Php 错误：您的SQL语法在''；在1号线

我一直收到这个错误…但是我看不到任何不合适的语法。。。有什么想法吗？ 这是我的PHP代码。我知道我的其他页面是正确的，因为我可以毫无问题地运行代码的所有其他部分

<?php 

// this connects To database
$hostname="";    
$username="";   
$password="";    
$dbname="";     

mysql_connect($hostname,$username,$password) OR DIE ("Connection Failed");
mysql_select_db($dbname);


$action = $_REQUEST["action"];
if ($action == 'a') {
$custFirst = null;
$custLast = null;
$custAddress = null;
$custCity = null;   
$custState = null;
$custZip = null;
$custEmail = null;
$custPhone = null;
 } else {
$id = $_REQUEST["id"];
    $query = "select * from custTab where custNo = $id";
    $result = mysql_query($query) 
        or die(mysql_error());
    $row = mysql_fetch_array($result);
    $custFirst = $row['custFirst'];  
    $custLast = $row['custLast'];  
    $custAddress = $row['custAddress'];  
    $custCity = $row['custCity'];
    $custState = $row['custState'];
    $custZip = $row['custZip'];
    $custEmail = $row['custEmail'];
    $custPhone = $row['custPhone'];
} // end if

?>

---

尝试在

$id

周围加上

引号

$query = "select * from custTab where custNo = '$id'";

尝试在
$id
周围加上
引号

$query = "select * from custTab where custNo = '$id'";

根据
custNo
字段包含的内容，这是危险和错误的：

$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

如果id为整数，则应使用：

$id = (int) $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

否则，您必须引用它并转义变量：

$id = mysql_real_escape_string($_REQUEST["id"]);
$query = "select * from custTab where custNo = '$id'";

但是您确实应该切换到PDO/mysqli和prepared statements，以完全避免这个问题。
这是危险的，也是错误的，这取决于
custNo
字段包含的内容：

$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

如果id为整数，则应使用：

$id = (int) $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

否则，您必须引用它并转义变量：

$id = mysql_real_escape_string($_REQUEST["id"]);
$query = "select * from custTab where custNo = '$id'";

但您确实应该切换到PDO/mysqli并准备语句，以完全避免这个问题。
echo$query
并向我们显示输出。是否确实设置了
$\u请求[“id”]

并向我们显示输出。是否确实设置了

$\u请求[“id”]

？