我试图修复我的代码,但我不知道我的代码有什么问题?具体的错误消息是:
您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,以便在[$ message],[$ key],[$ encrypt_message],[$ encrypt_hex]附近使用正确的语法'在第1行 块引用
这是我的代码
<?php
$password ="abcd";
$iv = '0000000000000000';
$mode =MCRYPT_MODE_CBC;
$cipher = MCRYPT_RIJNDAEL_128;
$message = $_POST['message'];
$key = $_POST['key'];
$encrypt_message = mcrypt_encrypt( "$cipher", "$key", "$message", "$mode", "$iv");
$encrypt_hex = bin2hex($encrypt_message);
// To protect MySQL injection (more detail about MySQL injection)
$message = stripslashes($message);
$key = stripslashes($key);
$message = mysql_real_escape_string($message);
$key = mysql_real_escape_string($key);
$encrypt_message = stripslashes($encrypt_message);
$encrypt_message = mysql_real_escape_string($encrypt_message);
$encrypt_hex = stripslashes($encrypt_hex);
$encrypt_hex = mysql_real_escape_string($encrypt_hex);
$con=mysqli_connect("localhost","root","abcd","thanhan");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = "INSERT INTO `database`(`message`, `key`, `encrypt_message`, `encrypt_hex`) VALUES ([$message],[$key],[$encrypt_message],[$encrypt_hex])";
if (! mysqli_query($con, $sql))
{
die('Could not enter data: '.mysqli_error($con));
}
echo "Entered data successfully";
mysqli_close($con);
&GT;
提前感谢!
答案 0 :(得分:1)
在你的陈述中:
$sql = "INSERT INTO `database`(`message`, `key`, `encrypt_message`, `encrypt_hex`) VALUES ([$message],[$key],[$encrypt_message],[$encrypt_hex])";
这部分
VALUES ([$message],[$key],[$encrypt_message],[$encrypt_hex]);
应该是
VALUES ('$message','$key','$encrypt_message','$encrypt_hex');
/* enclose the parameters in single quote => '' , not in brackets => [] */
我假设您正在将MySQL与某些SQLServer或其他SQL混合使用!!
答案 1 :(得分:1)
像这样使用
$sql = "INSERT INTO `database`(`message`, `key`, `encrypt_message`, `encrypt_hex`) VALUES ('$message','$key','$encrypt_message','$encrypt_hex')";