我升级到php7后出现此错误,我已解决了大多数问题。
错误:您的SQL语法出错;检查手册 对应于您的MySQL服务器版本,以便使用正确的语法 靠近''第1行
这是代码的开头(这似乎导致了问题)。当页面加载$ _POST没有设置时,有一个下拉列表(从sql1创建),这个结果将在后面的脚本中提供给其他sql查询。
<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC";
这是完整的代码
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<?php include 'header.php'; ?>
<div class='container'>
<?php include 'menu.php'; ?>
<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC";
//$sql1="SELECT Site_ID, Site_name_1 FROM 'Sites' ORDER BY 'Sites'.'Site_ID' ASC";
$sqltable1="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$sqltable2="SELECT Aspects.Aspect, Aspect_Pub_join.Pub_ID FROM `Aspects` INNER JOIN `Aspect_Pub_join` ON Aspects.Aspect_ID=Aspect_Pub_join.Aspect_ID WHERE Aspect_Pub_join.Pub_ID=$post_pub";
$sqltable3="SELECT Publications.Pub_ID, Questions.Question FROM `Publications` LEFT JOIN `Aspect_Pub_join` ON Publications.Pub_ID=Aspect_Pub_join.Pub_ID LEFT JOIN `Aspect_question_join` ON Aspect_Pub_join.Aspect_ID=Aspect_question_join.Aspect_ID LEFT JOIN `Questions` ON Aspect_question_join.Question_ID=Questions.Question_ID Where Publications.Pub_ID=$post_pub GROUP BY Question ORDER BY Publications.Pub_ID ASC";
$sqltable4="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$sqltable5="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$result1=mysqli_query($mysqli, $sql1) or die("Error: ".mysqli_error($mysqli));
$result_table1=mysqli_query($mysqli, $sqltable1) or die("Error: ".mysqli_error($mysqli));
$result_table2=mysqli_query($mysqli, $sqltable2) or die("Error: ".mysqli_error($mysqli));
$result_table3=mysqli_query($mysqli, $sqltable3) or die("Error: ".mysqli_error($mysqli));
$result_table4=mysqli_query($mysqli, $sqltable4) or die("Error: ".mysqli_error($mysqli));
$result_table5=mysqli_query($mysqli, $sqltable5) or die("Error: ".mysqli_error($mysqli));
$site_array = array();
while (list($id, $name) = mysqli_fetch_row($result1)) {$site_array[$id] = $name;}
//// Free result set
//mysqli_free_result($result);
function get_options($arr, $current=null)
{
$opts = '';
foreach ($arr as $k => $v) {
$sel = $k==$current ? 'selected="selected"' : '';
$opts .= "<option value='$k' $sel>$k $v</option>\n";
}
return $opts;
}
?>
<html>
<body>
<br/>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<select name="site" onchange="this.form.submit();">
<?php echo"<option>Select Site</option>";?>
<?php echo get_options($site_array);?>
</select>
</form>
<br/>
<p> Displaying all information for:<?php if(isset($_POST['site'])){echo $_POST['site'];} ?></p>
<div style="void:both;";></div>
<div class='table_holder'>
<div class='table' style='height:100px; margin-right:20px;'>
<table width='100%' align='center' id='table1' class='tablesorter'>
<thead>
<tr>
<th>Publication Title</th>
</tr>
</thead>
<?php while($rows1=mysqli_fetch_array($result_table1)){ ?>
<tr>
<td><?php echo $rows1['ART_TITEL']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table2' class='tablesorter'>
<thead>
<tr>
<th>Aspects</th>
</tr>
</thead>
<?php while($rows2=mysqli_fetch_array($result_table2)){ ?>
<tr>
<td><?php echo $rows2['Aspect']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table3' class='tablesorter'>
<thead>
<tr>
<th>Question</th>
</tr>
</thead>
<?php while($rows3=mysqli_fetch_array($result_table3)){ ?>
<tr>
<td><?php echo $rows3['Question']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<?php include 'footer.php' ?>
答案 0 :(得分:1)
如果字符串不存在,您似乎将$post_pub
设置为字符串,但在后续语句中进行比较,就好像它是数字一样
$post_pub = isset($_POST['site']) ?: $_POST['site'] = ''
此处$post_pub
将设置为&#39;&#39;如果它不在POST中
当您构建像这样的SQL
时$sqltable1="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
声明看起来像
SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=
你想要像
这样的地方SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications`
或
SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=''
或
SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID is null
您还应该考虑在查询中使用参数而不是字符串连接作为您打开sql注入攻击的代码。
答案 1 :(得分:-1)
检查短路条件。 似乎应该是:
$post_pub = isset($_POST['site']) ? $_POST['site'] : '';
检查此示例:
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
echo $post_pub; // empty string
$_POST['site'] = 'test';
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
echo $post_pub; // true - 1
你是在db中搜索,是&#39; true&#39;还是concrect id?