SQL给出语法错误,但我没有看到

时间:2015-11-14 15:32:58

标签: php mysql

我编写了一个PHP脚本,用于将主题和帖子从旧版本导入新论坛,我在SQL语句的第2行收到语法错误,但我看不出错误是什么。

INSERT INTO `uh46v_chronoengine_forums_topics` (`id`,`forum_id`,`title`,`alias`,`user_id`,`published`,`locked`,`created`,`modified`,`hits`,`params`,`post_count`,`last_post`,`reported`,`has_attachments`,`announce`,`sticky`) VALUES ('33','2','DS4Windows rebranding','DS4Windows-rebranding','2','1','0','2015-02-04 22:10:57','','0','{\"uid\":\"0832fbee-506c-4fac-b2f6-eda324c54580\"}','24','540','0','0','0','0'); 

INSERT INTO `uh46v_chronoengine_forums_posts` (`id`,`topic_id`,`forum_id`,`subject`,`text`,`user_id`,`created`,`modified`,`published`,`params`) VALUES ('172','33','2','DS4Windows rebranding','So it was suggested in out old forum that a rebranding was in order for us, mainly to differentiate ourselves from Jays distribution. With the building of forums and more traffic now coming to the site I believe splitting not only from the DS4Windows name, but also from the DSDCS brand would be a good idea sometime in the near future. Not being a very good "marketing guy" myself, im not quite sure what to rename the project. So I will open the floor on the subject and hope we have somebody in the community good with such things.\n\nGeneral guidelines:\nMust not violate any copyrights or trademarks\nKeep in mind this application may not alwayse be limited to DS4 -> X360 mapping\nPrefer the .com of the name be available','2','2015-02-04 22:10:57','','1','{\"author_address\":\"96.58.100.87\"}');

这会产生相同的错误

uh46v_chronoengine_forums_posts

错误:

  

您的SQL语法有错误;检查手册   对应于您的MySQL服务器版本,以便使用正确的语法   'INSERT INTO id附近   (topic_idforum_id<?PHP function GUID() { if (function_exists('com_create_guid') === true) { return trim(com_create_guid(), '{}'); } return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)); } include_once('configuration.php'); $config = new JConfig; $servername = $config->host; $username = $config->host; $password = $config->host; $sourceForumID = 7; $destinationForumID = 2; // Create connection $db = new mysqli($config->host, $config->user, $config->password, $config->db); // Check connection if ($db->connect_error) { die("Connection failed: " . $db->connect_error); } $topicsTableA = "phpbb_topics"; $topicsTableB = $config->dbprefix."chronoengine_forums_topics"; $postsTableA = "phpbb_posts"; $postsTableB = $config->dbprefix."chronoengine_forums_posts"; $topicsSQLA = <<<SQL SELECT * FROM `$topicsTableA` WHERE forum_id = $sourceForumID SQL; if(!$topicsResultA = $db->query($topicsSQLA)){ die('There was an error running the query [' . $db->error . ']'); } $topicsSQLB = ""; while($topicsRowA = $topicsResultA->fetch_assoc()){ $id = $topicsRowA["topic_id"]; $postsSQLA = <<<SQL SELECT * FROM `$postsTableA` WHERE topic_id = $id SQL; if(!$postsResultA = $db->query($postsSQLA)){ die('There was an error running the query [' . $db->error . ']'); } $id = $topicsRowA["topic_id"]; $forum_id = $destinationForumID; $title = mysqli_real_escape_string($db,$topicsRowA["topic_title"]); $alias = preg_replace("/[^A-Za-z0-9]/", '-', $topicsRowA["topic_title"]); $user_id = $topicsRowA["topic_poster"]; $published = 1; $locked = 0; $created = (new DateTime("@".$topicsRowA["topic_time"]))->format('Y-m-d H:i:s'); $modified = null; $hits = 0; $params = mysqli_real_escape_string($db,'{"uid":"'.strtolower(GUID()).'"}'); $post_count = $postsResultA->num_rows; $last_post = $topicsRowA["topic_last_post_id"]; $reported = 0; $has_attachments = 0; $announce = 0; $sticky = 0; $topicsSQLB .= "INSERT INTO `$topicsTableB` (`id`,`forum_id`,`title`,`alias`,`user_id`,`published`,`locked`,`created`,`modified`,`hits`,`params`,`post_count`,`last_post`,`reported`,`has_attachments`,`announce`,`sticky`) VALUES ('$id','$forum_id','$title','$alias','$user_id','$published','$locked','$created',NULL,'$hits','$params','$post_count','$last_post','$reported','$has_attachments','$announce','$sticky'); \n\r"; while($postsRowA = $postsResultA->fetch_assoc()){ $Tid = $postsRowA["post_id"]; $topic_id = $id; $subject = mysqli_real_escape_string($db,$postsRowA["post_subject"]); $text = mysqli_real_escape_string($db,$postsRowA["post_text"]); $user_id = $postsRowA["poster_id"]; $created = (new DateTime("@".$postsRowA["post_time"]))->format('Y-m-d H:i:s'); $modified = null; $published = 1; $params = mysqli_real_escape_string($db,'{"author_address":"'.$postsRowA["poster_ip"].'"}'); $topicsSQLB .= "INSERT INTO `$postsTableB` (`id`,`topic_id`,`forum_id`,`subject`,`text`,`user_id`,`created`,`modified`,`published`,`params`) VALUES ('$Tid','$topic_id','$forum_id','$subject','$text','$user_id','$created',NULL,'$published','$params'); \n\r"; } } //if ($db->query($topicsSQLB) === true) { // echo "New record created successfully"; //} else { // echo "Error: " . $sql . "<br>" . $db->error . "<br>"; //} echo $topicsSQLB; ,第2行的'subje'

作为参考但不太可能相关,因为错误是MySQL错误,这里是我用来完成此任务的PHP脚本。

field_related_content_title

3 个答案:

答案 0 :(得分:1)

PHP Mysqli允许使用multi_query() function进行多次查询。

以下是一般性地添加对话,并避免在多个查询块彼此重复运行时出现无休止的不同步错误。或者是多人后的非多人。

如果在没有清除结果集的情况下进行下一个查询,则multi_query()执行后会出现问题。错误将是底部表示为Note1的错误。但是这个答案可以避免。

您的特定问题与\r\n\n\r无关。他们作为这项工作的一部分进行了测试,但没有让下一个与他们的问题混淆的人混淆不同。

<?php
    //mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    mysqli_report(MYSQLI_REPORT_ALL);
    error_reporting(E_ALL); // report all PHP errors
    ini_set("display_errors", 1); 
    echo "start<br/>";

    try {
        $mysqli= new mysqli('hostname', 'dbuser', 'pwd', 'dbname');
        if ($mysqli->connect_error) {
            die('Connect Error (' . $mysqli->connect_errno . ') '
                . $mysqli->connect_error);
        }
        echo "I am connected and feel happy.<br/>";
        $query = "INSERT INTO `table1`(`thing`) values ('aaa')";
        $mysqli->query($query);
        // works fine

        // Note the concat below
        $query = "INSERT INTO `table1`(`thing`) values ('bbb1'); ";
        $query .=$query; // double it up with concat (in other words two insert)
        // we have a multi query so call it the right way:
        $mysqli->multi_query($query);
        // we need to clear the protocol to avoid Out of Sync errors
        // http://stackoverflow.com/a/21754463
        do { 
            $mysqli->use_result(); 
        }while( $mysqli->more_results() && $mysqli->next_result() );        
        // if you remark out the above 3 lines, 
        // expect error message depicted in **** Note1 ****

        // purpose of this next block is to show result sets are cleared
        // from prior multi, and we can do another insert
        // thus avoiding error 500 out of sync errors
        $query = "INSERT INTO `table1`(`thing`) values ('ccc')";
        $mysqli->query($query);   // a single insert statement

        // Finally, this shows that running a multi without a multi_query fcn call will bomb
        $query = "INSERT INTO `table1`(`thing`) values ('explosion'); \r\n";
        $query .=$query; // double it up with concat
        $mysqli->query($query);   // make a multi query explode by not calling multi_query (but rather query)
        //  The above line generated an error, error message below (**** Note2 ****)
        $mysqli->close();
    } catch (mysqli_sql_exception $e) { 
        throw $e; 
    }
?>

数据库结果:

select * from table1;
+----+-------+
| id | thing |
+----+-------+
|  1 | aaa   |
|  2 | bbb1  |
|  3 | bbb1  |
|  4 | ccc   |
+----+-------+

显示的源代码中提到了以下错误消息。第一个是完全避免的。第二个不是,并且表明需要函数multi_query()而不是query()

****** Note1 ******

  

致命错误:带有消息的未捕获异常'mysqli_sql_exception'   '命令不同步;你现在不能运行这个命令   C:\ Apache24 \ htdocs \ mi_insert_multi_query_test.php:36堆栈跟踪:#0   C:\ Apache24 \ htdocs中\ mi_insert_multi_query_test.php(36):   mysqli-&gt; query('INSERT INTO`ta ...')#1 {main}引入   第36行的C:\ Apache24 \ htdocs \ mi_insert_multi_query_test.php

****** Note2 ******

  

致命错误:带有消息的未捕获异常'mysqli_sql_exception'   '你的SQL语法有错误;检查手册   对应于您的MySQL服务器版本,以便使用正确的语法   在第2行'INSERT INTO table1thing)值('爆炸')'附近'   在C:\ Apache24 \ htdocs \ mi_insert_multi_query_test.php:41堆栈跟踪:   #0 C:\ Apache24 \ htdocs \ mi_insert_multi_query_test.php(41):mysqli-&gt; query('INSERT INTO`ta ...')#1 {main}引入   第41行的C:\ Apache24 \ htdocs \ mi_insert_multi_query_test.php选择*   来自table1;

答案 1 :(得分:0)

从INSERT查询中删除\n\r

答案 2 :(得分:0)

您无法使用query中的mysqli执行多个查询,这是一种限制SQL注入漏洞利用的安全功能。它们有一个允许执行多个查询的函数http://php.net/manual/en/mysqli.multi-query.php

所以你可以做到

<?PHP
function GUID()
{
    if (function_exists('com_create_guid') === true)
    {
        return trim(com_create_guid(), '{}');
    }

    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
}

include_once('configuration.php');
$config = new JConfig;

$servername = $config->host;
$username = $config->host;
$password = $config->host;

$sourceForumID = 7;
$destinationForumID = 2;

// Create connection
$db = new mysqli($config->host, $config->user, $config->password, $config->db);


// Check connection
if ($db->connect_error) {
    die("Connection failed: " . $db->connect_error);
} 
$topicsTableA = "phpbb_topics";
$topicsTableB = $config->dbprefix."chronoengine_forums_topics";
$postsTableA = "phpbb_posts";
$postsTableB = $config->dbprefix."chronoengine_forums_posts";

$topicsSQLA = <<<SQL
    SELECT *
    FROM `$topicsTableA`
    WHERE forum_id = $sourceForumID
SQL;


if(!$topicsResultA = $db->query($topicsSQLA)){
    die('There was an error running the query [' . $db->error . ']');
}

$topicsSQLB = "";
while($topicsRowA = $topicsResultA->fetch_assoc()){
    $id = $topicsRowA["topic_id"];
$postsSQLA = <<<SQL
    SELECT *
    FROM `$postsTableA`
    WHERE topic_id = $id
SQL;
    if(!$postsResultA = $db->query($postsSQLA)){
        die('There was an error running the query [' . $db->error . ']');
    }


    $id = $topicsRowA["topic_id"];
    $forum_id = $destinationForumID;
    $title = mysqli_real_escape_string($db,$topicsRowA["topic_title"]);
    $alias = preg_replace("/[^A-Za-z0-9]/", '-', $topicsRowA["topic_title"]);
    $user_id = $topicsRowA["topic_poster"];
    $published = 1;
    $locked = 0;
    $created = (new DateTime("@".$topicsRowA["topic_time"]))->format('Y-m-d H:i:s');
    $modified = null;
    $hits = 0;
    $params = mysqli_real_escape_string($db,'{"uid":"'.strtolower(GUID()).'"}');
    $post_count = $postsResultA->num_rows;
    $last_post = $topicsRowA["topic_last_post_id"];
    $reported = 0;
    $has_attachments = 0;
    $announce = 0;
    $sticky = 0;

    $topicsSQLB .= "INSERT INTO `$topicsTableB` (`id`,`forum_id`,`title`,`alias`,`user_id`,`published`,`locked`,`created`,`modified`,`hits`,`params`,`post_count`,`last_post`,`reported`,`has_attachments`,`announce`,`sticky`) VALUES ('$id','$forum_id','$title','$alias','$user_id','$published','$locked','$created',NULL,'$hits','$params','$post_count','$last_post','$reported','$has_attachments','$announce','$sticky'); \n\r";
    while($postsRowA = $postsResultA->fetch_assoc()){
        $Tid = $postsRowA["post_id"];
        $topic_id = $id;
        $subject = mysqli_real_escape_string($db,$postsRowA["post_subject"]);
        $text = mysqli_real_escape_string($db,$postsRowA["post_text"]);
        $user_id = $postsRowA["poster_id"];
        $created = (new DateTime("@".$postsRowA["post_time"]))->format('Y-m-d H:i:s');
        $modified = null;
        $published = 1;
        $params = mysqli_real_escape_string($db,'{"author_address":"'.$postsRowA["poster_ip"].'"}');

        $topicsSQLB .= "INSERT INTO `$postsTableB` (`id`,`topic_id`,`forum_id`,`subject`,`text`,`user_id`,`created`,`modified`,`published`,`params`) VALUES ('$Tid','$topic_id','$forum_id','$subject','$text','$user_id','$created',NULL,'$published','$params'); ";

    }

}
//if ($db->multi_query($topicsSQLB) === true) {
//    echo "New record created successfully";
//} else {
//    echo "Error: " . $sql . "<br>" . $db->error . "<br>";
//}
echo $topicsSQLB;

或只是附加值,只使用一个插入:

    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
}

include_once('configuration.php');
$config = new JConfig;

$servername = $config->host;
$username = $config->host;
$password = $config->host;

$sourceForumID = 7;
$destinationForumID = 2;

// Create connection
$db = new mysqli($config->host, $config->user, $config->password, $config->db);


// Check connection
if ($db->connect_error) {
    die("Connection failed: " . $db->connect_error);
} 
$topicsTableA = "phpbb_topics";
$topicsTableB = $config->dbprefix."chronoengine_forums_topics";
$postsTableA = "phpbb_posts";
$postsTableB = $config->dbprefix."chronoengine_forums_posts";

$topicsSQLA = <<<SQL
    SELECT *
    FROM `$topicsTableA`
    WHERE forum_id = $sourceForumID
SQL;


if(!$topicsResultA = $db->query($topicsSQLA)){
    die('There was an error running the query [' . $db->error . ']');
}

$topicsSQLB = "";
while($topicsRowA = $topicsResultA->fetch_assoc()){
    $id = $topicsRowA["topic_id"];
$postsSQLA = <<<SQL
    SELECT *
    FROM `$postsTableA`
    WHERE topic_id = $id
SQL;
    if(!$postsResultA = $db->query($postsSQLA)){
        die('There was an error running the query [' . $db->error . ']');
    }


    $id = $topicsRowA["topic_id"];
    $forum_id = $destinationForumID;
    $title = mysqli_real_escape_string($db,$topicsRowA["topic_title"]);
    $alias = preg_replace("/[^A-Za-z0-9]/", '-', $topicsRowA["topic_title"]);
    $user_id = $topicsRowA["topic_poster"];
    $published = 1;
    $locked = 0;
    $created = (new DateTime("@".$topicsRowA["topic_time"]))->format('Y-m-d H:i:s');
    $modified = null;
    $hits = 0;
    $params = mysqli_real_escape_string($db,'{"uid":"'.strtolower(GUID()).'"}');
    $post_count = $postsResultA->num_rows;
    $last_post = $topicsRowA["topic_last_post_id"];
    $reported = 0;
    $has_attachments = 0;
    $announce = 0;
    $sticky = 0;

    $topicsSQLB .= "INSERT INTO `$topicsTableB` (`id`,`forum_id`,`title`,`alias`,`user_id`,`published`,`locked`,`created`,`modified`,`hits`,`params`,`post_count`,`last_post`,`reported`,`has_attachments`,`announce`,`sticky`) VALUES ('$id','$forum_id','$title','$alias','$user_id','$published','$locked','$created',NULL,'$hits','$params','$post_count','$last_post','$reported','$has_attachments','$announce','$sticky'), ";
    while($postsRowA = $postsResultA->fetch_assoc()){
        $Tid = $postsRowA["post_id"];
        $topic_id = $id;
        $subject = mysqli_real_escape_string($db,$postsRowA["post_subject"]);
        $text = mysqli_real_escape_string($db,$postsRowA["post_text"]);
        $user_id = $postsRowA["poster_id"];
        $created = (new DateTime("@".$postsRowA["post_time"]))->format('Y-m-d H:i:s');
        $modified = null;
        $published = 1;
        $params = mysqli_real_escape_string($db,'{"author_address":"'.$postsRowA["poster_ip"].'"}');

        $topicsSQLB .= "('$Tid','$topic_id','$forum_id','$subject','$text','$user_id','$created',NULL,'$published','$params'), ";

    }
$topicsSQLB = rtrim($topicsSQLB, ', ';
}
//if ($db->query($topicsSQLB) === true) {
//    echo "New record created successfully";
//} else {
//    echo "Error: " . $sql . "<br>" . $db->error . "<br>";
//}
echo $topicsSQLB;
相关问题
最新问题