SQL错误仅发生在PHP脚本中

时间:2014-09-13 00:44:51

标签: php mysql sql phpmyadmin

我不和。我的SQL查询只会通过PhpMyAdmin发送。如果我尝试通过PHP发送此特定查询,我会收到错误。当我将那个确切的查询复制到PhpMyAdmin时,它会顺利通过。

INSERT INTO posts (id, content, poster, timestamp, tags) VALUES ('12056242', 'OMG I just got a #toyota', 'Clunker5', '09/12/14 08:43:36', 'toyota');INSERT INTO `tags` (tag, posts) VALUES ('toyota', 1) ON DUPLICATE KEY UPDATE posts=posts+1; UPDATE `tags` SET posts=posts+1 WHERE tag IN ('toyota');

这是与问题相关的PHP代码

//Ups one post for all tags entered by the user
    if(!empty($tags)){
        $tags1 = explode(",", $tags);
        $tags_submit = join("','", $tags1);
        $tags_insert = join("', 1), ('", $tags1);
        $sql = "INSERT INTO posts (id, content, poster, timestamp, tags) VALUES ('$d', '$b', '".$_SESSION['username']."', '$c', '$tags');"
                . "INSERT INTO `tags` (tag, posts) VALUES ('".$tags_insert."', 1)
                        ON DUPLICATE KEY UPDATE posts=posts+1;
                        UPDATE `tags` SET posts=posts+1 WHERE tag IN ('".$tags_submit."');";

    $result = mysql_query($sql);
    }else{
        $sql = "INSERT INTO posts (id, content, poster, timestamp, tags) VALUES ('$d', '$b', '".$_SESSION['username']."', '$c', '$tags');";

    $result = mysql_query($sql);
    }
    $error = mysql_error();
   if($result){
       echo "1";
   }else{
       echo error($sql, $error, "Tags: ".$tags, "Post: ".$b, "ID: ".$d);
   }

错误是

SQL Response: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `tags` (tag, posts) VALUES ('toyota', 1), ('ohmygoodness', 1) ' at line 1.
编辑:既然我知道我不能进行多查询,我该怎么做这个查询呢?

INSERT INTO `tags` (tag, posts) VALUES ('".$tags_insert."', 1)
                        ON DUPLICATE KEY UPDATE posts=posts+1;
                        UPDATE `tags` SET posts=posts+1 WHERE tag IN ('".$tags_submit."');

3 个答案:

答案 0 :(得分:2)

您尝试在该API函数的一次调用中执行多个语句,但mysql_query()不支持多查询。

无论如何,你不应该使用多重查询。您可能会将自己暴露给整个SQL injection vulnerabilties类。

您应该在mysql_query()

的单独调用中单独执行每个SQL语句

此外,来自@JohnConde的评论是恰当的:您应该始终检查来自mysql_query()的返回值,因为它返回 false ,如果有的话一个错误。如果发生这种情况,请记录或报告mysql_error()以了解更多有关错误的信息。

答案 1 :(得分:1)

来自the mysql_query documentation

  

不支持多个查询。

因此,您无法发送由;分隔的多个语句。

答案 2 :(得分:0)

今天我遇到了同样的问题,我有2个很棒的答案。每次有SQL语句时都需要使用mysql_query;这是一个更好的说明,例如,如果你有

 "INSERT INTO query";
 "INSERT INTO 2nd query";
 mysql_query(process both query "INSERT INTO query";
 this isn't going to work, it'll only work in phpmyadmin or 
 in straight mysql command line sql. not in a php script.

 you'll need to:

 "INSERT INTO query";
 mysql_query(process one query); //you should also use mysql_error() to see the response
 "INSERT INTO 2nd query";
 mysql_query(process 2nd query);

它需要在2个单独的mysql查询中形成。它在php端的安全功能,以防止SQL注入。无论出于什么原因,它是什么。

相关问题
最新问题