在我的网站表单(例如'或&)中输入标点符号时,我收到语法错误。我收到此错误时在页面上使用以下代码。我会错过什么或做错什么来解决这个问题?
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
/***************** DELETE QUERY ****************************/
$date2 = date('Y-m-d');
$qry = "DELETE FROM table WHERE STR_TO_DATE(`endate`, '%Y-%m-%d') < '".$date2."'";
$del = mysql_query($qry);
$query = "INSERT INTO table (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip','".str_replace(' ','',$name)."-".$stdate."-".$file.".png','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user')";
$q2=mysql_query($query) or die('Error, query failed'. mysql_error());
if($q2) {
echo "ok";
} else {
echo "error ".$query.mysql_error();
}
?>
问题源于查询行