Pro語句插入行時出現SQL語法錯誤

Question

我正在使用以下代碼在數據庫中插入一行。 我總是出錯

{"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show) VALUES('A E Jewelers','Quintin','Schmidt','131 South Rolling Meadows Dr.',' at line 1"}

這是我的查詢

xxx/webservice/api.php?action=addStore&name=A%20E%20Jewelers&firstname=Quintin&lastname=Schmidt&address=131%20South%20Rolling%20Meadows%20Dr.&city=Fond%20du%20Lac&state=WI&country=USA&zip=54935&phone=(920)%20933%203601%0A&fax=(920)%20486-1734&email=Diadori@aejewelers.com&latitude=43.775931&longitude=-88.482894&website=www.aejewelers.com&show=1

    function AddStore() 
    {
        $name = trim($_REQUEST['name']);
        $firstname = trim($_REQUEST['firstname']);
        $lastname  = trim($_REQUEST['lastname']);
        $address = trim($_REQUEST['address']);
        $city = trim($_REQUEST['city']);
        $state = trim($_REQUEST['state']);
        $country = trim($_REQUEST['country']);
        $zip = trim($_REQUEST['zip']);
        $phone = trim($_REQUEST['phone']);
        $fax = trim($_REQUEST['fax']);
        $email = trim($_REQUEST['email']);
        $latitude = trim($_REQUEST['latitude']);        
        $longitude = trim($_REQUEST['longitude']);      
        $website = trim($_REQUEST['website']);      
        $show = 1;      

        return $show;
        $insert_id = 0;
        try {
            $conn = $this->GetDBConnection();
            $statement = $conn->prepare('INSERT INTO stores( name, firstname, lastname, address, city, state, country, zip, phone, fax, email, latitude,longitude, website,show) VALUES(:name,:firstname,:lastname,:address,:city,:state,:country,:zip,:phone,:fax, :email, :phone, :zip)');

            $statement->bindParam(':name',      $name, PDO::PARAM_STR);
            $statement->bindParam(':firstname', $firstname, PDO::PARAM_STR);
            $statement->bindParam(':lastname' , $lastname, PDO::PARAM_STR);
            $statement->bindParam(':address',   $address, PDO::PARAM_STR);
            $statement->bindParam(':city',      $city, PDO::PARAM_STR);
            $statement->bindParam(':state',     $state, PDO::PARAM_STR);
            $statement->bindParam(':country',   $country, PDO::PARAM_STR);
            $statement->bindParam(':zip',       $zip, PDO::PARAM_STR);
            $statement->bindParam(':phone',     $phone, PDO::PARAM_STR);
            $statement->bindParam(':fax'    ,   $fax, PDO::PARAM_STR);
            $statement->bindParam(':email'    , $email, PDO::PARAM_STR);
            $statement->bindParam(':latitude' , $latitude, PDO::PARAM_STR);
            $statement->bindParam(':longitude', $longitude, PDO::PARAM_STR);
            $statement->bindParam(':website'  , $website, PDO::PARAM_STR);
            $statement->bindParam(':show'     , $show, PDO::PARAM_INT);

            $statement->execute();

            $insert_id = $conn->lastInsertId();

            $conn = null;
        } catch(PDOException $e) {
            throw $e;
        }

        return $insert_id;
    }

Answer 1

將列名show替換為show

INSERT INTO stores( 
     name, firstname, lastname, address, city, state, 
     country, zip, phone, fax, email, latitude,longitude, 
     website,`show`)
VALUES (:name,:firstname,:lastname,:address,:city,
     :state,:country,:zip,:phone,:fax, :email, 
     :phone, :zip)'

單詞show是SQL中的關鍵字

Answer 2

良好的做法是始終將字段名和表名包裝在反引號中，以防偶然使用保留關鍵字來避免這種常見的“陷阱”。 SQL中保留字的數量驚人，因此僅對名稱進行反引號而不是記住檢查所使用的每個字段或表名可能會更容易。

我認為您已經確認所有值都不為空/空，也不包含空格，引號或逗號？ PDO庫是否處理轉義引號（例如， Mrs. O'Leary's Cow ）並將數據包裝在引號中？