错误:您在第1行''附近的SQL语法中出错

时间:2012-12-11 17:14:56

标签: php mysql

我一直收到这个错误......但是我看不出任何不合适的语法......任何想法? 这是我的PHP代码。我知道我的其他页面是正确的,因为我可以运行代码的所有其他部分没有问题。 

<?php 

// this connects To database
$hostname="";    
$username="";   
$password="";    
$dbname="";     

mysql_connect($hostname,$username,$password) OR DIE ("Connection Failed");
mysql_select_db($dbname);


$action = $_REQUEST["action"];
if ($action == 'a') {
$custFirst = null;
$custLast = null;
$custAddress = null;
$custCity = null;   
$custState = null;
$custZip = null;
$custEmail = null;
$custPhone = null;
 } else {
$id = $_REQUEST["id"];
    $query = "select * from custTab where custNo = $id";
    $result = mysql_query($query) 
        or die(mysql_error());
    $row = mysql_fetch_array($result);
    $custFirst = $row['custFirst'];  
    $custLast = $row['custLast'];  
    $custAddress = $row['custAddress'];  
    $custCity = $row['custCity'];
    $custState = $row['custState'];
    $custZip = $row['custZip'];
    $custEmail = $row['custEmail'];
    $custPhone = $row['custPhone'];
} // end if

?>

2 个答案:

答案 0 :(得分:2)

尝试将quotes放在$id

周围 
$query = "select * from custTab where custNo = '$id'";

答案 1 :(得分:2)

这取决于custNo字段包含的内容,这是危险和错误的:

$id = $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

如果id是整数,则应使用:

$id = (int) $_REQUEST["id"];
$query = "select * from custTab where custNo = $id";

否则你必须引用它并转义变量:

$id = mysql_real_escape_string($_REQUEST["id"]);
$query = "select * from custTab where custNo = '$id'";

但你真的应该切换到PDO / mysqli和准备好的语句来完全避免这个问题。

相关问题
最新问题