Php MySQL语法错误,can';我好像没弄明白
好的,我正在为一家房地产公司建立一个数据库,大约3、4个月前才开始使用PHP。我遇到了这个错误,“您的SQL语法有错误;请检查与您的MySQL服务器版本对应的手册,以了解在第2行的“VALUES”('3605第二街','','','gfnfgnbfgn','MD','21230','dfgbfgnbg','','','附近使用的正确语法。” 这是涉及到的代码,有一个表单,我使用POST方法将信息传递到此页面Php MySQL语法错误,can';我好像没弄明白,php,mysql,database,Php,Mysql,Database,好的,我正在为一家房地产公司建立一个数据库,大约3、4个月前才开始使用PHP。我遇到了这个错误,“您的SQL语法有错误;请检查与您的MySQL服务器版本对应的手册,以了解在第2行的“VALUES”('3605第二街','','','gfnfgnbfgn','MD','21230','dfgbfgnbg','','','附近使用的正确语法。” 这是涉及到的代码,有一个表单,我使用POST方法将信息传递到此页面 <?php session_start(); require('connect.p
<?php
session_start();
require('connect.php');
$address = $_POST["Address"];
$apt = $_POST["Apt #"];
$city = $_POST["City"];
$state = $_POST["State"];
$zip = $_POST["Zip"];
$tenant1 = $_POST["Tenant1"];
$tenant1phone = $_POST["Tenant 1 Phone"];
$tenant1email= $_POST["Tenant 1 Email"];
$tenant2 = $_POST["Tenant 2"];
$tenant2phone = $_POST["Tenant 2 Phone"];
$tenant2email= $_POST["Tenant 2 Email"];
$tenant3 = $_POST["Tenant 3"];
$tenant3phone = $_POST["Tenant 3 Phone"];
$tenant3email= $_POST["Tenant 3 Email"];
$daterented = $_POST["Date Rented"];
$rent = $_POST["Rent"];
$leaseexp= $_POST["Lease Expiration"];
$datedue = $_POST["Date Due"];
$vacant = $_POST["Vacant"];
$rentpaid= $_POST["Rent Paid"];
$amountdue = $_POST["Amount Due"];
$fee = $_POST["Fee"];
$secdeposit= $_POST["Security Deposit"];
$leadcert = $_POST["Lead Cert"];
$leadcertdate= $_POST["Lead Cert Date"];
$repairlimit= $_POST["Repair Limit"];
$key = $_POST["Key #"];
$bedrooms= $_POST["Bedrooms"];
$bathrooms = $_POST["Bathrooms"];
$heat = $_POST["Heat"];
$appliances= $_POST["Appliances"];
$owner = $_POST["Owner"];
$owneraddress = $_POST["Owner Address"];
$ownercity = $_POST["Owner City"];
$ownerstate= $_POST["Owner State"];
$ownerzip = $_POST["Owner Zip"];
$ownerphone1 = $_POST["Owner Phone 1"];
$ownerphone2 = $_POST["Owner Phone 2"];
$ownerother= $_POST["Owner Other"];
$owneremail = $_POST["Owner Email"];
$sql = ("INSERT INTO info (Address, Apt #, City, State, Zip, Tenant 1, Tenant 1 Phone,
Tenant 1 Email, Tenant 2, Tenant 2 Phone, Tenant 2 Email, Tenant 3, Tenant 3 Phone,
Tenant 3 Email, Date Rented, Rent, Lease Expiration, Date Due, Vacant, Rent Paid,
Amount Due, Fee, Security Deposit, Lead Cert, Lead Cert Date, Repair Limit, Key #,
Bedrooms, Bathrooms, Heat, Appliances, Owner, Owner Address, Owner City, Owner State,
Owner Zip, Owner Phone 1, Owner Phone 2, Owner Other, Owner Email)
VALUES ('$address', '$apt', '$city', '$state', '$zip', '$tenant1', '$tenant1phone',
'$tenant1email', '$tenant2', '$tenant2phone', '$tenant2email', '$tenant3',
'$tenant3phone', '$tenant3email', '$daterented', '$rent', '$leaseexp', '$datedue',
'$vacant', '$rentpaid', '$amountdue', '$fee', '$secdeposit', '$leadcert',
'$leadcertdate', '$repairlimit', '$key', '$bedrooms', '$bathrooms', '$heat',
'$appliances', '$owner', '$owneraddress', '$ownercity', '$ownerstate', '$ownerzip',
'$ownerphone1', '$ownerphone2', '$ownerother', '$owneremail')");
var_dump($sql);
mysql_query($sql)or die(mysql_error());
if(mysql_affected_rows()>=1){
echo "<p>Entry Added</p>";
echo "<a href='index.php'>Home</a>";
}else{
echo "<p>Entry Not Updated</p>";
}
?>
您需要在所有列名中用``引号括起一个空格
像这样:
`Owner Address`
最好是用空格重命名所有列名,用下划线替换空格。此示例:
select apt # from mytable
将被解释为select apt
,包括#
和之后的所有内容,直到EOL将被解释为注释。您会注意到SO的语法突出显示也会将此理解为注释
这将有助于:
select `apt #` from mytable
甚至:
select `apt #` from `mytable`
您可以使用SQL注入。mysql.*
已被弃用。请改用PDO或MySQLi。带空格的列名…恶心。:)是否对列名有效?您的代码易受SQL注入攻击。您真的应该使用,将变量作为参数传递到其中,而这些参数不会对SQL进行计算。如果你不知道我在说什么,或者不知道如何修复它,那就读一读我的故事吧。
select `apt #` from `mytable`