我写了这个查询:
$query = "UPDATE encodage_answer
SET Answer = geir
WHERE encodage_question_ID = 128
AND encodage_ID = 305
AND Extra = NULL";
$insert = mysql_query($query, $connection) or die(mysql_error());
但如果我运行此代码,我总会得到同样的错误:
'字段列表'中的未知列'geir'
可能是我,但我想我并不是说geir是一个列/字段;这是什么问题?
当我直接在我的PHPMyAdmin中运行此查询时,它运行良好。
更新:完整代码:
答案存在,$ Extra变量为Null
$AnswerExists = answer_exists($Question_ID, $encodage_ID, $Extra);
if($AnswerExists <> ""){
if($Answer != NULL){
$correctAnswer = mysql_prep($Answer);
if($Extra != NULL){
$query = "UPDATE `encodage_answer` SET `Answer` = '" . mysql_prep($Answer) . "' WHERE `ID` = '" . $AnswerExists . "'";
$insert = mysql_query($query, $connection) or die(mysql_error());
$query2 = "UPDATE `encodage_answer` SET `Extra` = '" . $Extra . "' WHERE `ID` = '" . $AnswerExists . "'";
$insert = mysql_query($query2, $connection) or die(mysql_error());
}else{
$querytest = "UPDATE `encodage_answer` SET Answer = " . $Answer . " WHERE ID = " . $AnswerExists;
$insert = mysql_query($querytest, $connection) or die(mysql_error());
}
}
}
function answer_exists($Question_ID, $encodage_ID, $Extra){
global $connection;
$trfa = false;
echo $Question_ID . " - " . $encodage_ID . "<br />";
if($Extra <> ""){
$query = "SELECT *
FROM encodage_answer
WHERE encodage_ID = {$encodage_ID} AND encodage_question_ID = {$Question_ID} AND Extra = {$Extra}";
}else{
$query = "SELECT *
FROM encodage_answer
WHERE encodage_ID = {$encodage_ID} AND encodage_question_ID = {$Question_ID}";
}
答案 0 :(得分:6)
尝试在geir周围加上单引号。通过不引用要将列设置为的字符串,SQL后端认为您要将Answer列的值设置为geir列的值。由于表中不存在geir列,因此会引发错误。
编辑:我怀疑PHPMyAdmin有某种SQL语句过滤来捕获这样的情况,并自动为你输入字符串。
答案 1 :(得分:1)
感谢大家的帮助!我正在将所有查询更改为更安全的格式! SQL-Injection对待不再是问题!谢谢你的提示!
关于我的问题: 我是一个完全白痴!在寻找解决方案20小时后,我发现了我的错误!该错误是针对另一个查询。我很遗憾浪费你的时间,但我是一个新手(ergo,sql-injection问题),所以我希望我可以犯一些错误。
由于
Jens