SQL 语法错误，请查看与您的 MySQL 服务器版本对应的手册，了解在第 1 行的“ORDER BY 类别 ASC”附 - Error in SQL syntax, check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY category ASC' at line 1

Error in SQL syntax, check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY category ASC' at line 1

网站多年来一直运行良好，突然间我遇到了这个错误。专家的任何帮助将不胜感激。

您的 SQL 语法有错误;请查看与您的 MySQL 服务器版本对应的手册，了解在第 1 行的"ORDER BY category ASC"附近使用的正确语法

这是有问题的代码：

// SQL injection attack prevention function
$unit_Recordset1 = "";
if (isset($_GET['unit'])) {
  $unit_Recordset1 = GetSQLValueString($_GET['unit'], "text");
}
$category_Recordset1 = "";
if (isset($_GET['category'])) {
  $category_Recordset1 = GetSQLValueString($_GET['category'], "text");
}
else $_GET['category'] = "";
// Query builder that create single or multiple AND query
$sql = "SELECT * FROM documents WHERE ";
if(!empty($unit_Recordset1)) {$sql .= " unit = $unit_Recordset1 AND ";}
if(!empty($category_Recordset1)) {$sql .= " category = $category_Recordset1 AND ";}
// Remove the last AND
$sql = substr($sql, 0, -4);
if(!empty($category_Recordset1)) $sql .= " ORDER BY title ASC";
else $sql .= " ORDER BY category, title ASC";

// Query for left nav DISTINCT category values
$sqlnav = "SELECT DISTINCT category FROM documents WHERE unit = $unit_Recordset1 ORDER BY category ASC";

mysql_select_db($database_local, $local);
$Recordset1 = mysql_query($sql, $local) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$Recordset2 = mysql_query($sqlnav, $local) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
$totalRows_Recordset2 = mysql_num_rows($Recordset2);

有些流$unit_Recordset1可能为空。在这种情况下，以下语句：

$sqlnav = "SELECT DISTINCT category FROM documents WHERE unit = $unit_Recordset1 ORDER BY category ASC";

将评估为：

SELECT DISTINCT category FROM documents WHERE unit = ORDER BY category ASC

当然，这不是有效的SQL。您还需要针对这种情况添加检查，如下所示：

$unitClause = "";
if(!empty($unit_Recordset1) {
    $unitClause = "WHERE unit = $unit_Recordset1 ";
}
$sqlnav = "SELECT DISTINCT category FROM documents $unitClause ORDER BY category ASC";

您的$sqlnav查询应该是这样的

 SELECT DISTINCT category FROM documents WHERE unit = '$unit_Recordset1' ORDER BY category ASC

用单引号封装变量 $unit_Recordset1