Php MySQL语法错误-要查询的数组
我已经从一些测试数据中创建了一个预构建的数组,因为我还没有设置post表单。该数组如下所示:Php MySQL语法错误-要查询的数组,php,mysql,Php,Mysql,我已经从一些测试数据中创建了一个预构建的数组,因为我还没有设置post表单。该数组如下所示: $ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'h
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => 'email@email.com', 'developer_or_client' => 'developer', 'email' => 'email@email.com');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
从这个数组中,我尝试通过MySQL查询将数据插入我的数据库:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
但是,它会因以下错误而死亡:
您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,了解在“@email.com、用户名、密码、伦敦、手机、开发者、您好、,email@email.com)'在第1行
您能告诉我哪里出了问题吗?您需要在parenthase中的每个值周围加引号
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
试试看:)从列名的发音来看,它们是
varchar
列类型,因此您需要用引号将值括起来:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
此外,如果值来自用户输入,则应通过mysql\u real\u escape\u string运行每个值,以帮助防止SQL注入攻击两件事:
以及其他列(如果不是数字)在您仍然需要引号之前,我正在运行mysql\u real\u escape\u string,
mysql\u real\u escape\u string
清理输入,但不添加查询有效所需的引号。如果您希望mysql\u real\u escape\u string
产生任何效果,则需要通过引用访问值:foreach($ud作为$key=>&$value){
。。。