连接失败：SQLSTATE [42000]：语法错误或访问冲突：1064

Question

我已经看到很多类似我的问题，但我的问题有所不同：我的错误不是由于在SQL中使用"keyword"引起的！

在运行代码时，如果我取消了WHERE子句，或者我使用诸如" WHERE customerNumber = 356"这样的硬编码值，则可以正常工作，但是如果我尝试使用变量{{1 }}，它会引发错误。

$custom_n

如果我对custom_n和gettype进行回显，则会得到：353字符串，这正是我想要的。

这是完整的错误：

  

连接失败：SQLSTATE [42000]：语法错误或访问冲突：   1064您的SQL语法错误；检查手册   对应于您的MariaDB服务器版本，以使用正确的语法   在第1行的“”附近

如Magnus Eriksson所建议，如果我执行<?php $custom_n = $_POST["emp"]; $servername = "localhost"; $username = "root"; $password = ""; try { $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = $custom_n"); $stmt -> execute(); $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { echo $v; } } catch(PDOException $e) { echo "Connection failed: " . $e->getMessage(); } $conn = null; ?> ，我将得到以下输出：var_dump($custom_n);

Answer 1

$stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = ?");
$stmt->execute(array($custom_n));

您的代码似乎很好，所以我假设您的字符串转义了查询。下次尝试使用准备好的语句。

Answer 2

首选方式是绑定。您可以像这样绑定param。您可以参考here

$stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = :customernumber");

$stmt->bindParam(':customernumber', $custom_n, PDO::PARAM_INT);

Answer 3

正如Magnus Eriksson所建议的那样，我的POST方法存在问题……即使看起来还可以，我的变量custom_n的var_dump输出却很奇怪string(12)""。我记得我以前使用过相同的代码并且可以正常工作，所以我只是将代码修改为完全相同：在我具有发送“ POST变量”形式的页面中，我使用了以下代码：

<?php 

            $servername = "localhost";
            $username = "root";
            $password = "";

            $custom_n = array();

            try {
                $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn -> prepare("SELECT checkNumber, paymentDate, amount, customerNumber FROM payments ORDER BY paymentDate DESC");
                $stmt -> execute();
                $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
                foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { 
                    echo $v;
                    if ($k == 'customerNumber') {
                        array_push($custom_n, $v);
                    }
                }

                $tableCodes = "<table id='buttons'>";
                foreach ($custom_n as $c) {
                    $tableCodes .= "
                        <tr>
                            <td>
                                <form action='customers.php' method='post' target='POPUPW' onsubmit=\"POPUPW = window.open('about:blank','POPUPW', 'width=800px,height=600px');\">
                                    <button type='submit' name='code' value='$c'>Details</button>
                                </form>
                            </td>
                        </tr>
                    ";
                }
                $tableCodes .= "</table>";
                echo $tableCodes;
            }
            catch(PDOException $e) {
                echo "Connection failed: " . $e->getMessage();
            }

            $conn = null;

        ?>

我以为我可以花一些时间从另一个查询中获取custom_n，而我这样做是为了填充该页面中的表而不是进行另一个查询。我不太确定这是怎么回事，但是通过这种更改，我解决了问题：

<?php 

            $servername = "localhost";
            $username = "root";
            $password = "";

            try {
                $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn -> prepare("SELECT checkNumber, paymentDate, amount, customerNumber FROM payments ORDER BY paymentDate DESC");
                $stmt -> execute();
                $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
                foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { 
                    echo $v; 
                }

                $customQuery = $conn -> prepare("SELECT customerNumber FROM payments ORDER BY paymentDate DESC");
                $customQuery -> execute();
                $custom = $customQuery->fetchAll(PDO::FETCH_COLUMN);
                $tableCodes = "<table id='buttons'>";
                foreach ($custom as $c) {
                    $tableCodes .= "
                        <tr>
                            <td>
                                <form action='customers.php' method='post' target='POPUPW' onsubmit=\"POPUPW = window.open('about:blank','POPUPW', 'width=800px,height=600px');\">
                                    <button type='submit' name='emp' value='$c'>Details</button>
                                </form>
                            </td>
                        </tr>
                    ";
                }
                $tableCodes .= "</table>";
                echo $tableCodes;
            }
            catch(PDOException $e) {
                echo "Connection failed: " . $e->getMessage();
            }

            $conn = null;

        ?>

我要感谢所有人，尤其是MagnusEriksson，MasivuyeCokile和Pr1nc3，尽管我对参数化的预处理语句一无所知。 非常感谢您，如果您发现了以前的代码为什么不起作用的原因，请随时评论：D。