您在SQL语法中出现错误,在第1行的''附近使用。但在第1行没有

时间:2012-12-04 13:35:19

标签: php mysql sql syntax

好的,我有一个index.php,它有这个代码,它给我一个错误,第1行附近有一个问题“但我找不到从第1行到第100行的任何内容”

//This is my index file and i think line 1 is line 1 which is session_start();
session_start();

include('include/config.php');

//print_r($_POST);

//if(isset($_POST[suggest1]) && ($_POST[suggest1]=='suggest1')):

if(isset($_SESSION['authenticated']))
{
 $sugg_desc= mysql_escape_string(trim($_POST[suggest]));

$sugg_desc1=preg_replace("/[^a-zA-Z0-9#�$&%+*-., !@()]/"," ",$sugg_desc);

$sqlinsert="Insert into suggest set users_id='".trim($_SESSION['userid'])."',

category_id='".mysql_escape_string(trim($_POST[category]))."',suggest_desc='".$sugg_desc1."',

suggest_date='".date('y-m-d')."',suggest_flag=0";

$res=mysql_query($sqlinsert)or die(mysql_error());

}       //header("location:index.php");



endif;
?>
<? 
$sql_user="SELECT * FROM users WHERE users_id=".$_SESSION['userid']."";
$res_user=mysql_query($sql_user) or die(mysql_error());
$rec_user=mysql_fetch_array($res_user);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?

               $sel_title="Select system_pagetitle from tblsystem";

                $res_title=mysql_query($sel_title) or die(mysql_error());

                 while($rec_title=mysql_fetch_row($res_title))

    {  

            echo $rec_title[0];

}        ?></title>
<link rel="stylesheet" type="text/css" href="css/style.css" media="screen" />
</head>
<body>

<div class="header"><!-- Header -->

<div class="top"><!-- Top Container -->

    <div class="row"><!-- User Menu Left -->

        <? if(isset($_SESSION['userid']) && $_SESSION['userid'] !=""){ ?>

        <a href="">Inbox</a>

        <a href="">Gig likes</a>

        <a href="">Sell</a>

        <a href="">Shop</a>

        <a href="">My Listings</a>

        <a href="">My Orders</a>

        <a href="">Payments</a>

        <? }?>

    </div><!-- User Menu Left -->

    <div class="row"><!-- User Menu Right -->

    <? if(isset($_SESSION['userid']) && $_SESSION['userid'] !=""){ ?>

        <div class="userpanel"><!-- User Panel -->

            <? if ($rec_user['users_image']==""):?>
            <img src="profileimage/profile_img.gif" alt="<? echo $_SESSION['username'] ?>" title="<? echo $_SESSION['username'] ?>" />
            <? else:?>
            <img src="profileimage/<?php echo $rec_user['users_image'] ?>" alt="<? echo     $_SESSION['username'] ?>" title="<? echo $_SESSION['username'] ?>" />
            <? endif;?> 


            <span class="username"><? echo $_SESSION['username'] ?></span>

            <span class="user-links">

                <a href="profilesetting.php" title="Profile Settings">Dashboard</a>

                <a href="logout" title="Logout">Logout</a>

            </span>

        </div><!-- User Panel -->

        <? }?>

    </div><!-- User Menu Right -->

</div><!-- Top Container -->

</div><!-- Header -->


 </body>
</html>

问题是它给我一个错误

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

好的我m not a PHP pro but i也不是愚蠢的屁股,我看不到第1行有“可以帮忙吗?”

LIVE DEMO

好的,我已经删除了刚刚离开包括和会话开始的所有内容:)我仍然有错误:) ???

2 个答案:

答案 0 :(得分:1)

插入的语法错误。它应该是:

Insert into suggest (users_id) values (trim($_SESSION['user_id']))

或者,如果您实际上意味着更新而不是插入,那么您的查询应该是:

Update suggest set users_id = trim($_SESSION['user_id'])

此外,您的查询非常容易受到SQL注入攻击,我上面没有提到过。请查看使用mysqli或PDO-MySql创建存储过程或参数化查询。

答案 1 :(得分:0)

您插入MySQL的查询遵循UPDATE语法,而不是INSERT语法。

尝试更新至:

$sqlinsert="INSERT INTO suggest (users_id, category_id, suggest_desc, suggest_date, suggest_flag) VALUES ('".trim($_SESSION['userid'])."', '".mysql_escape_string(trim($_POST[category]))."', '".$sugg_desc1."', '".date('y-m-d')."', 0)";

Side-Note,不具体回答:您应该考虑更新以使用MySQLi PDO扩展名,而不是旧的,不受支持的mysql_函数。它们都支持预备语句,这些语句可以使您的代码更具可读性,并为您提供额外的Sql-Injection保护(如果使用得当)。