MySQL声称我的查询中存在语法错误,但我似乎无法完全修复它。有什么想法吗?
错误说明: “您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册,以便在'..'','0',''..','..'附近使用正确的语法','','','','','','')'在第2行“
这一行在这里:
$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172)
VALUES ('$name', '$desc', '$url', '$keywords', '$type', '$link', '$dev', '$v162', '$v164', '$v172')";
此外,这是该查询的“run or die”变量:
$save = $dbsave->query($savequery) or die(mysqli_error($dbsave));
更新
因为已经要求,这是我的变量卫生:
$name = mysql_real_escape_string($name);
$desc = mysql_real_escape_string($desc);
$url = mysql_real_escape_string($url);
$keywords = mysql_real_escape_string($keywords);
$type = mysql_real_escape_string($type);
$link = mysql_real_escape_string($link);
$dev = mysql_real_escape_string($dev);
$v162 = mysql_real_escape_string($v162);
$v162 = mysql_real_escape_string($v164);
$v162 = mysql_real_escape_string($v172);
$id = mysqli_real_escape_string($id);
答案 0 :(得分:2)
您应该对每个变量使用$mysqli->real_escape_string($varHere);
。我会用一个循环:
$vars = array($name, $desc, $url, $keywords, $type, $link, $dev, $v162, $v164, $v172);
foreach($vars as $v){
$qA[] = $mysqli->real_escape_string($v); // Object Oriented Style
}
$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172) VALUES ('$qA[0]', '$qA[1]', '$qA[2]', '$qA[3]', '$qA[4]', '$qA[5]', '$qA[6]', '$qA[7]', '$qA[8]', '$qA[9]')";
如果您不喜欢这些数组变量,那么您可以使用list()
。