PHP MSSQL 查詢語法錯誤
[英]PHP MSSQL Query Syntax Error
問題描述
我在 mssql_query 函數中遇到語法錯誤的問題。 經過一段時間嘗試不同的東西后,我想我會把它帶到這里。 謝謝你的幫助。
這是代碼:
<?php
...
$name = $_POST['name'];
$contactname = $_POST['contactname'];
$contacttitle = $_POST['contacttitle'];
$streetaddress = $_POST['streetaddress'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$telephone = $_POST['telephone'];
$fax = $_POST['fax'];
$email = $_POST['email'];
$director = $_POST['director'];
$affiliation1 = $_POST['affiliation1'];
$address1 = $_POST['address1'];
$phone1 = $_POST['phone1'];
$affiliation2 = $_POST['affiliation2'];
$address2 = $_POST['address2'];
$phone2 = $_POST['phone2'];
$affiliation3 = $_POST['affiliation3'];
$address3 = $_POST['address3'];
$phone3 = $_POST['phone3'];
$yearsoperational = $_POST['yearsoperational'];
$donorsannually = $_POST['donorsannually'];
$limit = $_POST['limit'];
$coveraget = $_POST['coverage'];
$donors1 = $_POST['donors1'];
$claims1 = $_POST['claims1'];
$medexppaid1 = $_POST['medexppaid1'];
$donors2 = $_POST['donors2'];
$claims2 = $_POST['claims2'];
$medexppaid2 = $_POST['medexppaid2'];
$donors3 = $_POST['donors3'];
$claims3 = $_POST['claims3'];
$medexppaid3 = $_POST['medexppaid3'];
$donorinstructions = $_POST['donorinstructions'];
//Connect to MSSQL Server
$myServer = ".\MSSQLSERVER2008";
$myUser = "user";
$myPass = "password";
$myDB = "database,name";
//connection to the server
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");
//insert form results into database
$query = mssql_query("INSERT INTO table_name (Name_of_Center,Name,Title,Street_Address,City,State,Zipcode,Phone,Fax,Email,Director,HA1,HA1_Address,
HA1_Phone,HA2,HA2_Address,HA2_Phone,HA3,HA3_Address,HA3_Phone,No_of_Years_Operational,Donors_Annually,Limit,Coverage,
Donors_2012,Donors_2011,Donors_2010,Claims_2012,Claims_2011,Claims_2010,Med_Exp_Paid_2012,Med_Exp_Paid_2011,Med_Exp_Paid_2010,Donor_Instructions)
VALUES ($name,$contactname,$contacttitle,$streetaddress,$city,$state,$zipcode,$telephone,$fax,$email,$director,$affiliation1,$address1,$phone1,$affiliation2,
$address2,$phone2,$affiliation3,$address3,$phone3,$yearsoperational,$donorsannually,$limit,$coverage,$donors1,$claims1,$medexppaid1,$donors2,$claims2,$medexppaid2,
$donors3,$claims3,$medexppaid3,$donorinstructions);");
if(!$query){
echo 'Failed to receive data. Please try again, or contact support';
}
else{
echo 'Successfully received data.';
$results = mysql_query($query);
var_dump($results);
}
mssql_close()
?>
它所說的有語法錯誤的行是這樣的:
$donors3,$claims3,$medexppaid3,$donorinstructions);");
這是瀏覽器中的錯誤:
Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near ','. (severity 15)
1 個解決方案
解決方案1
1 已采納 2014-04-22 16:27:51
您的整個問題是您很容易受到SQL 注入攻擊。 如果您知道這個問題,您也會意識到為什么您的查詢有這些語法錯誤並且從根本上被破壞了:您忘記引用您插入到查詢中的每一位數據。
一個真正不能解決根本問題的快速修復:
VALUES ('$name','$contactname','$contacttitle',etc...
^-----^-^--- insert quotes everywhere.
我在SQL查詢中遇到錯誤-PHP-SQLWarning:mssql_query():消息:“ =”附近的語法不正確。 (嚴重性15)
[英]I have got an error On SQL query - PHP-SQLWarning: mssql_query(): message: Incorrect syntax near '='. (severity 15)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.