您的SQL语法有错误;检查与您的MariaDB服务器版本对应的手册,以获得使用nea的正确语法

时间:2015-12-16 20:13:40

标签: php mariadb

我收到此错误 //错误

  

ERRORINSERT INTO new_comp_reg(phno,fullname,address,dept,desc)VALUES('','',''' ''&#39)       您的SQL语法有错误;查看与您的MariaDB服务器版本对应的手册,以获得正确的语法,以便使用('''''''''''' ;,'''')'在第1行

PHP 

<?php

    $servername = 'mysql.hostinger.in';
    $username = '';
    $password = '';
    $dbname = 'u424351292_icrcm';

    if(isset($_POST['submit']))
    {
        $phone_no = $_POST['phno'];
        $full_name = $_POST['fullname'];
        $location = $_POST['address'];
        $department = $_POST['dept'];
        $description = $_POST['desc'];
    }

        $conn = new mysqli($servername,$username,$password,$dbname);

        if($conn->connect_error)
        {
            die("Connection Failed" . $conn->connect_error);
        }

        $sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc)  VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";

        if($conn->query($sql) === TRUE)
        {
            echo "Complaint Registered";
        }
        else
        {
            echo "ERROR".$sql."<br>".$conn->error;
        }

    $conn->close();
    ?>

//错误

  

ERRORINSERT INTO new_comp_reg(phno,fullname,address,dept,desc)VALUES(&#39;&#39;,&#39;&#39;,&#39;&#39;&#39; &#39;&#39;&#39)       您的SQL语法有错误;查看与您的MariaDB服务器版本对应的手册,以获得正确的语法,以便使用(&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39; ;,&#39;&#39;&#39;&#39;)&#39;在第1行

3 个答案:

答案 0 :(得分:2)

descreserved keyword in MySQL,需要通过反引号进行转义。

INSERT INTO new_comp_reg (..., `desc`)  VALUES (...)
例如,

或将您的列名更改为description

顺便说一下,你没有逃避用户输入,这可能导致语法错误和SQL注入。使用准备好的陈述。

答案 1 :(得分:1)

if(isset($_POST['submit']))
{
    $phone_no = $_POST['phno'];
    $full_name = $_POST['fullname'];
    $location = $_POST['address'];
    $department = $_POST['dept'];
    $description = $_POST['desc'];
}

    $conn = new mysqli($servername,$username,$password,$dbname);

    if($conn->connect_error)
    {
        die("Connection Failed" . $conn->connect_error);
    }

    $sql = "INSERT INTO new_comp_reg VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";

    if($conn->query($sql) === TRUE)
    {
        echo "Complaint Registered";`enter code here`
    }
    else
    {
        echo "ERROR".$sql."<br>".$conn->error;
    }

$conn->close();
?>

答案 2 :(得分:0)

我会说它是

$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc)  VALUES ('".mysql_real_escape_string($phone_no)."' , '".mysql_real_escape_string($full_name)"' , '".mysql_real_escape_string($location)"' , '".mysql_real_escape_string($department)"' , '".mysql_real_escape_string($description)"')";

这实际上会改善您的保护。另外,请检查您的列名称,因为您可能引用了一个错误。

相关问题
最新问题