我从插入数组到数据库时遇到错误。 错误:您的SQL语法出错;查看与您的MySQL服务器版本相对应的手册,以便在访问学生附近使用正确的语法。应该咨询学生应参考第23行的相关部分。
这是下面的数组
array
'Choose by Subject Category or Module Code' => string '' (length=0)
'
Back to Home page' => string '' (length=0)
'International' => string 'visiting students should consult the' (length=36)
'Undergraduate' => string 'students should refer to the relevant section of the UCC' (length=56)
'Postgraduate' => string 'students should refer to the relevant section of the UCC' (length=56)
'Credit Weighting' => string '5' (length=1)
'Teaching Period(s)' => string 'Teaching Period 1.' (length=18)
'No. of Students' => string 'Min 15, Max 30.' (length=15)
'Pre-requisite(s)' => string 'None' (length=4)
'Co-requisite(s)' => string 'None' (length=4)
'Teaching Methods' => string '1 x 4hr(s) Lectures; Other (Distance Education Module - Up to 146hrs Self Directed Study).' (length=90)
'Module Co-ordinator' => string 'Dr Peter Cleary, Department of Accounting, Finance and Information Systems.' (length=75)
'Lecturer(s)' => string 'Staff, Department of Accounting, Finance and Information Systems.' (length=65)
'Module Objective' => string 'To examine the management uses of accounting information and to enhance students ability to exert effective managerial control.' (length=127)
'Module Content' => string 'Topics include; the accounting information needs of management, costs and pricing; estimating costs; the identification of key performance indicators; budgeting for control; capital investment appraisal and implications for strategic planning and control.' (length=256)
'Learning Outcomes' => string 'On successful completion of this module, students should be able to:' (length=68)
'Assessment' => string 'Total Marks 100: Continuous Assessment 100 marks (Project/ Essay. Approximately 1500 words.).' (length=93)
'Compulsory Elements' => string 'Continuous Assessment.' (length=22)
'Penalties (for late submission of Course/Project Work etc.)' => string 'Where work is submitted up to and including 7 days late, 10% of the total marks available shall be deducted from the mark achieved. Where work is submitted up to and including 14 days late, 20% of the total marks available shall be deducted from the mark achieved. Work submitted 15 days late or more shall be assigned a mark of zero.' (length=336)
'Pass Standard and any Special Requirements for Passing Module' => string '40%.' (length=4)
'End of Year Written Examination Profile' => string 'No End of Year Written Examination.' (length=35)
'Requirements for Supplemental Examination' => string 'Marks in passed element(s) of Continuous Assessment are carried forward, Failed element(s) of Continuous Assessment must be repeated (Resubmission of revised Continuous Assessment).' (length=181)
以下是查询。
//============== INSERT QUERY================//
$result = array();
foreach($result as $snode){
$query = sprintf("INSERT INTO save_array
(ModuleCode,
Homepage,
International,
......) VALUES ('%s')",mysql_real_escape_string($snode));
foreach ($result as $key => $value)
$query = $query . "$value";
echo '<br /><br />';
mysql_query($query) or die($query."<br/><br/>".mysql_error());
echo $snode. '<br />';
}
echo '<br /><br /><br />';
任何帮助都将被理解为这一点。
//================== New Updated Query Using Mysqli =============================
$result = array();
foreach($result as $snode){
$snode = mysql_real_escape_string($snode);
$query = sprintf("INSERT INTO save_array
(ModuleCode,Homepage,International,.......)VALUES ('%s')",implode("','",$result));
echo $query. '<br />';
foreach ($result as $key => $value)
$query = $query . "$value";
$result = mysql_query($query) or die (mysql_error());
}
我回显了查询,似乎是在正确的列中插入了正确的值,但没有执行到数据库中。
错误:您的SQL语法出错;检查与您的MySQL服务器版本相对应的手册,以便在“访问学生附近使用正确的语法”应该参考学生应参考第23行的相关部分
答案 0 :(得分:1)
回显你的$查询,你会看到。 它不是有效的SQL语句。
规则编号1,2和3用于调试动态查询:查看查询本身。
答案 1 :(得分:1)
您正试图保存到多个列:
ModuleCode,
Homepage,
International,
Undergraduate,
...
只有一个值('%s')
另请注意,mysql_real_escape_string采用 SINGLE 值,而非数组(我假设 $ snode 是一个数组)。
另请考虑使用PDO或mysqli。
你可以做(仅举例;不知道$ snode结构)并检查输出:
foreach($snode as &$val) {
$val = mysql_real_escape_string($val);
}
...VALUES ('%s'),implode("','",$snode)
<强>更新:
我找不到问题; 查询应该正常工作。 我甚至在我的系统中创建了一个表的结构(假设每列的 VARCHAR(256))并且您的查询输出按预期工作(插入)..
$result = array();
foreach($result as $snode) {
foreach($snode as &$val) {
$val = mysql_real_escape_string($val);
}
$query = sprintf("INSERT INTO save_array (
ModuleCode,Homepage,International,Undergraduate,Postgraduate,CreditWeighting,
TeachingPeriod,NoofStudents,Prerequisite,Corequisite,TeachingMethods,
ModuleCoordinator,Lecturer,ModuleObjective,ModuleContent,LearningOutcomes,
Assessment,CompulsoryElements,Penalties,PassStandard,
EndofYearWrittenExamination,RequirementsforExamination)
VALUES ('%s')",implode("','",$snode));
$result = mysql_query($query) or die (mysql_error());
}
运行以上代码段,因为它;不要改变任何事情。
答案 2 :(得分:0)
你的主要问题是引号:
('%s')
然后你的:
mysql_real_escape_string
它会导致SQL中出现冲突。使用MySQL转义或'。
所以发生的事情是你的双重转义SQL输入导致它实际上是SQL注入......
此外,MYSQL真实转义字符串不会将$ snode作为数组插入。您将需要预先提取构造值和数组的数组以注入SQL查询。
答案 3 :(得分:0)
假设您的数组$node与您显示的列的顺序相同,则可以使用vsprintf()代替生成查询:
// assuming $node is the array with the data
// generate list of place holders
$placeholders = join(',', array_fill(0, count($node), "'%s'"));
// construct full query using array_map applied to the escaping function
$query = vsprintf("INSERT INTO save_array (ModuleCode,
Homepage,
International,
Undergraduate,
Postgraduate,
CreditWeighting,
TeachingPeriod,
NoofStudents,
Prerequisite,
Corequisite,
TeachingMethods,
ModuleCoordinator,
Lecturer,
ModuleObjective,
ModuleContent,
LearningOutcomes,
Assessment,
CompulsoryElements,
Penalties,
PassStandard,
EndofYearWrittenExamination,
RequirementsforExamination) VALUES ($placeholders)",
array_map('mysql_real_escape_string', $node)
);
顺便说一句,不要使用mysql_函数!