MySQL语法错误-数组查询 - MySQL Syntax Error - Array to Query

MySQL Syntax Error - Array to Query

本文关键字：数组查询错误语法 MySQL | 更新日期: 2023-09-27

我有一个从一些测试数据创建的预构造数组，因为我还没有设置一个post表单。数组看起来像这样:

$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => 'email@email.com', 'developer_or_client' => 'developer', 'email' => 'email@email.com');
foreach ($ud as $key => $value) {
    $value = mysql_real_escape_string($value);
}

从这个数组中，我尝试通过MySQL查询将数据插入到我的数据库中:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());

但是，它以以下错误结束:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, email@email.com)' at line 1

你能告诉我我哪里做错了吗?

需要用引号括住括号内的值

两件事:

正如Jeff所指出的，你需要在字符串周围加上引号。
在给它们加上引号之前，您需要将每个字符串通过mysql_real_escape_sring()传递。

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

:试一试)

从列名的声音，这些是varchar列类型，所以你需要用引号包装你的值:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

另外，如果值来自用户输入，您应该通过mysql_real_escape_string运行每个值，以帮助防止SQL注入攻击

见:

VALUES("。ud美元("名字")。",

需要:

VALUES(' '"。ud美元("名字")。",

对于其他列也是如此(如果不是数字)