好的,我有一个index.php,它有这个代码,它给我一个错误,第1行附近有一个问题“但我找不到从第1行到第100行的任何内容”
//This is my index file and i think line 1 is line 1 which is session_start();
session_start();
include('include/config.php');
//print_r($_POST);
//if(isset($_POST[suggest1]) && ($_POST[suggest1]=='suggest1')):
if(isset($_SESSION['authenticated']))
{
$sugg_desc= mysql_escape_string(trim($_POST[suggest]));
$sugg_desc1=preg_replace("/[^a-zA-Z0-9#�$&%+*-., !@()]/"," ",$sugg_desc);
$sqlinsert="Insert into suggest set users_id='".trim($_SESSION['userid'])."',
category_id='".mysql_escape_string(trim($_POST[category]))."',suggest_desc='".$sugg_desc1."',
suggest_date='".date('y-m-d')."',suggest_flag=0";
$res=mysql_query($sqlinsert)or die(mysql_error());
} //header("location:index.php");
endif;
?>
<?
$sql_user="SELECT * FROM users WHERE users_id=".$_SESSION['userid']."";
$res_user=mysql_query($sql_user) or die(mysql_error());
$rec_user=mysql_fetch_array($res_user);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?
$sel_title="Select system_pagetitle from tblsystem";
$res_title=mysql_query($sel_title) or die(mysql_error());
while($rec_title=mysql_fetch_row($res_title))
{
echo $rec_title[0];
} ?></title>
<link rel="stylesheet" type="text/css" href="css/style.css" media="screen" />
</head>
<body>
<div class="header"><!-- Header -->
<div class="top"><!-- Top Container -->
<div class="row"><!-- User Menu Left -->
<? if(isset($_SESSION['userid']) && $_SESSION['userid'] !=""){ ?>
<a href="">Inbox</a>
<a href="">Gig likes</a>
<a href="">Sell</a>
<a href="">Shop</a>
<a href="">My Listings</a>
<a href="">My Orders</a>
<a href="">Payments</a>
<? }?>
</div><!-- User Menu Left -->
<div class="row"><!-- User Menu Right -->
<? if(isset($_SESSION['userid']) && $_SESSION['userid'] !=""){ ?>
<div class="userpanel"><!-- User Panel -->
<? if ($rec_user['users_image']==""):?>
<img src="profileimage/profile_img.gif" alt="<? echo $_SESSION['username'] ?>" title="<? echo $_SESSION['username'] ?>" />
<? else:?>
<img src="profileimage/<?php echo $rec_user['users_image'] ?>" alt="<? echo $_SESSION['username'] ?>" title="<? echo $_SESSION['username'] ?>" />
<? endif;?>
<span class="username"><? echo $_SESSION['username'] ?></span>
<span class="user-links">
<a href="profilesetting.php" title="Profile Settings">Dashboard</a>
<a href="logout" title="Logout">Logout</a>
</span>
</div><!-- User Panel -->
<? }?>
</div><!-- User Menu Right -->
</div><!-- Top Container -->
</div><!-- Header -->
</body>
</html>
问题是它给我一个错误
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
好的我m not a PHP pro but i
也不是愚蠢的屁股,我看不到第1行有“可以帮忙吗?”
好的,我已经删除了刚刚离开包括和会话开始的所有内容:)我仍然有错误:) ???
答案 0 :(得分:1)
插入的语法错误。它应该是:
Insert into suggest (users_id) values (trim($_SESSION['user_id']))
或者,如果您实际上意味着更新而不是插入,那么您的查询应该是:
Update suggest set users_id = trim($_SESSION['user_id'])
此外,您的查询非常容易受到SQL注入攻击,我上面没有提到过。请查看使用mysqli或PDO-MySql创建存储过程或参数化查询。
答案 1 :(得分:0)
您插入MySQL的查询遵循UPDATE
语法,而不是INSERT
语法。
尝试更新至:
$sqlinsert="INSERT INTO suggest (users_id, category_id, suggest_desc, suggest_date, suggest_flag) VALUES ('".trim($_SESSION['userid'])."', '".mysql_escape_string(trim($_POST[category]))."', '".$sugg_desc1."', '".date('y-m-d')."', 0)";
Side-Note,不具体回答:您应该考虑更新以使用MySQLi 或 PDO扩展名,而不是旧的,不受支持的mysql_
函数。它们都支持预备语句,这些语句可以使您的代码更具可读性,并为您提供额外的Sql-Injection保护(如果使用得当)。