我想把它放到数据库中。然而,我收到一个意外的错误,说:
查询失败!您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册,以便在第1行的'order(Order_Date,Order_Time,Delivery_Charge,Delivery_Fname,Delivery_Lname,Delive')附近使用正确的语法。
这是我的PHP:
<?php
//error_reporting(E_ERROR | E_PARSE);
include("includes/db.php");
include("includes/functions.php");
if($_REQUEST['command']=='update')
{
$date = date('Y-m-d');
$time = time('H:i:s');
$charge = $_REQUEST['ocharge'];
$fname = $_REQUEST['ofname'];
$lname = $_REQUEST['olname'];
$mobile = $_REQUEST['omobile'];
$add1 = $_REQUEST['oadd1'];
$add2 = $_REQUEST['oadd2'];
$postcode = $_REQUEST['opostcode'];
$state = $_REQUEST['ostate'];
$country = $_REQUEST['ocountry'];
$weight = $_REQUEST['oweight'];
$credit = $_REQUEST['ocredit'];
$pin = $_REQUEST['opin'];
$city = $_REQUEST['ocity'];
$result=mysql_query("insert into order(Order_Date,Order_Time,Delivery_Charge,Delivery_Fname,Delivery_Lname,Delivery_HP,Delivery_Street1,Delivery_Street2,Delivery_Postcode,Delivery_State,Delivery_Country,Total_Weight,Credit_No,Pin_No,Delivery_City) values ('$date',$time,$charge,'$fname','$lname',$mobile,'$add1','$add2',$postcode,'$state','$country',$weight,$credit,$pin,'$city')");
if($result === FALSE)
{
die("Query Failed!".mysql_error().$result);
}
$orderid=mysql_insert_id();
$max=count($_SESSION['cart']);
for($i=0;$i<$max;$i++)
{
$pid=$_SESSION['cart'][$i]['productid'];
$q=$_SESSION['cart'][$i]['qty'];
$price=get_price($pid);
mysql_query("insert into order_detail (Order_ID,Product_ID,Order_Quantity,Sub_Total) values ('$orderid','$pid','$q','$price')");
}
die('Thank You! your order has been placed!');
}
?>
查询有什么问题?
答案 0 :(得分:6)
ORDER是reserved keyword。所以,你需要在反引号中逃避它,如下:
INSERT INTO `order` ...
在您的查询中不使用保留关键字将是更好的解决方案,但也可以使用反引号转义它们。
答案 1 :(得分:0)
以下是一些调试技巧。而不是这个:
$result=mysql_query("insert into order(Order_Date,Order_Time,Delivery_Charge,Delivery_Fname,Delivery_Lname,Delivery_HP,Delivery_Street1,Delivery_Street2,Delivery_Postcode,Delivery_State,Delivery_Country,Total_Weight,Credit_No,Pin_No,Delivery_City) values ('$date',$time,$charge,'$fname','$lname',$mobile,'$add1','$add2',$postcode,'$state','$country',$weight,$credit,$pin,'$city')");
始终这样做:
$sql ="insert into order(Order_Date,Order_Time,Delivery_Charge,Delivery_Fname,Delivery_Lname,Delivery_HP,Delivery_Street1,Delivery_Street2,Delivery_Postcode,Delivery_State,Delivery_Country,Total_Weight,Credit_No,Pin_No,Delivery_City) values ('$date',$time,$charge,'$fname','$lname',$mobile,'$add1','$add2',$postcode,'$state','$country',$weight,$credit,$pin,'$city')";
$result = mysql_query($sql);
这使得在处理代码时执行此操作变得微不足道:
echo htmlentities($sql);
这将显示您正在使用的查询(而不是构建查询的PHP代码,这可能会隐藏您的值中的尴尬字符)。
最后,考虑编写这样的代码:
$sql = "
INSERT INTO order (
Order_Date, Order_Time, Delivery_Charge,
Delivery_Fname, Delivery_Lname, Delivery_HP,
Delivery_Street1, Delivery_Street2, Delivery_Postcode,
Delivery_State, Delivery_Country, Total_Weight,
Credit_No, Pin_No, Delivery_City
)
VALUES (
'$date', $time, $charge,
'$fname', '$lname', $mobile,
'$add1', '$add2', $postcode,
'$state', '$country', $weight,
$credit, $pin, '$city'
)
";
$result = mysql_query($sql);
我已经对SQL进行了大写,并对查询进行了格式化以使其可读,因此您可以确保为正确的列提供正确的值。现在不需要水平滚动(在您的编辑器或我们的屏幕上)。
如评论中所示,如果将此方法用于数据库插入,则需要确保正确转义所有值,尤其是如果它们来自用户输入。但是,参数化是一种更好的方法,请注意,“mysql”库现已弃用。
附录:查看查询,我会说你需要$time,$mobile和$postcode附近的撇号(假设它们都是字符串)。我认为$charge和$weight是数字,因此不需要引用。