php 您的 SQL 语法有错误;检查与您的 MariaDB 服务器版本相对应的手册,了解使用 nea 的正确语法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34321222/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use nea
提问by Sooryah Prasath
I get this error//ERROR
我收到此错误//ERROR
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') 您的 SQL 语法有错误;检查与您的 MariaDB 服务器版本相对应的手册,在第 1 行的 'desc) VALUES ('','','' ,'','')' 附近使用正确的语法
PHP
PHP
<?php
$servername = 'mysql.hostinger.in';
$username = '';
$password = '';
$dbname = 'u424351292_icrcm';
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
//ERROR
//错误
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'desc) VALUES ('','','' ,'','')' at line 1
ERRORINSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('','','','','') 您的 SQL 语法有错误;检查与您的 MariaDB 服务器版本相对应的手册,在第 1 行的 'desc) VALUES ('','','' ,'','')' 附近使用正确的语法
回答by juergen d
descis a reserved keyword in MySQLand needs to be escaped by backticks.
desc是MySQL 中的保留关键字,需要通过反引号进行转义。
INSERT INTO new_comp_reg (..., `desc`) VALUES (...)
or change your column name to descriptionfor instance.
或将您的列名更改description为例如。
BTW you are not escaping your user input which could lead to syntax errors and SQL injections. Use Prepared Statements.
顺便说一句,您没有逃避可能导致语法错误和 SQL 注入的用户输入。使用准备好的语句。
回答by Deepak Saini
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";`enter code here`
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
回答by mattrasman
I would say that it is
我会说这是
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('".mysql_real_escape_string($phone_no)."' , '".mysql_real_escape_string($full_name)"' , '".mysql_real_escape_string($location)"' , '".mysql_real_escape_string($department)"' , '".mysql_real_escape_string($description)"')";
This would actually improve your protection. Also check your column name as sad above it might be that you referenced one wrong.
这实际上会改善您的保护。还要检查您的列名是否在上面很伤心,这可能是您引用了错误。
