Php 错误:您的SQL语法在'';在1号线
我一直收到这个错误…但是我看不到任何不合适的语法。。。有什么想法吗? 这是我的PHP代码。我知道我的其他页面是正确的,因为我可以毫无问题地运行代码的所有其他部分Php 错误:您的SQL语法在'';在1号线,php,mysql,Php,Mysql,我一直收到这个错误…但是我看不到任何不合适的语法。。。有什么想法吗? 这是我的PHP代码。我知道我的其他页面是正确的,因为我可以毫无问题地运行代码的所有其他部分 <?php // this connects To database $hostname=""; $username=""; $password=""; $dbname=""; mysql_connect($hostname,$username,$password) OR DIE ("Conn
<?php
// this connects To database
$hostname="";
$username="";
$password="";
$dbname="";
mysql_connect($hostname,$username,$password) OR DIE ("Connection Failed");
mysql_select_db($dbname);
$action = $_REQUEST["action"];
if ($action == 'a') {
$custFirst = null;
$custLast = null;
$custAddress = null;
$custCity = null;
$custState = null;
$custZip = null;
$custEmail = null;
$custPhone = null;
} else {
$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";
$result = mysql_query($query)
or die(mysql_error());
$row = mysql_fetch_array($result);
$custFirst = $row['custFirst'];
$custLast = $row['custLast'];
$custAddress = $row['custAddress'];
$custCity = $row['custCity'];
$custState = $row['custState'];
$custZip = $row['custZip'];
$custEmail = $row['custEmail'];
$custPhone = $row['custPhone'];
} // end if
?>
尝试在
$id
周围加上引号
$query = "select * from custTab where custNo = '$id'";
尝试在$id
周围加上引号
$query = "select * from custTab where custNo = '$id'";
根据custNo
字段包含的内容,这是危险和错误的:
$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";
如果id为整数,则应使用:
$id = (int) $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";
否则,您必须引用它并转义变量:
$id = mysql_real_escape_string($_REQUEST["id"]);
$query = "select * from custTab where custNo = '$id'";
但是您确实应该切换到PDO/mysqli和prepared statements,以完全避免这个问题。这是危险的,也是错误的,这取决于custNo
字段包含的内容:
$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";
如果id为整数,则应使用:
$id = (int) $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";
否则,您必须引用它并转义变量:
$id = mysql_real_escape_string($_REQUEST["id"]);
$query = "select * from custTab where custNo = '$id'";
但您确实应该切换到PDO/mysqli并准备语句,以完全避免这个问题。echo$query
并向我们显示输出。是否确实设置了$\u请求[“id”]
并向我们显示输出。是否确实设置了$\u请求[“id”]
?