我目前正在制作一个PHP脚本,它正在为我的市场发布拍卖。我使用Ajax发布$ _POST变量,包括:标题,描述,价格,标签和SupportedOSes。图像作为外部表中的blob称为“temp_images”。
我创建拍卖的方式是将新拍卖插入“MarketDatas”。这在很大程度上是非常直接的。然而;当我试图插入BLOB时,它会抛出一个错误:
您的SQL语法有错误;检查手册 对应于您的MySQL服务器版本,附近有正确的语法 '?+ Qi}'?m?Am ............'在第2行
用于创建拍卖的PHP脚本如下所示:
/*
.... connect to database, etc!! I will spare you this and skip to the important part:
*/
// Get the posted variables
$title = $_POST["title"];
$descr = $_POST["description"];
$price = $_POST["price"];
$tagsx = $_POST["tags"];
$supOS = $_POST["SupportedOS"];
// Get our session variables
$Authenticated = ($_SESSION["LoggedIn"] == "1" ? true : false);
$User = $_SESSION["User"];
$Username = $_SESSION["username"];
// If we are authenticated, continue!
if ($Authenticated) {
// Get our temporary image
$ImgResult = mysql_query("SELECT * FROM temp_images WHERE User='$Username'");
if (mysql_num_rows($ImgResult) < 1) { die("NoImage"); }
// Get image blob
$image = mysql_result($ImgResult, 0, 'Image');
// Delete image
if (!mysql_query("DELETE FROM temp_images WHERE User='$Username'")) { die("Error deleting temp image from DB"); }
// Post auction on market
if (!mysql_query("INSERT INTO MarketDatas (Description, Price, Tags, Title, SupportedOS, image)
VALUES ('$descr', '$price', '$tagsx', '$title', '$supOS', '$image')")) { echo "Error posting auction [48]: syntax[" . mysql_error() . "]"; }
}
如您所见,我尝试将BLOB存储为字符串值。但它给我一个错误。
我该如何解决这个问题?
答案 0 :(得分:2)
更改POST:
$title = mysql_real_escape_string($_POST["title"]);
$descr = mysql_real_escape_string($_POST["description"]);
$price = mysql_real_escape_string($_POST["price"]);
$tagsx = mysql_real_escape_string($_POST["tags"]);
$supOS = mysql_real_escape_string($_POST["SupportedOS"]);
AND查询:
mysql_query("INSERT INTO MarketDatas (Description, Price, Tags, Title, SupportedOS, image)
VALUES ('".$descr."', '".$price."', '".$tagsx."', '".$title."', '".$supOS."', '".mysql_real_escape_string($image)."')")
您的二进制数据很可能包含'并且会破坏您的INSERT:
version for the right syntax near '?+Qi}'?m?Am............'
________________________________________^