Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/86.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 解析xml文件时SQL语法出错_Php_Sql_Xml - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 解析xml文件时SQL语法出错

Php 解析xml文件时SQL语法出错

php sql xml

Php 解析xml文件时SQL语法出错,php,sql,xml,Php,Sql,Xml,我尝试从url解析数据,这是xml数据的一部分 - <players category="Attackers"> <player id="206651"> <name>Thapelo Tale</name> <firstname>Thapelo</firstname> <lastname>Tale</lastname> <team></team> <teamid

我尝试从url解析数据,这是xml数据的一部分

-

    <players category="Attackers">
<player id="206651">
<name>Thapelo Tale</name>
<firstname>Thapelo</firstname>
<lastname>Tale</lastname>
<team></team>
<teamid></teamid>
<nationality>Lesotho</nationality>
<birthdate>22/04/1988</birthdate>
<age>25</age>
<birthcountry>Lesotho</birthcountry>
<birthplace>Maseru</birthplace>
<position>Attacker</position>
<height>169 cm</height>
<weight></weight>
<image>

-
塔佩罗故事
塔佩罗
故事
莱索托
22/04/1988
25
莱索托
马塞鲁
攻击者
169厘米

使用这个代码

 <?php 
$xmlLinq_player=simplexml_load_file("note.xml");

foreach($xmlLinq_player->player as $player) { 
    $player_id = $player->attributes()->id;

    if($player_id){

        $team_name=mysql_real_escape_string($player->team);
        $team_id=mysql_real_escape_string($player->teamid);
        if($team_id =='' || !$team_id){
            $team_id=0;
        }

        $nationality=mysql_real_escape_string($player->nationality);
        $fullname=mysql_real_escape_string($player->name);
        $firstname=mysql_real_escape_string($player->firstname);
        $lastname=mysql_real_escape_string($player->lastname);
        $birthdate=$player->birthdate;
        $birthdate=date('Y-m-d', strtotime(str_replace('-', '/', $birthdate)));
        $birthcountry=mysql_real_escape_string($player->birthcountry);
        $birthplace=mysql_real_escape_string($player->birthplace);
        $logo=$player->image;
        $position=mysql_real_escape_string($player->position);
        $height=$player->height;
        $weight=$player->weight;

        $query = sprintf("INSERT INTO players (PlayerId,TeamId, FullName, FirstName, LastName, Nationality, BirthDate, BirthCountry, BirthPlace, PositionFull, Height,Weight,Photo)
                VALUES($player_id, $team_id, '$fullname', '$firstname', '$lastname', '$nationality', '$birthdate', '$birthcountry','$birthplace','$position','$height','$weight','$logo')
                ON DUPLICATE KEY UPDATE FullName = VALUES(FullName),FirstName = VALUES(FirstName), LastName = VALUES(LastName), Nationality = VALUES(Nationality), BirthDate = VALUES(BirthDate), BirthCountry = VALUES(BirthCountry),
                BirthPlace = VALUES(BirthPlace),PositionFull = VALUES(PositionFull),Height = VALUES(Height),Weight = VALUES(Weight),Photo = VALUES(Photo)");

        $result = mysql_query($query);

        if (!$result){
            $message = mysql_error() ;
            //$message = 'Whole Query: ' .$query;
            die($message);
        }

    }
}
}
 }
?>

player作为$player){
$player_id=$player->attributes()->id;
如果($player\u id){
$team\u name=mysql\u real\u escape\u字符串($player->team);
$team\u id=mysql\u real\u escape\u字符串($player->teamid);
如果($team_id=''| |!$team_id){
$team_id=0;
}
$national=mysql\u real\u escape\u字符串($player->national);
$fullname=mysql\u real\u escape\u字符串($player->name);
$firstname=mysql\u real\u escape\u字符串($player->firstname);
$lastname=mysql\u real\u escape\u字符串($player->lastname);
$birthdate=$player->birthdate;
$birthdate=date('Y-m-d',strotime(str_replace('-','/',$birthdate));
$birthcountry=mysql\u real\u escape\u字符串($player->birthcountry);
$birthplace=mysql\u real\u escape\u字符串($player->birthplace);
$logo=$player->image;
$position=mysql\u real\u escape\u字符串($player->position);
$height=$player->height;
$weight=$player->weight;
$query=sprintf(“插入玩家(玩家ID、团队ID、全名、名、姓、国籍、出生日期、出生国、出生地、位置全名、身高、体重、照片))
值($player_id、$team_id、$fullname、$firstname、$lastname、$national、$birthdate、$birthcountry、$birthplace、$position、$height、$weight、$logo)
在重复键上更新FullName=VALUES(FullName),FirstName=VALUES(FirstName),LastName=VALUES(LastName),national=VALUES(national),BirthDate=VALUES(BirthDate),BirthCountry=VALUES(BirthCountry),
出生地=数值(出生地),位置完整=数值(位置完整),高度=数值(高度),重量=数值(重量),照片=数值(照片)”;
$result=mysql\u query($query);
如果(!$result){
$message=mysql_error();
//$message='整个查询:'。$Query;
死亡($信息);
}
}
}
}
}
?>
然后它给出了这个问题
(您的SQL语法有错误;请检查与您的MariaDB服务器版本对应的手册,以了解第2行“\n”、“Thapelo Tale”、“Thapelo”、“Tale”、“Lesoto”、“1970-01-01”、“Lesoto”和“M”附近使用的正确语法)请帮助。。如何解决此问题感谢检查重复密钥更新语法

    INSERT INTO players (PlayerId,TeamId, FullName, FirstName, LastName, Nationality, BirthDate, BirthCountry, BirthPlace, PositionFull, Height,Weight,Photo)
 VALUES($player_id, $team_id, '$fullname', '$firstname', '$lastname', '$nationality', '$birthdate', '$birthcountry','$birthplace','$position','$height','$weight','$logo')
 ON DUPLICATE KEY UPDATE FullName = '$FullName',FirstName ='$FirstName', LastName = '$LastName', 
    Nationality = '$Nationality', BirthDate = '$BirthDate', BirthCountry = '$BirthCountry',BirthPlace = '$BirthPlace',PositionFull = '$PositionFull',
    Height = '$Height',Weight = '$Weight',Photo = '$Photo'");
首先,在使用SQL时不要连接字符串。学习使用参数。它将导致更少的问题,并提高安全性。例如,在这里,任何数据中的单个“字符”都会破坏SQL。检查正在使用的完整SQL子句,查看语法错误是什么,但请更改代码以使用参数。更不用说mysql了——函数在5年前就被弃用了。永远不要使用它们。使用PDO或mysqli函数。如果($team_id==''team||!$team_id){,请选中
if(清空(修剪(team_id)){