SQL语法; ....正确的语法在第1行''VALUES()附近使用

时间:2012-11-14 16:43:48

标签: php mysql

我在尝试打开表单时遇到了错误。

  

错误:您的SQL语法出错;检查与您的MySQL服务器版本相对应的手册,以获得正确的语法,以便在附近使用')VALUES()'在第1行

这是文件

<?php
 $con = mysql_connect("localhost","*********","**************");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("**********", $con);


    $sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)
VALUES (
$_POST[pcname]
$_POST[pcaddress]
$_POST[pcaddress2]
$_POST[pcstate]
$_POST[pccity]
$_POST[pczip]
$_POST[pccellphone] 
$_POST[pcphone]
$_POST[pcworkphone]
$_POST[pcemail]
$_POST[pcmake]
$_POST[pcram]
$_POST[pcproc]
$_POST[pchd]
$_POST[pcserial]
$_POST[pcextra]
$_POST[pcgroupid]
$_POST[prefcontact]
$_POST[pcnotes]
$_POST[custsourceid])";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_pcid = mysql_insert_id();

    $sql = "INSERT INTO pc_wo (pcid, probdesc, virusesfound, custnotes, technotes, dropdate, pickupdate, readydate, pcstatus, called, thepass, custassets, bench, workarea, pcpriority, cityuser, cobyuser, commonproblems, storeid, thesig, assigneduser) VALUES ('$last_insert_pcid','NULL','$_POST[woid]','$_POST[pcid]','$_POST[probdesc]','$_POST[virusesfound]','$_POST[custnotes]','$_POST[technotes]','$_POST[dropdate]','$_POST[pickupdate]','$_POST[readydate]','$_POST[pcstatus]','$_POST[pcstatus]','$_POST[called]','$_POST[thepass]','$_POST[custassets]','$_POST[bench]','$_POST[workarea]','$_POST[pcpriority]','$_POST[cibyuser]','$_POST[cobyuser]','$_POST[commonproblems]','$_POST[storeid]','$_POST[thesig]','$_POST[assigneduser]')";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_woid = mysql_insert_id();

    $result = mysql_query("SELECT * FROM pc_owner WHERE pcid='$last_insert_pcid'");

    $result1 = mysql_query("SELECT * FROM pc_wo WHERE woid='$last_insert_woid'");
    echo "<table border='1'>
    <tr>
    <th>Computer id</th>
    <th>Name</th>
    <th>Phone Number</th>
    <th>Mobile</th>
    <th>Work</th>
    <th>Email</th>
    <th>Address</th>
    <th>Second Line</th>
    <th>State</th>
    <th>City</th>
    <th>Postal Code</th>
    <th>WorkOrder Id</th>
    <th>PC Id</th>
    <th>Pc make</th>
    <th>probdes</th>
    <th>virusesfound</th>
    <th>Ram</th>
    <th>pcprod</th>
    <th>HDD</th>
    <th>Pc Serial No</th>
    <th>Pc Extra</th>
    <th>Pc Note</th>
    <th>custnotes</th>
    <th>technotes</th>
    <th>dropdate</th>
    <th>pickupdate</th>
    <th>readydate</th>
    <th>pcstatus</th>
    <th>called</th>
    <th>thepass</th>
    <th>custassets</th>
    <th>bench</th>
    <th>workarea</th>
    <th>pcpriorty</th>
    <th>Checked in by</th>
    <th>Checked out by</th>
    <th>Common Problems</th>
    <th>Store Id</th>
    <th>Assigned User</th>
    </tr>";
    while($row = mysql_fetch_array($result))
    {
    echo "<tr>";
    echo "<td>" . $row['pcid'] . "</td>";
    echo "<td>" . $row['pcname'] . "</td>";
    echo "<td>" . $row['pcphone'] . "</td>";
    echo "<td>" .$row['pccellphone'] . "</td>";
    echo "<td>" .$row['pcworkphone'] . "</td>";
    echo "<td>" .$row['pcemail'] . "</td>";
    echo "<td>" .$row['pcaddress'] . "</td>";
    echo "<td>" .$row['pcaddress2'] . "</td>";
    echo "<td>" .$row['pcstate'] . "</td>";
    echo "<td>" .$row['pccity'] . "</td>";
    echo "<td>" .$row['pczip'] . "</td>";
    }
    //considering these are the values returned by 1st query (ie., table client)
    while($row = mysql_fetch_array($result1)) {

    echo "<td>" .$row['woid'] . "</td>";
    echo "<td>" .$row['pcid'] . "</td>";
    echo "<td>" .$row['pcmake'] . "</td>";
    echo "<td>" .$row['pcprobdesc'] . "</td>";
    echo "<td>" .$row['virusesfound'] . "</td>";
    echo "<td>" .$row['pcram'] . "</td>";
    echo "<td>" .$row['pcproc'] . "</td>";
    echo "<td>" .$row['pchd'] . "</td>";
    echo "<td>" .$row['pcserial'] . "</td>";
    echo "<td>" .$row['pcextra'] . "</td>";
    echo "<td>" .$row['pcnotes'] . "</td>";
    echo "<td>" .$row['custnotes'] . "</td>";
    echo "<td>" .$row['technotes'] . "</td>";
    echo "<td>" .$row['dropdate'] . "</td>";
    echo "<td>" .$row['pickupdate'] . "</td>";
    echo "<td>" .$row['readydate'] . "</td>";
    echo "<td>" .$row['pcstatus'] . "</td>";
    echo "<td>" .$row['called'] . "</td>";
    echo "<td>" .$row['thepass'] . "</td>";
    echo "<td>" .$row['custassets'] . "</td>";
    echo "<td>" .$row['bench'] . "</td>";
    echo "<td>" .$row['workarea'] . "</td>";
    echo "<td>" .$row['pcpriority'] . "</td>";
    echo "<td>" .$row['cibyuser'] . "</td>";
    echo "<td>" .$row['cobyuser'] . "</td>";
    echo "<td>" .$row['commonproblems'] . "</td>";
    echo "<td>" .$row['storeid'] . "</td>";
    echo "<td>" .$row['thesig'] . "</td>";
    echo "<td>" .$row['assigneduser'] . "</td>";
    echo "</tr>";
    }
    echo "</table>";
    echo "woid is complete";
    print "Thank you for booking with us and your Repair ID number is ".$last_insert_woid;
    mysql_close($con);
    ?>

为什么会发生这种情况?

2 个答案:

答案 0 :(得分:4)

删除逗号

... prefcontact,pcnotes,) VALUES ...
                       ^----------here

你需要使用逗号分隔你的价值观。

并且您永远不应该使用输入数据将其放入数据库而不必转义它。

请参阅how to prevent SQL injections

答案 1 :(得分:0)

3件事,从这里删除额外的逗号$sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)

并且您需要使用引号'包围值,然后使用逗号,例如VALUES ('$_POST[pcname]','$_POST[pcaddress]', ....)";