这个MySQL查询的PHP语法错误

时间:2013-12-21 00:35:59

标签: php mysql

MySQL声称我的查询中存在语法错误,但我似乎无法完全修复它。有什么想法吗?

错误说明: “您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册,以便在'..'','0',''..','..'附近使用正确的语法','','','','','','')'在第2行“

这一行在这里:

$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172)
            VALUES ('$name', '$desc', '$url', '$keywords', '$type', '$link', '$dev', '$v162', '$v164', '$v172')";

此外,这是该查询的“run or die”变量:

$save = $dbsave->query($savequery) or die(mysqli_error($dbsave));

更新

因为已经要求,这是我的变量卫生:

$name = mysql_real_escape_string($name);
$desc = mysql_real_escape_string($desc);
$url = mysql_real_escape_string($url);
$keywords = mysql_real_escape_string($keywords);
$type = mysql_real_escape_string($type);
$link = mysql_real_escape_string($link);
$dev = mysql_real_escape_string($dev);
$v162 = mysql_real_escape_string($v162);
$v162 = mysql_real_escape_string($v164);
$v162 = mysql_real_escape_string($v172);
$id = mysqli_real_escape_string($id);

1 个答案:

答案 0 :(得分:2)

您应该对每个变量使用$mysqli->real_escape_string($varHere);。我会用一个循环:

$vars = array($name, $desc, $url, $keywords, $type, $link, $dev, $v162, $v164, $v172);
foreach($vars as $v){
  $qA[] = $mysqli->real_escape_string($v); // Object Oriented Style
}
$savequery = "INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172) VALUES ('$qA[0]', '$qA[1]', '$qA[2]', '$qA[3]', '$qA[4]', '$qA[5]', '$qA[6]', '$qA[7]', '$qA[8]', '$qA[9]')";

如果您不喜欢这些数组变量,那么您可以使用list()