SQLSTATE [42000]:语法错误或访问冲突[PHP]

时间:2015-11-20 15:30:38

标签: php mysql nette

我使用方法构建SQL查询,然后将其返回并使用它。

$query = $this->buildSearchQuery($searchParams);            
return $this->db->query($query);

不幸的是,这给我一个错误:

  

SQLSTATE [42000]:语法错误或访问冲突:1064您有   SQL语法错误;查看与您的手册相对应的手册   MySQL服务器版本,用于在' SELECT * FROM附近使用正确的语法   候选人WHERE firstname =? AND姓氏=?',' Dante',' Hickman'在   第1行

我正在搜索它,因为这看起来像以前编写查询的脚本的SQL语法失败所以我做了一些简单的事情我在使用之前转储了这个$查询。

转储返回:

"'SELECT * FROM candidates WHERE firstname = ? AND surname = ?','Dante', 'Hickman'" (81)

哪个是正确的,字符串有81个字符。 在此之后,我尝试将其置于原始查询而不是变量,它看起来像这样:

return $this->db->query('SELECT * FROM candidates WHERE firstname = ? AND surname = ?','Dante', 'Hickman');

此secod脚本运行正确,因此它看起来查询是正确构建的,但仍然是错误。我错过了什么?

我希望有任何建议可以帮助我解决这个问题。

P.S。该查询的语法来自nette框架,但系统应该是相同的。

编辑: 添加buildSearchQuery()

function buildSearchQuery($searchParams)
    {
        $column = "";
        $values = "";
        $col = "";
        $i=0;
        // Trim to make sure user doesn't enter space there
        if((trim($searchParams->firstname)))
        {
            $column .= "firstname,";
            $i++;
        }
        if((trim($searchParams->surname)))
        {
            $column .= "surname,";  
            $i++;
        }

        if((trim($searchParams->specialization)))
        {
            $column .= "specialization,";   
            $i++;
        }           
        if($searchParams->english !== NULL)
        {
            $column .= "english,";
            $i++;
        }           
        if($searchParams->german !== NULL)
        {
            $column .= "german,";
            $i++;
        }           
        if($searchParams->russian !== NULL)
        {
            $column .= "russian,";
            $i++;
        }           
        if($searchParams->french !== NULL)
        {
            $column .= "french,";
            $i++;
        }           
        if($searchParams->school !== NULL)
        {
            $column .= "school,";
            $i++;
        }

        if((trim($searchParams->registrationDate)))
        {
            $column .= "registrationDate";
            $i++;
        }
        if($i > 0)
        {
            // If number of columns is bigger then 0 (if user fill atleast one input)                   
            $columns = explode(",", $column);       
            // Create list of values for query (name of columns and values)
            foreach($columns as $c)
            {                                                   
                if (isset($searchParams->$c)) {     
                    $values .= "'".$searchParams->{$c}."', ";               
                    $col .= $c." = ? AND ";                 
                }                       
            }
            // Remove last "," and space
            $values = substr_replace($values, "", -2);          
            $col = substr_replace($col, "", -5);    
            $query = $col."',".$values;
            $query = "'SELECT * FROM candidates WHERE ".$query;         
            //$query = substr($query, 0, -1); //remove last char ( ' in this case)
            return $query;
        }
        else
        {
            $query = "SELECT * FROM candidates";
            return $query;
        }
    }

0 个答案:

没有答案
相关问题
最新问题