PHP REST API POSTMAN Fatal error Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

Question

在使用 PHP REST ZDB974238714CA8DE634A7CE1DF08 時，我在 postman 中遇到此錯誤：

致命錯誤：未捕獲的 PDOException：SQLSTATE[42000]：語法錯誤或訪問沖突：1064 您的 SQL 語法有錯誤； 檢查與您的 MariaDB 服務器版本相對應的手冊，以在 C:\xampp\htdocs\project\dTb\ 的第 2 行的“listing_name = 'name', address = 'test', po...' 附近使用正確的語法模型\Listing.php:137 堆棧跟蹤：

這是我的 model

// Create Post
        public function create(){
            // create query
            $query = 'INSERT INTO ' . 
            $this->table . 
            'SET
            listing_name = :listing_name,
            address = :address,
            postal_code = :postal_code,
            google_id = :google_id,
            website = :website,
            tag_array = :tag_array,
            area_array = :area_array';

            // Prepare Statement
            $stmt = $this->conn->prepare($query);

            // Clean Data
            $this->listing_name = htmlspecialchars(strip_tags($this->listing_name));
            $this->address = htmlspecialchars(strip_tags($this->address));
            $this->postal_code = htmlspecialchars(strip_tags($this->postal_code));
            $this->google_id = htmlspecialchars(strip_tags($this->google_id));
            $this->website = htmlspecialchars(strip_tags($this->website));
            $this->tag_array = htmlspecialchars(strip_tags($this->tag_array));
            $this->area_array = htmlspecialchars(strip_tags($this->area_array));
           
            // Bind Data
            $stmt->bindParam(':listing_name', $this->listing_name);
            $stmt->bindParam(':address', $this->address);
            $stmt->bindParam(':postal_code', $this->postal_code);
            $stmt->bindParam(':google_id', $this->google_id);
            $stmt->bindParam(':website', $this->website);
            $stmt->bindParam(':tag_array', $this->tag_array);
            $stmt->bindParam(':area_array', $this->area_array);

            // Execute Query
            if($stmt->execute()) {
                return true;
            }

            // Print Error is Something Goes Wrong
            printf("Error: %s ", $stmt->error);
        }

這是 create.php

<?php 
// Headers
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Access-Control-Allow-Headers, Access-Control-Allow-Methods, Authorization, X-Requested-With');

include_once '../../config/Database.php';
include_once '../../models/Listing.php';


// Instantiate DB and Connect
$database = new Database();
$db = $database->connect();


// Instantiate Listing Object
$listing = new Listing($db);

// Get The Raw POST data
$data = json_decode(file_get_contents("php://input"));

$listing->listing_name = $data->listing_name;
$listing->address = $data->address;
$listing->postal_code = $data->postal_code;
$listing->google_id = $data->google_id;
$listing->website = $data->website;
$listing->tag_array = $data->tag_array;
$listing->area_array = $data->area_array;

// Create Listing
if($listing->create()){
    echo json_encode(
        array('message' => 'Post Created')
    );
} else {
    echo json_encode(
        array('message' => 'Listing Not Created')
    );
}

最后這就是 POSTMAN - POST (JSON) Body - Raw：

{
"listing_name": "test name",
"address": "test address",
"postal_code": "n12 345",
"google_id": "googleid",
"website": "website",
"tag_array": "tagarray, array",
"area_array": "areaarray, array"
}

Answer 1

嘗試在查詢中的“SET”之前添加一個空格

$query = 'INSERT INTO ' . 
            $this->table . 
            ' SET
            listing_name = :listing_name,