Php 插入记录时，SQL语法错误消息中出现错误

我在用php上传表单时收到错误消息

“您的SQL语法有错误；请查看与您的MySQL服务器版本相对应的手册，以了解可使用的正确语法”

我按照其他帖子的指示做了如下操作，但毫无效果：

1-将列标题名称包装为反勾号。 2-确保所有字符串都作为字符串传递，整数作为整数传递。 3-发送前清理所有字符串。 4-确保与数据库的连接正常，我们可以从中进行查询。 5-检查并重新检查我的html代码

以下是我的php代码：

<?php

include('../config/config.php');

// Redirect browser if the upload form WAS NOT submited.
if (!isset($_POST['submit_upload']))
{
    header("location: upload.html");
}

// Continue if the upload form WAS SUBMITED

else
{

    // Set the upload directory path

    $target_path = realpath( dirname( __FILE__ ) ) . "/uploads/audio/";

    // Array to store validation errors

    $error_msg = array();

    // Validation error flag, if this becomes true we won't upload

    $error_flag = false;
    // We get the data from the upload form

    $filename = $_FILES['file']['name'];
    $temp_filename = $_FILES['file']['tmp_name'];
    $filesize = $_FILES['file']['size'];
    $mimetype = $_FILES['file']['type'];

    // Convert all applicable characters to HTML entities

    $filename = htmlentities($filename);
    $mimetype = htmlentities($mimetype);

    // Check for empty file

    if ($filename == "")
    {
        $error_msg[] = 'No file selected!';
        $error_flag = true;
    }

    // Check the mimetype of the file

    if ($mimetype != "audio/x-mp3" && $mimetype != "audio/mp3")
    {
        $error_msg[] = 'The file you are trying to upload does not contain expected data.  
                Are you sure that the file is an MP3 one?';
        $error_flag = true;
    }

    // Get the file extension, an honest file should have one

    $ext = substr(strrchr($filename, '.') , 1);
    if ($ext != 'mp3')
    {
        $error_msg[] = 'The file type or extention you are trying to upload is not allowed!    
                You can only upload MP3 files to the server!';
        $error_flag = true;
    }

    // Check that the file really is an MP3 file by reading the first few characters of the file

    $open = @fopen($_FILES['file']['tmp_name'], 'r');
    $read = @fread($open, 3);
    @fclose($open);
    if ($read != "ID3")
    {
        $error_msg[] = "The file you are trying to upload does not seem to be an MP3 file.";
        $error_flag = true;
    }

    // Now we check the filesize.
    // The file size shouldn't include any other type of character than numbers

    if (!is_numeric($filesize))
    {
       $error_msg[] = 'Bad filesize!';
       $error_flag = true;
    } 

    // If it is too big or too small then we reject it
    // MP3 files should be at least 1MB and no more than 10 MB
    // Check if the file is too large

    if ($filesize > 10485760)
    {
        $error_msg[] = 'The file you are trying to upload is too large!    
            Please upload a smaller MP3 file';
        $error_flag = true;
    }

    // Check if the file is too small

    if ($filesize < 1048600)
    {
        $error_msg[] = 'The file you are trying to upload is too small!  
            It is too small to be a valid MP3 file.';
        $error_flag = true;
    }

    // Function to sanitize values received from the form. Prevents SQL injection

    function clean($conn, $str)
    {
        $str = @trim($str);
        if (get_magic_quotes_gpc())
        {
            $str = stripslashes($str);
        }

        return mysqli_real_escape_string($conn, $str);
    }

    // Sanitize the POST values

    $title = clean($conn, $_POST['title']);
    $context = clean($conn, $_POST['context']);
    $source = clean($conn, $_POST['source']);
    $interviewer = clean($conn, $_POST['interviewer']);
    $interviewee = clean($conn, $_POST['interviewee']);
    $intervieweeAge = (int)$_POST['intervieweeAge'];
    $geoRegion = clean($conn, $_POST['geoRegion']);
    $language = clean($conn, $_POST['language']);
    $recDate = clean($conn,$_POST['recDate']);
    $keywords = $_POST['keywords'];

    if ($title == '')
    {
        $error_msg[] = 'Title is missing';
        $error_flag = true;
    }

    if ($interviewee == '')
    {
        $error_msg[] = 'Interviewee name/anonymous is missing';
        $error_flag = true;
    }

// If there are input validations, show errors

if ($error_flag == true)
{
    foreach($error_msg as $c => $p) echo "Error " . $c . ": " . $p . "<br />";
}
// Else, all checks are done, move the file.
else
{
    if (is_uploaded_file($temp_filename))
    {
        // Generate an uniqid
        $uniqfilename = $interviewee . '_' . str_replace("_", "", $recDate) . '.mp3'; 
        $filePath = '/uploads/audio/' . $uniqfilename;

        // If the file was moved, change the filename

        if (move_uploaded_file($temp_filename, $target_path . $uniqfilename))
        {

            // Again check that the file exists in the target path
            if (@file_exists($target_path . $uniqfilename))
            {

                // Assign upload date to a variable

                $upload_date = date("Y-m-d");

                // Create INSERT query

                $qry = "INSERT INTO FDM177_AUDIO_CLIPS (title,context,source,interviewer,interviewee,intervieweeAge,geoRegion,language,recDate,fileName,filePath) 
                VALUES('$title','$context','$source','$interviewer',$interviewee',$intervieweeAge,'$geoRegion','$language','$recDate','$uniqfilename','$filePath')";

                $result = mysqli_query($conn, $qry) or die(mysqli_error($conn));

                if ($result)
                {
                    $id = mysqli_insert_id($conn);
                    echo "File uploaded. Now it is called :" . $uniqfilename . "<br />" . $date . "<br />";

                }
                else
                {
                    echo "There was an error uploading the file, please try again!";
                }

                if(1) {
                    //if (is_array($keywords) || is_object($keywords)) {
                    foreach($keywords as $k) {
                            // $idQuery = "SELECT keyword_ID from KEYWORDS WHERE keywordName=" . $k";
                            $idQuery = mysqli_query($conn, "SELECT * FROM FDM177_KEYWORDS WHERE (`keywordName` LIKE '%".$k."%')") or die(mysql_error());

                            $matchingKArray = mysqli_fetch_array($idQuery); 

                            $keyword_FK = $matchingKArray[keyword_ID];

                            // echo $kQuery;
                            echo $keyword_FK; 

                            $qry = "INSERT INTO FDM177_JNCT_KWDS_CLIPS (keyword_FK, clip_FK)
                            VALUES ('$keyword_FK', '$id')";
                            $result = mysqli_query($conn, $qry);
                            if ($result)
                            {
                                echo 'inserted with keyword.' . $k . ' <br />';

                            }
                        }
                    }
                    else {
                        echo "keywords are missing";
                    }




                }
            }
            else {
                echo "There was an error uploading the file, please try again!";
            }

        }
        else
        {
            echo "There was an error uploading the file, please try again!";
        }
    }
}

?>

---

在一个查询中引用打断的引号
“$concert'，$interviewer'，

$qry = "INSERT INTO FDM177_AUDIO_CLIPS
                (title, context, source,interviewer, interviewee,
                intervieweeAge,geoRegion,language,recDate,fileName,filePath) 
                VALUES
                ('$title', '$context', '$source', '$interviewer', '$interviewee',
                $intervieweeAge,'$geoRegion','$language','$recDate','$uniqfilename','$filePath')";

您是否尝试过重命名该表？因此，删除下划线在您试图插入的值中是否有任何撇号？您可能需要使用mysql\u real\u escape\u字符串对其进行转义。最好的做法是使用事先准备好的语句：请您复制并粘贴完整的错误。在“@tjfo
may
”之后，您的文本在“for the right syntax to use to use near.”之后过早地被截断
mysql\u real\u escape\u string（）
已损坏且不安全。顺便说一句，您说“将列标题名称包装在backticks中”，但您是否也将
FDM177\u AUDIO\u CLIPS
包装在backticks中？您的查询将无法工作，因为它的格式不正确。谢谢！这完全是为了我。永远也不会抓到它。很乐意帮忙：）