“你的SQL语法有错误......”

时间:2015-01-26 17:34:26

标签: php sql dreamweaver

我真的很难解读这些代码。这是我的预订系统的条件声明,如果LOCATION,CLASSROOM,DATE,& TIME记录已经预留/插入,然后有人也将保留相同的位置,时间和日期提示,重复预订。

现在出现错误,当我点击插入按钮存储此消息时出现:

  

您的SQL语法有错误;查看与MySQL服务器版本对应的手册,以便在“Audio Visual Hall”附近使用正确的语法并且Classroom ='NULL'和Inclusive_Date =''2015-01-28'在线1

我需要一些帮助才能找到错误:

// Build the query
$query = "SELECT * FROM `tbl_reservation` WHERE `Location_Faculty` = '{$res_location}' AND `Classroom` = '{$res_classroom}' AND `Inclusive_Date` = '{$res_inclusive_date}' AND `Inclusive_Time` = '{$res_inclusive_time_start}' ";

$result = mysql_query($query) or die(mysql_error() . '<hr />' . $query);
if(mysql_num_rows($result) == 1){
   // then the record already exists
echo "Duplicate Reservation";
} else {
    $editFormAction = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) {
      $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
    }

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
      $insertSQL = sprintf("INSERT INTO tbl_reservation (Reservation_ID, Department_Name_Org, Adviser_Coordinator, Name_Of_Stud, Purpose_Of_Activity, Location_Faculty, Classroom, Date_of_Reservation, `Time _of_Reservation`, Inclusive_Date, Inclusive_Time, Inclusive_Time_End, Equipment, `Comment`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                           GetSQLValueString($_POST['res_res_ID'], "text"),
                           GetSQLValueString($_POST['res_dept_name'], "text"),
                           GetSQLValueString($_POST['res_adviser'], "text"),
                           GetSQLValueString($_POST['res_nameofstud'], "text"),
                           GetSQLValueString($_POST['res_purpose'], "text"),
                           GetSQLValueString($_POST['res_location'], "text"),
                           GetSQLValueString($_POST['res_classroom'], "text"),
                           GetSQLValueString($_POST['res_res_date'], "date"),
                           GetSQLValueString($_POST['textfield'], "date"),
                           GetSQLValueString($_POST['res_inclusive_date'], "date"),
                           GetSQLValueString($_POST['res_inclusive_time_start'], "date"),
                           GetSQLValueString($_POST['res_inclusive_time_end'], "date"),
                           GetSQLValueString($_POST['res_equipt'], "text"),
                           GetSQLValueString($_POST['res_comment'], "text"));

      mysql_select_db($database_myConnection, $myConnection);
      $Result1 = mysql_query($insertSQL, $myConnection) or die(mysql_error());

      $insertGoTo = "reservation_page_success.php";
      if (isset($_SERVER['QUERY_STRING'])) {
        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
        $insertGoTo .= $_SERVER['QUERY_STRING'];
      }
      header(sprintf("Location: %s", $insertGoTo));
    }
}

我期待着为我的论文回答这个问题。

P.S。这是手动编码和adobe dreamweaver的混合工作。我是php&amp;的新手SLQ。

1 个答案:

答案 0 :(得分:1)

很可能是因为你没有逃避这些变量:

$query = "SELECT * FROM `tbl_reservation` WHERE `Location_Faculty` = '{$res_location}' AND `Classroom` = '{$res_classroom}' AND `Inclusive_Date` = '{$res_inclusive_date}' AND `Inclusive_Time` = '{$res_inclusive_time_start}' ";

此外,您应该使用PDO和准备好的语句:

$query = "SELECT * FROM `tbl_reservation` WHERE `Location_Faculty` = ? AND `Classroom` = ? AND `Inclusive_Date` = ? AND `Inclusive_Time` = ?";
相关问题
最新问题