我一直收到这个错误:
Query1失败:您的SQL语法出错;查看与您的MySQL服务器版本对应的手册,以便在'“d41d8cd98f00b204e9800998ecf8427e”“d41d8cd98f00b204e9800998ecf8427e”,“d41d8cd”第1行附近使用正确的语法
这是我正在使用的代码:
<?php
$payment = $_GET['payment'];
if($payment){
include("connection.php");
$CardHolder = md5($_POST["CardHolder"]);
$CardType = md5($_POST["CardType"]);
$CardNumber = md5($_POST["CardNumber"]);
$SecurityCode = md5($_POST["SecurityCode"]);
$ExpiryDate = md5($_POST["ExpiryDate"]);
$PurchaseID = $_SESSION['purchaseid'];
$Email = $_SESSION['user'];
$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES (\"$CardHolder\", \"$CardType\", , \"$CardNumber\" \"$SecurityCode\", \"$ExpiryDate\", \"$PurchaseID\", \"$Email\")";
$result = mysqli_query($con, $sql) or die('Query1 failed: ' . mysqli_error($con));;
if($result){
echo "<p>Your Payment has been Accepted. You are now being redirected to the to the HomePage.</p>
<meta http-equiv=\"refresh\" content=\"1;URL=index.php\" />";
} else {
echo "<p>Payment Failed, Please try again later.</p>";
}
}
?>
我不确定我做错了什么。提前感谢您的支持。
编辑:使用回答提供后我现在收到此错误Query1失败:列数与第1行的值计数不匹配。只是为了让你们知道我有一个自动增值的PaymentID。
答案 0 :(得分:2)
我相信你的逗号位于错误的位置(2位在CardType之后,0位于CardNumber之后)。
\"$CardType\", , \"$CardNumber\" \"$SecurityCode\",
话虽这么说,您接触到SQL注入攻击,并且有更好的方法使用预准备语句和绑定参数进行插入。使用this作为起点。
答案 1 :(得分:1)
您似乎有一个没有值的额外列:
$sql = "INSERT ... VALUES (\"$CardHolder\", \"$CardType\", , \"$CardNumber\"
^
我建议你改用单引号。
$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES ('$CardHolder', '$CardType', '$CardNumber', '$SecurityCode', '$ExpiryDate', '$PurchaseID', '$Email')";
答案 2 :(得分:0)
CardType
答案 3 :(得分:0)
替换为:
$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES (\"$CardHolder\", \"$CardType\", \"$CardNumber\", \"$SecurityCode\", \"$ExpiryDate\", \"$PurchaseID\", \"$Email\")";