Question

请帮忙！我对此非常陌生，所以这个问题让我感到困惑！

错误消息：您的SQL语法出错;查看与您的MySQL服务器版本相对应的手册，以获得正确的语法，以便在“黑儿子”附近使用，twitter_account_date =＆＃39; 2015-10-21 22：36：06＆＃39;在哪里twitter_id =＆＃39; 257771＆＃39;在第1行

代码：

＆＃13;

<?php
//ini_set('display_errors', 0);
date_default_timezone_set('GMT');
require_once('config.php');
require("twitter/twitteroauth.php");


 $date=date('Y-m-d H:i:s');
 $time=date('H:i:s');

/* MarketPlace Email Notification*/

$sql_t="SELECT description FROM  email_template WHERE template_id=15";
$result_tmp=mysql_query($sql_t) or die(mysql_error());
$roT=mysql_fetch_array($result_tmp);
$tempL=$roT['description'];

 $sql_m="SELECT t.screen_name,t.seller_twitter_account_id,s.email,t.created_at,t.mail_status FROM seller_twitter_account as t LEFT JOIN seller_master as s ON t.seller_id=s.seller_id WHERE t.tweet_price=0";
 $result_m=mysql_query($sql_m) or die(mysql_error());

 while($roM=mysql_fetch_array($result_m)){

     $screen_name=$roM['screen_name'];
	 $twitter_act_id=$roM['seller_twitter_account_id'];
	 $email=$roM['email'];
	 $mail_status=$roM['mail_status'];
	 $date1=strtotime($roM['created_at']);
	 $date2=strtotime(date('Y-m-d H:i:s'));
	 
	 $diffHours = round(($date2 - $date1) / 60);

	 if($diffHours>=1440 && $mail_status==0){
		   $to = $email;
		   $subject = "Add a Tweet Price";
		   $message = str_replace("[SCREEN_NAME]",$screen_name,$tempL);
		   $header = "From:info@tweetvend.com \r\n";
		   $header .= "MIME-Version: 1.0\r\n";
		   $header .= "Content-type: text/html\r\n";
		   $retval = mail ($to,$subject,$message,$header);
		   if( $retval == true )  
		   {
			  echo "Message sent successfully...";
			 mysql_query("UPDATE seller_twitter_account set mail_status=1 WHERE seller_twitter_account_id='$twitter_act_id'");
		   }
		   else
		   {
			  echo "Message could not be sent...";
		   }

	 }

    if($diffHours>=10080 && $mail_status==1){

		   $to = $email;
		   $subject = "Add a Tweet Price";
		   $message = str_replace("[SCREEN_NAME]",$screen_name,$tempL);
		   $header = "From:info@tweetvend.com \r\n";
		   $header .= "MIME-Version: 1.0\r\n";
		   $header .= "Content-type: text/html\r\n";
		   $retval = mail ($to,$subject,$message,$header);
		   if( $retval == true )  
		   {
			  echo "Message sent successfully...";
			   mysql_query("UPDATE seller_twitter_account set mail_status=2 WHERE seller_twitter_account_id='$twitter_act_id'");
			  
		   }
		   else
		   {
			  echo "Message could not be sent...";
		   }

	 }




 }

 /* END code*/


/*UPDATE TWITTER ACCOUNT CODE*/

 $sql_tac="SELECT screen_name,oauth_access_token,oauth_access_token_secret,twitter_account_date FROM seller_twitter_account";
 $result_TAC=mysql_query($sql_tac);
 while($roWTA=mysql_fetch_array($result_TAC))
 {
   $twitterAccountDate=$roWTA['twitter_account_date'];
   $day1 =  strtotime(date("Y:m:d H:i:s"));
   $day2 = strtotime($twitterAccountDate);
   $diffHours = round(($day1 - $day2) / 3600);

if($diffHours>=24){

   $screen_name=$roWTA['screen_name'];
   $oauth_access_token =$roWTA['oauth_access_token'];
   $oauth_access_token_secret=$roWTA['oauth_access_token_secret'];
   $consumer_key='37pRttXuKrGZawYsNp6Tu6DSL';
   $consumer_secret='566TXt7ldNDJFkZazshwhgy3JILh104DP4KIUyrSguH5MZ54o1'; 
 
     $request = array(
            'screen_name'       => $screen_name,
            'count'             => '1'
        );

    $twitterObj = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_access_token, $oauth_access_token_secret);
    $twitterInfo=$twitterObj->get('statuses/user_timeline',$request);

   //echo '<pre>';
    //print_r($twitterInfo); 
    //$twitterInfo->error==''

  if(!empty($twitterInfo)){
     //if(isset($twitterInfo->errors) && count($twitterInfo->errors)==0){

	if($twitterInfo->errors[0]->message==''){
		$twitter_id=$twitterInfo[0]->user->id;
		$name=$twitterInfo[0]->user->name;
		$num_of_followers=$twitterInfo[0]->user->followers_count;
		$num_of_followings=$twitterInfo[0]->user->friends_count;
		$num_of_tweets=$twitterInfo[0]->user->statuses_count;
		$twitter_profile_pic_url=$twitterInfo[0]->user->profile_image_url;
		  
	 $sqltUpdt="UPDATE seller_twitter_account SET num_of_followers='$num_of_followers', num_of_followings='$num_of_followings', num_of_tweets='$num_of_tweets', twitter_profile_pic_url='$twitter_profile_pic_url', twitter_name='$name',twitter_account_date='$date' WHERE twitter_id='$twitter_id'";
       mysql_query($sqltUpdt) or die(mysql_error());
     } 
   } 
 }
}

 /*END TWITTER ACCOUNT CODE*/

 /*Tweet Approved Automatically*/
 
 /*$sql_tweet="SELECT od.order_id,m.item_id,t.tweet_asap,t.retweet_asap,t.tweet_post_date_time,t.retweet_post_date,t.tweet_order_date from order_master as od,  item_order_master as m,tweet_order as t WHERE od.order_id=m.order_id AND m.item_id=t.item_id AND m.tweet_status=0 AND od.order_completed=1 AND od.is_active=1 group by m.item_id";

 $tweetResult=mysql_query($sql_tweet);
 while($rows=mysql_fetch_array($tweetResult)){
	 $tweet_asap=$rows['tweet_asap'];
	 $retweet_asap=$rows['retweet_asap'];
	 $tweet_post_date=$rows['tweet_post_date_time'];
	 $retweet_post_date=$rows['retweet_post_date'];
	 $tweet_asap_post_date=$rows['tweet_order_date'];
	 $orderId=$rows['order_id'];
	 $itemId=$rows['item_id'];

   if($tweet_asap==1 || $retweet_asap==1){
		 $day1 =  strtotime(date("Y:m:d H:i:s"));
		 $day2 = strtotime($tweet_asap_post_date);
		 $diffHours = round(($day1 - $day2) / 3600);
		 if($diffHours>=48){
          $sql_up="UPDATE item_order_master set tweet_status=1 WHERE item_id='$itemId'";
		   mysql_query($sql_up) or die(mysql_error());
		   $sql_upp="UPDATE tweet_order set tweet_order_date='$date' WHERE item_id='$itemId'";
		   mysql_query($sql_upp) or die(mysql_error());
		 }
	}
	if($tweet_asap==0){
       $day1 =  strtotime(date("Y:m:d H:i:s"));
	   $day2 = strtotime($tweet_post_date);
	   $diffHours = round(($day1 - $day2) / 3600);
	    if($diffHours>=48){
           $sql_up="UPDATE item_order_master set tweet_status=1 WHERE item_id='$itemId'";
		   mysql_query($sql_up) or die(mysql_error());
		   $sql_upp="UPDATE tweet_order set tweet_post_date_time='$date' WHERE item_id='$itemId'";
		   mysql_query($sql_upp) or die(mysql_error());
		 }
	}
	if($retweet_asap==0){
       $day1 =  strtotime(date("Y:m:d H:i:s"));
	   $day2 = strtotime($retweet_post_date);
	   $diffHours = round(($day1 - $day2) / 3600);
	    if($diffHours>=48){
			$sql_up="UPDATE item_order_master set tweet_status=1 WHERE item_id='$itemId'";
		   mysql_query($sql_up) or die(mysql_error());
		   $sql_upp="UPDATE tweet_order set retweet_post_date='$date' WHERE item_id='$itemId'";
		   mysql_query($sql_upp) or die(mysql_error());

		 }
	}


 }*/

 /*End Code*/

 

echo 'Completed';


?>

＆＃13;

Answer 1

如果它们包含引号字符，您需要转义所有输入。

$twitter_id = mysql_real_escape_string($twitterInfo[0]->user->id);
$name = mysql_real_escape_string($twitterInfo[0]->user->name);
... and so on

如果切换到PDO或mysqli，并使用带有绑定参数的预处理语句，而不是将变量替换为查询字符串，那会更好。见How can I prevent SQL injection in PHP?

错误消息：您的SQL语法中有错误;校验

1 个答案: