我有这个问题:
$FullName = mysql_real_escape_string($_REQUEST['name']);
$EmailAdd = mysql_real_escape_string($_REQUEST['email_address']);
$City = mysql_real_escape_string($_REQUEST['city']);
$State = mysql_real_escape_string($_REQUEST['state']);
$SqlEInsert= "INSERT INTO `td_email` VALUES ((SELECT ownerid FROM 'td_events' where event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
$RsEmail = mysql_query($SqlEInsert) or die('Error :' . mysql_error());
但是当我运行应用程序时出现以下错误
错误:您的SQL语法出错;查看与您的MySQL服务器版本对应的手册,以便在''td_events'附近使用正确的语法,其中event_id ='394'),'email @ hotmail.com','全名','Atl'在第1行
答案 0 :(得分:1)
td_event是字段名称而不是值。用撇号逃脱它。
$SqlEInsert= "INSERT INTO `td_email` VALUES ((SELECT ownerid FROM `td_events` where event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
答案 1 :(得分:1)
当您想要使用引号时,表格名称不需要',那么您必须使用`
$SqlEInsert= "INSERT INTO td_email VALUES ((SELECT ownerid FROM td_events WHERE event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
请查看SQL注入和安全性
$SqlEInsert= "INSERT INTO td_email VALUES ((SELECT ownerid FROM td_events WHERE event_id = '".(int)$EvID."'),'".mysql_real_escape_string($EmailAdd)."','".mysql_real_escape_string($FullName)."', '".mysql_real_escape_string($City)."' ,'".mysql_real_escape_string($State)."')";
答案 2 :(得分:0)
确保您的值已转义。您可以通过mysql_real_escape_string()运行它们。