我一直收到此错误
未知专栏'您好'在'字段列表'
执行此代码时
$sql = "INSERT INTO installs (date,addedBy,customer,reg,vehMake,vehModel,colour,mileage,location,tracker,serial,sim,extr as,satnav,input1,input2,output,comments) VALUES (" . $date . ", " . $addedBy . ", " . $customer . ", " . $reg . ", " . $vehMake . ", " . $vehModel . ", " . $colour . ", " . $mileage . ", " . $location . ", " . $tracker . ", " . $serial . ", " . $sim . ", " . $extras . ", " . $satnav . ", " . $input1 . ", " . $input2 . ", " . $output . ", " . $comments . ")";
$result = $connect->query($sql) or die($connect->error);
答案 0 :(得分:1)
替换此
(' . "Hello" . ', ' . 2 . ', ' . 3 . ', ' . 4 . ', ' . 4 . ', ' . 5 . ', ' . 6 . ', ' . 7 . ', ' . 8 . ', ' . 9 . ', ' . 10 . ', ' . 11 . ', ' . 12 . ', ' . 13 . ', ' . 14 . ', ' . 15 . ', ' . 16 . ', ' . 17 . ')';
通过
("Hello", 2 ,3, 4,4,5,6,7,8,9,10,11,12, 13,14,15,16,17)';
编辑:
替换此
(" . $date . ", " . $addedBy . ",..........
通过
('$date', '$addedBy',...........
或者
('" . $date . "', '" . $addedBy . "',..........
答案 1 :(得分:0)
Hello需要用单引号括起来。逃避这样的引用:
$sql = 'INSERT INTO installs
(date,addedBy,customer,reg,vehMake,vehModel,colour,
mileage,location,tracker,serial,sim,extras,satnav,
input1,input2,output,comments)
VALUES
(\'' . "Hello" . '\', ' . 2 . ', ' . 3 . ', ' . 4 . ', ' . 4 . ',
' . 5 . ', ' . 6 . ', ' . 7 . ', ' . 8 . ', ' . 9 . ',
' . 10 . ', ' . 11 . ', ' . 12 . ', ' . 13 . ', ' . 14 . ', ' . 15 . ',
' . 16 . ', ' . 17 . ')';
答案 2 :(得分:0)
这种行为的一个可能的解释是sql_mode包含(或启用)ANSI_QUOTES。
SELECT @@SESSION.sql_mode
如果启用了ANSI_QUOTES,则不能在字符串文字周围使用双引号;双引号之间的任何内容都将被解释为标识符(例如列名)。如果启用了ANSI_QUOTES,那么字符串文字应该用单引号括起来。
为了热爱这个世界上所有善良和美丽的人,只需使用带有占位符的预准备语句,以避免引号问题并阻止SQL注入漏洞。
e.g。
$sql = "INSERT INTO installs (date,addedBy,customer, ...)
VALUES ( :date, :addedBy, :customer, ...)";
$sth = $connect->prepare($sql);
$sth->execute(array(':date' => $date, ':addedBy' => $addedBy, ':customer' => $customer, ... ));