查询失败:您的SQL语法有错误；请查看与MariaDB服务器版本对应的手册，了解附近要使用的正确语法 - QUERY FAILED: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near

QUERY FAILED: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near

当我测试这个表单数据条目时，我没有遇到任何问题。当我尝试添加更复杂的文本时，在$post_content = $_POST['post_content'];使用数字和非字母字符拾取的文本区域中，我遇到了这个错误。

查询失败：您的SQL语法有错误；查看与MariaDB服务器版本对应的手册，了解在附近使用的正确语法

我的代码如下：

<?php 
    if (isset($_POST['create_post'])){
        $post_title = $_POST['title'];
        $post_author = $_POST['author'];
        $post_category_id = $_POST['post_category_id'];
        $post_status = $_POST['post_status'];
        $post_image = $_FILES['image']['name'];
        $post_image_temp = $_FILES['image']['tmp_name'];
        $post_tag = $_POST['post_tag'];
        $post_content = $_POST['post_content'];
        $post_date = date('d-m-y');
        $post_comment_count = 4;
        move_uploaded_file($post_image_temp, "../images/$post_image");
        $query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) ";
        $query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}',now(),'{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}' ) ";
        $create_post_query = mysqli_query($connection, $query);
        checkQuery($create_post_query);
    }
?>
<form action="" method="post" enctype="multipart/form-data">
    <div class="form-group">
        <label for="post_status">Post Title</label>
        <input type="text" class="form-control" name="title">
    </div>
    <div class="form-group">
        <label for="post_category">Post Category Id</label>
        <input type="text" class="form-control" name="post_category_id" placeholder="Please enter a number">
    </div>
    <div class="form-group">
        <label for="post_author">Post Author</label>
        <input type="text" class="form-control" name="author">
    </div>
    <div class="form-group">
        <label for="post_status">Post Status</label>
        <input type="text" class="form-control" name="post_status">
    </div>
    <div class="form-group">
        <label for="post_image">Post Image</label>
        <input type="file" name="image">
    </div>
    <div class="form-group">
        <label for="post_tag">Post Tags</label>
        <input type="text" class="form-control" name="post_tag">
    </div>
    <div class="form-group">
        <label for="post_tags">Post Content</label>
        <textarea class="form-control" name="post_content" id="" cols="30" rows="10"></textarea>
    </div>
    <div class="form-group">
        <input class="btn btn-primary" type="submit" name="create_post" value="Publish Post">
    </div>
</form>

我尝试将mysqli_real_escape_string与我的$post_content = $_POST['post_content'];结合使用，但没有成功，这让我认为我的查询语法不正确。任何帮助都将不胜感激。

try，

这个查询您的查询是不正确的

$query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) ";
    $query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}','".date('Y-m-d')."','{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}' ) ";