我有这段代码,出于某种原因我收到了这个错误
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's','Used','A Book','1','http://media1.' at line 2
CODE:
if(empty($_POST['image'])) {
$file = 'http://media1.site.org/products/images/no-photo.jpg';
} else {
define('UPLOAD_DIR', '/products/images/');
define('UPLOAD_HOST', 'http://media1.sabinalcanyon.org/products/images/');
move_uploaded_file($_FILES['image']['tmp_name'],UPLOAD_DIR.$_FILES['image']['name']);
$file = UPLOAD_HOST.$_FILES['image']['name'];
}
$descedit = "<p>".$_POST['description']."</p>";
mysql_query("INSERT INTO products (`title`,`barcode`,`ISBN`,`catagory`,`set_price_start`,`brand`,`condition`,`description`,`amount_stock`,`picurl`)
VALUES('$_POST[title]','$_POST[barcode]','$_POST[ISBN]','$_POST[catagory]','$_POST[set_price_start]','$_POST[brand]','$_POST[condition]','$descedit','$_POST[amount_stock]','$file')") or die(mysql_error());
第2行只是这段代码的开头。
答案 0 :(得分:1)
我只举一个例子,你继续其他变量。
VALUES('".mysql_real_escape_string($_POST['title'])."',.......
关于你的错误
right syntax to use near 's' ,
这是由于$_POST[brand]变量。
我猜您的品牌变量中包含一些值,包括副词's
然后更好地逃避它
'".mysql_real_escape_string($_POST['brand'])."'
PDO或MYSQLI,因为mysql已被弃用。