我无法弄清楚,出于某种原因,我收到此错误消息:
Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5
这是我的mysql查询,不知道是什么问题,请有人帮帮我吗?
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = \"$profile_id\"
AND ptb_block_user.user_id = ".$_SESSION['user_id']."
AND ptb_block_user.blocked='1' ";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
答案 0 :(得分:0)
您也可以随时查看SQL查询的结果print $query。发现错误会更容易。
答案 1 :(得分:0)
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = ".mysql_real_escape_string($profile_id)."
AND ptb_block_user.user_id = ".mysql_real_escape_string($_SESSION['user_id'])."
AND ptb_block_user.blocked=1;";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
使用MySqli lib而不是MySql:http://www.php.net/manual/en/book.mysqli.php
答案 2 :(得分:0)
SELECT *
FROM ptb_block_user b
WHERE b.blocked_id = '$profile_id'
AND b.user_id = '{$_SESSION['user_id']}'
AND b.blocked=1
答案 3 :(得分:0)
如果你使用普通的php而没有框架,那么你应该总是使用预备语句来进行mysql通信。这样更安全,可以保护您免受mysql注入。
试试这个。
db = new mysqli("your_ip_or_host","username","password","name_of_database");
$st = $db->prepare("SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = ?
AND ptb_block_user.user_id = ?
AND ptb_block_user.blocked=?");
$st->bind_param('iii', intval($profile_id), intval($_SESSION['user_id']),1);
$st->execute();
$st->store_result();
$st->bind_result($col1, $col2, ... , $colx);
while($st->fetch())
{
echo "col1=$col, col2=$col2, ...., colX=$colx \n";
}
$st->close();