUEST['state']);
        $country = trim($_REQUEST['country']);
        $zip = trim($_REQUEST['zip']);
        $phone = trim($_REQUEST['phone']);
        $fax = trim($_REQUEST['fax']);
        $email = trim($_REQUEST['email']);
        $latitude = trim($_REQUEST['latitude']);        
        $longitude = trim($_REQUEST['longitude']);      
        $website = trim($_REQUEST['website']);      
        $show = 1;      

        return $show;
        $insert_id = 0;
        try {
            $conn = $this->GetDBConnection();
            $statement = $conn->prepare('INSERT INTO stores( name, firstname, lastname, address, city, state, country, zip, phone, fax, email, latitude,longitude, website,show) VALUES(:name,:firstname,:lastname,:address,:city,:state,:country,:zip,:phone,:fax, :email, :phone, :zip)');

            $statement->bindParam(':name',      $name, PDO::PARAM_STR);
            $statement->bindParam(':firstname', $firstname, PDO::PARAM_STR);
            $statement->bindParam(':lastname' , $lastname, PDO::PARAM_STR);
            $statement->bindParam(':address',   $address, PDO::PARAM_STR);
            $statement->bindParam(':city',      $city, PDO::PARAM_STR);
            $statement->bindParam(':state',     $state, PDO::PARAM_STR);
            $statement->bindParam(':country',   $country, PDO::PARAM_STR);
            $statement->bindParam(':zip',       $zip, PDO::PARAM_STR);
            $statement->bindParam(':phone',     $phone, PDO::PARAM_STR);
            $statement->bindParam(':fax'    ,   $fax, PDO::PARAM_STR);
            $statement->bindParam(':email'    , $email, PDO::PARAM_STR);
            $statement->bindParam(':latitude' , $latitude, PDO::PARAM_STR);
            $statement->bindParam(':longitude', $longitude, PDO::PARAM_STR);
            $statement->bindParam(':website'  , $website, PDO::PARAM_STR);
            $statement->bindParam(':show'     , $show, PDO::PARAM_INT);

            $statement->execute();

            $insert_id = $conn->lastInsertId();

            $conn = null;
        } catch(PDOException $e) {
            throw $e;
        }

        return $insert_id;
    }

Answer 1

将列名show替换为show

INSERT INTO stores( 
     name, firstname, lastname, address, city, state, 
     country, zip, phone, fax, email, latitude,longitude, 
     website,`show`)
VALUES (:name,:firstname,:lastname,:address,:city,
     :state,:country,:zip,:phone,:fax, :email, 
     :phone, :zip)'

单词show是SQL中的关键字

Answer 2

良好的做法是始终将字段名和表名包装在反引号中，以防偶然使用保留关键字来避免这种常见的“陷阱”。 SQL中保留字的数量惊人，因此仅对名称进行反引号而不是记住检查所使用的每个字段或表名可能会更容易。

我认为您已经确认所有值都不为空/空，也不包含空格，引号或逗号？ PDO库是否处理转义引号（例如， Mrs. O'Leary's Cow ）并将数据包装在引号中？