Question

我想知道是否有人可以帮我解决这个恼人的问题。试图将一些数据插入表中。与此同时，我想省略一些字段，而不是在那里插入一些东西。出于某种原因，我收到Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING错误。我下面有什么问题吗？

我们将不胜感激。

     <?php

        function sqlEscape($string){     
        return "'".mysql_real_escape_string($string)."'";
        } 

              if(      $_GET['location']  == '' 
               ||  $_GET['name']      == ''   
                   ||  $_GET['school']    == ''  
               ||  $_GET['reason']    == ''              
                   ||  $_GET['address']   == ''
               ||  $_GET['postcode']  == ''
               ||  $_GET['email']     == ''
               ||  $_GET['telephone'] == '') {     

        exit('You missed a value');
  }  
 include('theConfig.php');
 $con = mysql_connect($host, $username, $password) or die(mysql_error()) ;  


    if (!$con){   
    die('Could not connect: ' . mysql_error());
    }  mysql_select_db($db, $con);  //$description = mysql_real_escape_string($_GET[description]); 


 $sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
         VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')', 

                 sqlEscape($_GET['location']),                                  
                sqlEscape($_GET['name']),                 
               sqlEscape($_GET['school']),                          
                sqlEscape($_GET['reason']),                 

                sqlEscape($_GET['address']),                
                sqlEscape($_GET['postcode']),                 
                sqlEscape($_GET['email']),                
                sqlEscape($_GET['telephone'])); 

        if (!mysql_query($sql,$con)){     
            die('Error: ' . mysql_error()); 
        }  
      header('Location: thankyou.php');     
      mysql_close($con)  

?>

Answer 1

您应该为城镇和县设置值 - 或者使用默认值设置（空字符串与其他字符串一样）：

$sql = sprintf("INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
         VALUES(%s, %s, %s, %s, %s, %s, %s, %s, '','','','')", ... )

编辑：另外 - 使用双引号括起第一个sprintf参数，因为单引号用于...

Answer 2

您在sprintf()调用中对字符串使用单引号，但您也在字符串中使用单引号。

Answer 3

 $sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
         VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')',

你有''，''''这是不正确的，b / c这个序列中的第一个引号会关闭字符串，所以它实际上是三个字符串togather：'INSERT ...'，然后'，'然后然后'）'。您必须使用反斜杠转义字符串中的引号或使用双引号括起整个字符串：

（逃逸）

 $sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
         VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,\'\',\'\')',

（使用双引号）

 $sql = sprintf("INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
         VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')",

Answer 4

尝试更改

function sqlEscape($string){     
    return "'".mysql_real_escape_string($string)."'";
    }

到

function sqlEscape($string){     
    return mysql_real_escape_string($string);
}

或者更好，只需将它扔进您的sprintf

$sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
     VALUES('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','','')', 

             mysql_real_escape_string($_GET['location']),

等...

注意我将％s更改为'％s'

插入MySQL表错误

4 个答案: