PHP MSSQL查询语法错误
我在mssql_query函数中遇到语法错误。经过一段时间尝试不同的事情,我想我会把它带到这里。谢谢你的帮助。
这是代码:
<?php
...
$name = $_POST['name'];
$contactname = $_POST['contactname'];
$contacttitle = $_POST['contacttitle'];
$streetaddress = $_POST['streetaddress'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$telephone = $_POST['telephone'];
$fax = $_POST['fax'];
$email = $_POST['email'];
$director = $_POST['director'];
$affiliation1 = $_POST['affiliation1'];
$address1 = $_POST['address1'];
$phone1 = $_POST['phone1'];
$affiliation2 = $_POST['affiliation2'];
$address2 = $_POST['address2'];
$phone2 = $_POST['phone2'];
$affiliation3 = $_POST['affiliation3'];
$address3 = $_POST['address3'];
$phone3 = $_POST['phone3'];
$yearsoperational = $_POST['yearsoperational'];
$donorsannually = $_POST['donorsannually'];
$limit = $_POST['limit'];
$coveraget = $_POST['coverage'];
$donors1 = $_POST['donors1'];
$claims1 = $_POST['claims1'];
$medexppaid1 = $_POST['medexppaid1'];
$donors2 = $_POST['donors2'];
$claims2 = $_POST['claims2'];
$medexppaid2 = $_POST['medexppaid2'];
$donors3 = $_POST['donors3'];
$claims3 = $_POST['claims3'];
$medexppaid3 = $_POST['medexppaid3'];
$donorinstructions = $_POST['donorinstructions'];
//Connect to MSSQL Server
$myServer = ".\MSSQLSERVER2008";
$myUser = "user";
$myPass = "password";
$myDB = "database,name";
//connection to the server
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");
//insert form results into database
$query = mssql_query("INSERT INTO table_name (Name_of_Center,Name,Title,Street_Address,City,State,Zipcode,Phone,Fax,Email,Director,HA1,HA1_Address,
HA1_Phone,HA2,HA2_Address,HA2_Phone,HA3,HA3_Address,HA3_Phone,No_of_Years_Operational,Donors_Annually,Limit,Coverage,
Donors_2012,Donors_2011,Donors_2010,Claims_2012,Claims_2011,Claims_2010,Med_Exp_Paid_2012,Med_Exp_Paid_2011,Med_Exp_Paid_2010,Donor_Instructions)
VALUES ($name,$contactname,$contacttitle,$streetaddress,$city,$state,$zipcode,$telephone,$fax,$email,$director,$affiliation1,$address1,$phone1,$affiliation2,
$address2,$phone2,$affiliation3,$address3,$phone3,$yearsoperational,$donorsannually,$limit,$coverage,$donors1,$claims1,$medexppaid1,$donors2,$claims2,$medexppaid2,
$donors3,$claims3,$medexppaid3,$donorinstructions);");
if(!$query){
echo 'Failed to receive data. Please try again, or contact support';
}
else{
echo 'Successfully received data.';
$results = mysql_query($query);
var_dump($results);
}
mssql_close()
?>
它所说的语法错误是:
$donors3,$claims3,$medexppaid3,$donorinstructions);");
这是浏览器中的错误:
Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near ','. (severity 15)
1 个答案:
答案 0 :(得分:1)
您的整体问题是您容易受SQL injection attacks攻击。如果您意识到这个问题,那么您也会发现为什么您的查询存在这些语法错误并且从根本上被打破:您忘记引用要插入查询的每个位数据。< / p>
一个快速的脏修复,实际上无法解决根本问题:
VALUES ('$name','$contactname','$contacttitle',etc...
^-----^-^--- insert quotes everywhere.
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?