我不知道为什么以下MySQL Query会一直失败。它告诉我它的语法无效。它始终在代码的em-mail区域表示,但没有明显的错误。我在将字符串传递给MySQL查询之前清理字符串
$query = "INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, ".$role.", ".$name.", ".$email.",
".$dob.", ".$englishskills.", ".$previousmember.", ".$reasonYes.",
".$whyjoin.", ".$whatcouldyoubring.", ".$roleplayexperience.",
".$roleplayexperiencedetail.", ".$commit.", ".$minimumperiod.");";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
答案 0 :(得分:2)
您要在结尾分号处关闭双引号,将其删除并重试
$query = "INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, '$role', '$name', '$email',
'$dob','$englishskills', '$previousmember', '$reasonYes',
'$whyjoin', '$whatcouldyoubring', '$roleplayexperience',
'$roleplayexperiencedetail', '$commit', '$minimumperiod')";
答案 1 :(得分:1)
您的查询不会在VALUES子句中的每个值周围放置任何单引号。除非它们都是数值或NULL,否则将导致无效的SQL。
如果您echo $query使用它之前可以看到它:
INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, myrole, myname, my@email.com,
2014-02-03, excellent, no, myreason,
myreason, cookies, lots,
lots and lots, yes, 1 month);
INSERT语句中的每个字符串或日期值都需要单引号。
您可以通过编写如下代码来解决此问题:
$query = "INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, '".$role."', '".$name."', '".$email."',
'".$dob.", '".$englishskills."', '".$previousmember."', '".$reasonYes."',
'".$whyjoin."', '".$whatcouldyoubring."', '".$roleplayexperience."',
'".$roleplayexperiencedetail."', '".$commit."', '".$minimumperiod."');";
除了我犯了一个错误并且忘了单引号的一个。你能发现它吗?
如果您使用带参数的预准备查询,并停止将变量复制到SQL字符串中会更容易。它可以更容易地编写像这样的动态SQL,而不会撕毁你的头发试图找到
$query = "INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
这是一份准备好的声明,?不需要任何引号。实际上,您不得在每个?周围加上引号,因为这会使其成为文字'?'而不是占位符。
然后准备查询,将变量绑定到其中。
$stmt = mysqli_prepare($con, $query) or die(mysqli_error($con));
mysqli_stmt_bind_param($stmt, 'sssssssssssss', $role, $name, $email,
$dob, $englishskills, $previousmember, $reasonYes,
$whyjoin, $whatcouldyoubring, $roleplayexperience,
$roleplayexperiencedetail, $commit, $minimumperiod);
您需要与占位符相同数量的变量,并按照它们在查询中显示的顺序绑定它们。 Mysqli还需要一个像'sss...'这样的字符串,其中该字符串中的每个字母对应一个参数,'s'表示参数是字符串,'i'表示它是整数等。
准备好并绑定参数后,只需执行预准备语句并获得结果:
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
这样你就不会试图匹配所有不同类型的引号。
另一个提示:PDO让这更容易!只需将一个数组传递给execute函数,就可以一步绑定并执行。
$stmt = $pdo->prepare($query);
$stmt->execute([$role, $name, $email,
$dob, $englishskills, $previousmember, $reasonYes,
$whyjoin, $whatcouldyoubring, $roleplayexperience,
$roleplayexperiencedetail, $commit, $minimumperiod]);
$results = $stmt->fetchAll();
答案 2 :(得分:0)
$name之类的字符串需要使用'括起来。
$query = "INSERT INTO `ToReview` (`number`, `role`, `name`, `email`, `dob`,
`englishskills`, `previousmember`, `reasonYes`, `whyjoin`,
`whatcouldyoubring`, `roleplayexperience`, `roleplayexperiencedetail`,
`commit`, `minimumperiod`) VALUES (NULL, ".$role.", '".$name."', '".$email."',
'".$dob."', ".$englishskills.", ".$previousmember.", '".$reasonYes."',
'".$whyjoin."', '".$whatcouldyoubring."', '".$roleplayexperience."',
'".$roleplayexperiencedetail."', '".$commit."', '".$minimumperiod."');";
或者您可以使用prepared statements