Php urgnet的SQL语法错误

我有一张报告的纸条

您的SQL语法有错误；检查与您的MySQL服务器版本对应的手册，以了解第1行中使用的接近'-5,5'的正确语法

而且似乎找不到错误

这是脚本，我很乐意得到任何帮助

<?
require_once("conn.php");
require_once("includes.php");
require_once("templates/HeaderTemplate.php");
require_once("pageList.php");
//  ADVANCED SEARCH
//require_once("advanced.php");
//require_once("templates/AdvancedSearchTemplate.php");
$showall = false;
if ($_REQUEST['stateid']) {
    $sql = "Select full_name From states where state_id = ".$_REQUEST['stateid'];
    $myr = mysql_query($sql) or die(mysql_error());
    $isAny = mysql_num_rows($myr);
    $state_name = mysql_fetch_array($myr);
    $show = "<table width=\"550\"><tr><td>Showing Listings For <font color=\"FF0000\" >$state_name[full_name]</font></td></tr></table>"; 
}       
else {
    $show = "Showing All Listings"; 
    $showall = true;
}

//print "The Value Of ... ".$isAny;
//echo "<BR><b>&nbsp;&nbsp;&nbsp;".$show;
if ($_REQUEST['stateid'])
    $addsql = "and re_listings.state_id=".$_REQUEST['stateid'];
else
    $addsql ="";
$q1 = "select * from re_listings, re_agents, re_priority where re_listings.AgentID = re_agents.AgentID and re_agents.PriorityLevel = re_priority.PriorityLevel and re_agents.AccountStatus = 'active' ".$addsql;
$rsQ = mysql_query($q1);
$total_records = mysql_num_rows($rsQ);
if($total_records== 0)
{
        $ListingTable = "<table align=center width=500 cellspacing=0>\n";
    $ListingTable .= "<tr>\n<td>$links</td></tr>\n\t";
    $ListingTable .= "<tr>\n<td>&nbsp;</td></tr>\n\t";
    $ListingTable .= "</tr>\n</table>\n\n";
    $ListingTable .= "<br><br><center><Strong>No Results Was Found!</Strong></center>";
require_once("templates/HeaderTemplate.php");
require_once("templates/SearchTemplate.php");   
require_once("templates/FooterTemplate.php");
}
$records_per_page = 5; // no of records per page
$current_page_no = 1;

    if ($_REQUEST['page'])
    {
        $current_page_no = $_REQUEST['page'];
    } 
    $pageL = new pageList($total_records, $records_per_page, $current_page_no);
    $pageL->generate();
//print $addsql."<BR>";
//print "startRecord: ".$pageL->startRecord;
$q2 = "select * from re_listings, re_agents, re_priority where re_listings.AgentID = re_agents.AgentID and re_agents.PriorityLevel = re_priority.PriorityLevel and re_agents.AccountStatus = 'active' ".$addsql." order by visits desc LIMIT $pageL->startRecord,$pageL->numOfRows";
$r1 = mysql_query($q2) or die(mysql_error());
$lrows = mysql_num_rows($r1);
if($lrows > '0')
{
    $ListingTable .= "<table align=center width=500 cellspacing=0>\n";

    $ListingTable .= "<tr>\n<td width=75>&nbsp;</td>\n\t";

//  $ListingTable .= "<td width=200 align=center><a class=BlackLink href=\"search.php?c=$_GET[c]&s=$_GET[s]&AgentID=$_GET[AgentID]&search_city=$_GET[search_city]&search_state=$_GET[search_state]&search_country=$_GET[search_country]&search_PropertyType=$_GET[search_PropertyType]&MinPrice=$_GET[MinPrice]&MaxPrice=$_GET[MaxPrice]&rooms1=$_GET[rooms1]&rooms2=$_GET[rooms2]&bath1=$_GET[bath1]&bath2=$_GET[bath2]&before=$_GET[before]&school=$_GET[school]&transit=$_GET[transit]&park=$_GET[park]&ocean_view=$_GET[ocean_view]&lake_view=$_GET[lake_view]&mountain_view=$_GET[mountain_view]&ocean_waterfront=$_GET[ocean_waterfront]&lake_waterfront=$_GET[lake_waterfront]&river_waterfront=$_GET[river_waterfront]&city=1&page=$_REQUEST[page]\">address</a></td>\n\t";

//  $ListingTable .= "<td width=125 align=center><a class=BlackLink href=\"search.php?c=$_GET[c]&s=$_GET[s]&AgentID=$_GET[AgentID]&search_city=$_GET[search_city]&search_state=$_GET[search_state]&search_country=$_GET[search_country]&search_PropertyType=$_GET[search_PropertyType]&MinPrice=$_GET[MinPrice]&MaxPrice=$_GET[MaxPrice]&rooms1=$_GET[rooms1]&rooms2=$_GET[rooms2]&bath1=$_GET[bath1]&bath2=$_GET[bath2]&before=$_GET[before]&school=$_GET[school]&transit=$_GET[transit]&park=$_GET[park]&ocean_view=$_GET[ocean_view]&lake_view=$_GET[lake_view]&mountain_view=$_GET[mountain_view]&ocean_waterfront=$_GET[ocean_waterfront]&lake_waterfront=$_GET[lake_waterfront]&river_waterfront=$_GET[river_waterfront]&r=1&page=$_REQUEST[page]\">bed, bath, garage</a></td>\n\t";

//  $ListingTable .= "<td align=center width=100><a class=BlackLink href=\"search.php?c=$_GET[c]&s=$_GET[s]&AgentID=$_GET[AgentID]&search_city=$_GET[search_city]&search_state=$_GET[search_state]&search_country=$_GET[search_country]&search_PropertyType=$_GET[search_PropertyType]&MinPrice=$_GET[MinPrice]&MaxPrice=$_GET[MaxPrice]&rooms1=$_GET[rooms1]&rooms2=$_GET[rooms2]&bath1=$_GET[bath1]&bath2=$_GET[bath2]&before=$_GET[before]&school=$_GET[school]&transit=$_GET[transit]&park=$_GET[park]&ocean_view=$_GET[ocean_view]&lake_view=$_GET[lake_view]&mountain_view=$_GET[mountain_view]&ocean_waterfront=$_GET[ocean_waterfront]&lake_waterfront=$_GET[lake_waterfront]&river_waterfront=$_GET[river_waterfront]&p=1&page=$_REQUEST[page]\">price</a></td>\n";

    $ListingTable .= "</tr>\n</table>\n\n";
    $ListingTable .= "<table align=center width=500 border=0 bordercolor=#336699 rules=rows cellspacing=0>\n";

$start = $pageL->startRecord+1;
$end = $records_per_page*$current_page_no;
$totalpages = $pageL->getTotalPage();
if ($current_page_no==$totalpages)
$end = $pageL->getTotalRecords();
    $rec_info = "<strong>Showing Listings $start - $end</strong>";
    $ListingTable .= "<tr>\n<td colspan=4>$rec_info</td></tr>\n\t";

    while($a1 = mysql_fetch_array($r1))
    {

        $ListingTable .= "<tr style=\"border-width:1; border-color:blue\" onMouseOver=\"this.style.background='#FFFFFF'; this.style.cursor='hand'\" onMouseOut=\"this.style.background='white'\" onClick=\"window.open('info.php?id=$a1[ListingID]', '_top')\">\n\t";

        $ListingTable .= "<td height=60>";
        $ListingTable .= "<table align=center width=\"100%\">\n";

        $ListingTable .= "<TR style=\"background-color:#001592; color:white; font-family:verdana; font-size:11; font-weight:bold; height=20px \">\n<TD colspan=4>\n$a1[PriorityName] listing</TD>\n</TR>\n";
//      $ListingTable .= "<caption align=left><span class=RedLink>$a1[PriorityName] listing</span></caption>\n";
        $ListingTable .= "<tr>\n\t<td width=75>";
//Price formatting
        $MyPrice = number_format($a1[Price], 2, ".", "'");
//State Formatting
    if(empty($a1[state_id]))
        $state = "Not Available";
    else
        {
            $state_id = $a1[state_id];
            $sql = "Select full_name from states where state_id=$state_id";
            $myrs = mysql_query($sql) or die(mysql_error());
            $statename = mysql_fetch_array($myrs);
            $state = $statename[full_name];

        }

    $ListingTable =$ListingTable."<TR bgcolor=\"D2EEFF\"><TD width=\"20%\"><b>Country: </b></TD><TD width=\"20%\"> $a1[country]</TD>";
    $ListingTable =$ListingTable."<TD width=\"20%\"><b>State: </b></TD><TD width=\"20%\">$state</TD></TR>";
    $ListingTable =$ListingTable."<TR bgcolor=\"FFFFFF\">\n\t<td valign=top width=\"20%\"><B>City: </b></td><td valign=top width=\"20%\">$a1[city]</td>";
    $ListingTable =$ListingTable."<TD width=\"20%\"><b>Address: </b></TD><TD width=\"20%\"> $a1[address]</TD></TR>";
    $ListingTable =$ListingTable."<TR bgcolor=\"D2EEFF\"><TD width=\"20%\"><b>Price: </b></TD><TD width=\"20%\"> $$MyPrice</TD>";
    $ListingTable =$ListingTable."<TD width=\"20%\"><b>SqMeters: </b></TD><TD width=\"20%\"> $a1[SquareMeters] sq.m.</TD</TR>";
        $ListingTable .= "</td>\n\t";
        $ListingTable .= "</tr>\n";

        $ListingTable .= "<HR>";
        $ListingTable .= "</table>\n\n</td>\n</tr>\n\n";
    }
    $ListingTable .= "</table>";

}
else
{
    $ListingTable = "<table align=center width=500 cellspacing=0>\n";
//  $ListingTable .= "<tr>\n<td>$links</td></tr>\n\t";
    $ListingTable .= "<tr>\n<td>&nbsp;</td></tr>\n\t";
    $ListingTable .= "</tr>\n</table>\n\n";
    $show = "<table align=center width=550 cellspacing=0><tr><td><br><br><center><Strong>No Results Was Found!</Strong></center></td></tr></table>";

}   
echo "<BR><b>&nbsp;&nbsp;&nbsp;".$show;
/*
 if ($_REQUEST['stateid'] == 0){ 
echo "<table border=0 align=center><tr><td align=center><object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0\" width=\"400\" height=\"275\">
  <param name=\"movie\" value=\"usmap.swf\">
  <param name=\"quality\" value=\"high\">
  <embed src=\"usmap.swf\" quality=\"high\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\" type=\"application/x-shockwave-flash\" width=\"500\" height=\"325\"></embed>\"
</object></td></tr></table>";
 }*/

require_once("templates/SearchTemplate.php");
require_once("templates/FooterTemplate.php");
?>

---

虽然代码中没有明显的错误，但我认为导致错误的查询是：

$q2 = "

select 
    * 
from 
    re_listings, 
    re_agents, 
    re_priority 
where 
    re_listings.AgentID = re_agents.AgentID 
    and re_agents.PriorityLevel = re_priority.PriorityLevel 
    and re_agents.AccountStatus = 'active' 
    ".$addsql." 
order by 
    visits desc 
LIMIT 
    $pageL->startRecord,$pageL->numOfRows
";

您可能在limit子句中传递了一个负值，但您不能这样做

您应该检查$pageL->startRecord是否小于0，如果小于0，请将其更改为零。

试试这个

$start_record = ($pageL->startRecord>=0) ? $pageL->startRecord : 0;

    $q2 = "

    select 
        * 
    from 
        re_listings, 
        re_agents, 
        re_priority 
    where 
        re_listings.AgentID = re_agents.AgentID 
        and re_agents.PriorityLevel = re_priority.PriorityLevel 
        and re_agents.AccountStatus = 'active' 
        ".$addsql." 
    order by 
        visits desc 
    LIMIT 
        $start_record,$pageL->numOfRows
    ";

我想你忘了推杆。在这个问题上

$ListingTable .= "<table align=center width=500 cellspacing=0>\n";

---

在dreamweaver第123行中，第一个警报：从state_id=.$请求['stateid']的州中选择全名；永远不要把它投入生产，它是非常不安全的。你听说过SQL注入吗？如果你想得到回应而不是被否决票淹没，不要使用紧急的、重要的。这对除你之外的任何人来说都不紧急也不重要。首先要做的是：不要写mysql\u错误，而是写`mysql\u错误。Query:queryhere，其中queryhere是查询变量stackoverflow@yes123更不用说：

$ListingTable .= "<table align=center width=500 cellspacing=0>\n";