Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/70.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php MySQL语法错误-要查询的数组_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php MySQL语法错误-要查询的数组

Php MySQL语法错误-要查询的数组

php mysql

Php MySQL语法错误-要查询的数组,php,mysql,Php,Mysql,我已经从一些测试数据中创建了一个预构建的数组,因为我还没有设置post表单。该数组如下所示: $ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'h

我已经从一些测试数据中创建了一个预构建的数组,因为我还没有设置post表单。该数组如下所示:

$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => 'email@email.com', 'developer_or_client' => 'developer', 'email' => 'email@email.com');

foreach ($ud as $key => $value) {
    $value = mysql_real_escape_string($value);
}
从这个数组中,我尝试通过MySQL查询将数据插入我的数据库:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
但是,它会因以下错误而死亡:

您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,了解在“@email.com、用户名、密码、伦敦、手机、开发者、您好、,email@email.com)'在第1行

您能告诉我哪里出了问题吗?

您需要在parenthase中的每个值周围加引号

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
试试看:)

从列名的发音来看,它们是
varchar
列类型,因此您需要用引号将值括起来:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
此外,如果值来自用户输入,则应通过mysql\u real\u escape\u string运行每个值,以帮助防止SQL注入攻击

两件事:

  • ,需要在字符串周围加引号
  • 在将引号括起来之前,您需要将每个字符串都传递出去
    • 见此:

    值(“..ud['name']”

    内德说:

    值(“$ud['name']”

    以及其他列(如果不是数字)

    在您仍然需要引号之前,我正在运行mysql\u real\u escape\u string,
    mysql\u real\u escape\u string
    清理输入,但不添加查询有效所需的引号。如果您希望
    mysql\u real\u escape\u string
    产生任何效果,则需要通过引用访问值:
    foreach($ud作为$key=>&$value){
    。。。