在查询什么是错误请解决它

时间:2011-03-16 13:13:44

标签: php mysql

我有以下错误

  

插入staff_service(customer_id,workorder_no,service_date,current_date)值('1','414','2011-03-14',CURDATE())1064 SQL语法中有错误;查看与您的MySQL服务器版本对应的手册,以便在第1行使用“current_date”值('1','414','2011-03-14',CURDATE())附近的正确语法

<?php
session_start();

include "common/config.php";

    $file=file("Template/staffservice_management.html");
    $filecontent=join("",$file);
    include("user.php");
/*$sql = "SELECT id,customer_name FROM customer "."ORDER BY customer_name";

$rs = mysql_query($sql);

while($row = mysql_fetch_array($rs))
{
  echo "<option value=\"".$row['id']."\">".$row['customer_name']."</option>";
  echo "<option value=\"".$row['id']."\">".$row['customer_name']."</option>";
  echo "<option value=\"".$row['id']."\">".$row['customer_name']."</option>";
}*/
$sql="select * from customer";
$res=mysql_query($sql);
while($row=mysql_fetch_array($res))
{
     $list_option.="<option value='".$row['id']."'>".$row['customer_name']."</option>";
}
$cust=$_POST['cname'];
$work=$_POST['won'];
$date=$_POST['startdate'];
if($_REQUEST['submit']=='submit')
{
$sqle=("insert into staff_service(customer_id,workorder_no,service_date,current_date) values('$cust','$work','$date',CURDATE())");
$Insertprocess=$db->insert_data_id($sqle);
echo "<script>alert(' Details Successfully created');</script>;";
echo "<script>location.href='staffservice_management.php';</script>;";
}
$filecontent=preg_replace("/{{(.*?)}}/e","$$1",$filecontent);
echo $filecontent;

?>

6 个答案:

答案 0 :(得分:1)

不要将变量直接插入到SQL中,而是要求SQL注入攻击。看看http://www.bobby-tables.com/

至于错误,表名后面没有空格,这可能是罪魁祸首;它被视为对未知函数staff_service()的调用。

答案 1 :(得分:0)

insert into staff_service (customer_id,workorder_no,service_date,current_date) values('$cust','$work','$date',CURDATE())

在表名后留空格

答案 2 :(得分:0)

我猜你需要一个空格

<强> staff_service

(适用CUSTOMER_ID,workorder_no,service_date,CURRENT_DATE)

尝试:

$sqle=("insert into staff_service (customer_id,workorder_no,service_date,current_date) values('$cust','$work','$date',CURDATE())");

HTH!

答案 3 :(得分:0)

您无需使用" ' "来表示数字/ ids:

insert into staff_service(customer_id,workorder_no, service_date,current_date) values(1,414,'2011-03-14',CURDATE())

答案 4 :(得分:0)

INSERT INTO staff_service
(customer_id,workorder_no,service_date,current_date) 
VALUES ('1','414','2011-03-14',CURDATE())

关于Data Types,有几个问题:

  • customer_id的数据类型是什么?
    • 如果是INT数据类型,则不需要围绕值1的单引号
      • 示例:价值观(1,'414','2011-03-14',CURDATE())
  • workorder_no的数据类型是什么?
    • 如果它是INT数据类型,则不需要围绕值414的单引号
      • 示例:价值观('1',414,'2011-03-14',CURDATE())
  • service_date的数据类型是什么?
    • 如果是日期/时间类型,您提交的格式是否正确?
  • current_date的数据类型是什么?
    • 如果是日期/时间类型,您提交的格式是否正确?

您可能希望以分号结束SQL语句,如下所示:

INSERT INTO staff_service
(customer_id,workorder_no,service_date,current_date) 
VALUES ('1','414','2011-03-14',CURDATE());

我的建议是确保您以正确的格式传递数据

答案 5 :(得分:-1)

在SQL查询结束时添加分号。

相关问题
最新问题