我试图运行此代码:
<?php
include 'config.php';
$d = "$day = array('today' => 0, 'yesterday' => 0);";
$m = "$month = array('January' => 0, 'February' => 0, 'March' => 0, 'April' => 0, 'May' => 0, 'June' => 0, 'July' => 0, 'August' => 0, 'September' => 0, 'October' => 0, 'November' => 0, 'December' => 0);";
mysqli_query($con, "INSERT INTO visits (day, month, year, total) VALUES ('$d', '$m', 0, 0)") or die(mysqli_error($con));
echo 'The insertation of codes have been done';
mysqli_close($con);
?>
但我收到了这个错误:
您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册,以便在'today'=&gt;附近使用正确的语法0,'昨天'=&gt; 0);','= array('January'=&gt; 0,'February'=&gt; 0,'Ma'在第1行
我试过这个,但这也有错误:
<?php
include 'config.php';
$d = htmlspecialchars("$day = array('today' => 0, 'yesterday' => 0);");
$m = htmlspecialchars("$month = array('January' => 0, 'February' => 0, 'March' => 0, 'April' => 0, 'May' => 0, 'June' => 0, 'July' => 0, 'August' => 0, 'September' => 0, 'October' => 0, 'November' => 0, 'December' => 0);");
mysqli_query($con, "INSERT INTO visits (day, month, year, total) VALUES ('$d', '$m', 0, 0)") or die(mysqli_error($con));
echo 'The insertation of codes have been done';
mysqli_close($con);
?>
非常感谢您的帮助
答案 0 :(得分:0)
您的查询包含单引号以及变量$m和$d。所以你需要逃避这个例如:
$d = htmlspecialchars("\$day = array('today' => 0, 'yesterday' => 0);");
$m = htmlspecialchars("\$month = array('January' => 0, 'February' => 0, 'March' => 0, 'April' => 0, 'May' => 0, 'June' => 0, 'July' => 0, 'August' => 0, 'September' => 0, 'October' => 0, 'November' => 0, 'December' => 0);");
// Escape the variables
$m = mysqli_real_escape_string($con, $m);
$d = mysqli_real_escape_string($con, $d);
在执行查询命令之前,将这些行放在一行。