Php 解析xml文件时SQL语法出错
我尝试从url解析数据,这是xml数据的一部分Php 解析xml文件时SQL语法出错,php,sql,xml,Php,Sql,Xml,我尝试从url解析数据,这是xml数据的一部分 - <players category="Attackers"> <player id="206651"> <name>Thapelo Tale</name> <firstname>Thapelo</firstname> <lastname>Tale</lastname> <team></team> <teamid
-
<players category="Attackers">
<player id="206651">
<name>Thapelo Tale</name>
<firstname>Thapelo</firstname>
<lastname>Tale</lastname>
<team></team>
<teamid></teamid>
<nationality>Lesotho</nationality>
<birthdate>22/04/1988</birthdate>
<age>25</age>
<birthcountry>Lesotho</birthcountry>
<birthplace>Maseru</birthplace>
<position>Attacker</position>
<height>169 cm</height>
<weight></weight>
<image>
-
塔佩罗故事
塔佩罗
故事
莱索托
22/04/1988
25
莱索托
马塞鲁
攻击者
169厘米
使用这个代码
<?php
$xmlLinq_player=simplexml_load_file("note.xml");
foreach($xmlLinq_player->player as $player) {
$player_id = $player->attributes()->id;
if($player_id){
$team_name=mysql_real_escape_string($player->team);
$team_id=mysql_real_escape_string($player->teamid);
if($team_id =='' || !$team_id){
$team_id=0;
}
$nationality=mysql_real_escape_string($player->nationality);
$fullname=mysql_real_escape_string($player->name);
$firstname=mysql_real_escape_string($player->firstname);
$lastname=mysql_real_escape_string($player->lastname);
$birthdate=$player->birthdate;
$birthdate=date('Y-m-d', strtotime(str_replace('-', '/', $birthdate)));
$birthcountry=mysql_real_escape_string($player->birthcountry);
$birthplace=mysql_real_escape_string($player->birthplace);
$logo=$player->image;
$position=mysql_real_escape_string($player->position);
$height=$player->height;
$weight=$player->weight;
$query = sprintf("INSERT INTO players (PlayerId,TeamId, FullName, FirstName, LastName, Nationality, BirthDate, BirthCountry, BirthPlace, PositionFull, Height,Weight,Photo)
VALUES($player_id, $team_id, '$fullname', '$firstname', '$lastname', '$nationality', '$birthdate', '$birthcountry','$birthplace','$position','$height','$weight','$logo')
ON DUPLICATE KEY UPDATE FullName = VALUES(FullName),FirstName = VALUES(FirstName), LastName = VALUES(LastName), Nationality = VALUES(Nationality), BirthDate = VALUES(BirthDate), BirthCountry = VALUES(BirthCountry),
BirthPlace = VALUES(BirthPlace),PositionFull = VALUES(PositionFull),Height = VALUES(Height),Weight = VALUES(Weight),Photo = VALUES(Photo)");
$result = mysql_query($query);
if (!$result){
$message = mysql_error() ;
//$message = 'Whole Query: ' .$query;
die($message);
}
}
}
}
}
?>
player作为$player){
$player_id=$player->attributes()->id;
如果($player\u id){
$team\u name=mysql\u real\u escape\u字符串($player->team);
$team\u id=mysql\u real\u escape\u字符串($player->teamid);
如果($team_id=''| |!$team_id){
$team_id=0;
}
$national=mysql\u real\u escape\u字符串($player->national);
$fullname=mysql\u real\u escape\u字符串($player->name);
$firstname=mysql\u real\u escape\u字符串($player->firstname);
$lastname=mysql\u real\u escape\u字符串($player->lastname);
$birthdate=$player->birthdate;
$birthdate=date('Y-m-d',strotime(str_replace('-','/',$birthdate));
$birthcountry=mysql\u real\u escape\u字符串($player->birthcountry);
$birthplace=mysql\u real\u escape\u字符串($player->birthplace);
$logo=$player->image;
$position=mysql\u real\u escape\u字符串($player->position);
$height=$player->height;
$weight=$player->weight;
$query=sprintf(“插入玩家(玩家ID、团队ID、全名、名、姓、国籍、出生日期、出生国、出生地、位置全名、身高、体重、照片))
值($player_id、$team_id、$fullname、$firstname、$lastname、$national、$birthdate、$birthcountry、$birthplace、$position、$height、$weight、$logo)
在重复键上更新FullName=VALUES(FullName),FirstName=VALUES(FirstName),LastName=VALUES(LastName),national=VALUES(national),BirthDate=VALUES(BirthDate),BirthCountry=VALUES(BirthCountry),
出生地=数值(出生地),位置完整=数值(位置完整),高度=数值(高度),重量=数值(重量),照片=数值(照片)”;
$result=mysql\u query($query);
如果(!$result){
$message=mysql_error();
//$message='整个查询:'。$Query;
死亡($信息);
}
}
}
}
}
?>
然后它给出了这个问题
(您的SQL语法有错误;请检查与您的MariaDB服务器版本对应的手册,以了解第2行“\n”、“Thapelo Tale”、“Thapelo”、“Tale”、“Lesoto”、“1970-01-01”、“Lesoto”和“M”附近使用的正确语法)请帮助。。如何解决此问题感谢检查重复密钥更新语法
INSERT INTO players (PlayerId,TeamId, FullName, FirstName, LastName, Nationality, BirthDate, BirthCountry, BirthPlace, PositionFull, Height,Weight,Photo)
VALUES($player_id, $team_id, '$fullname', '$firstname', '$lastname', '$nationality', '$birthdate', '$birthcountry','$birthplace','$position','$height','$weight','$logo')
ON DUPLICATE KEY UPDATE FullName = '$FullName',FirstName ='$FirstName', LastName = '$LastName',
Nationality = '$Nationality', BirthDate = '$BirthDate', BirthCountry = '$BirthCountry',BirthPlace = '$BirthPlace',PositionFull = '$PositionFull',
Height = '$Height',Weight = '$Weight',Photo = '$Photo'");
首先,在使用SQL时不要连接字符串。学习使用参数。它将导致更少的问题,并提高安全性。例如,在这里,任何数据中的单个“字符”都会破坏SQL。检查正在使用的完整SQL子句,查看语法错误是什么,但请更改代码以使用参数。更不用说mysql了——函数在5年前就被弃用了。永远不要使用它们。使用PDO或mysqli函数。如果($team_id==''team||!$team_id){,请选中
if(清空(修剪(team_id)){