1. 首頁
  2. 問答
  3. MySQL錯誤消息拋出試圖做一個連接查詢

MySQL錯誤消息拋出試圖做一個連接查詢

2012-08-01 87 views
0

Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL resultMySQL錯誤消息拋出試圖做一個連接查詢

這裏是代碼:

$result=mysql_query(" 
SELECT items.items_id, 
COUNT(ratings.item_id) AS TotalRating, 
AVG(ratings.rating) AS AverageRating 
FROM 'items' 
LEFT JOIN ratings ON (ratings.item_id = items.items_id) 
WHERE ratings.item_id = '{$item_id}' ;"); 

echo "Error message = ".mysql_error(); 

while($row=mysql_fetch_assoc($result)) { 
     $output[]=$row; 
}

這裏是錯誤:

Error message = You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''items' LEFT JOIN ratings ON (ratings.item_id = items.items_id) WHERE ' at line 4 
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/k/i/c/kickinglettuce/html/Kickinglettuce/ratethis/get_ratings.php on line 38 
null

我已經證實,$ ITEM_ID是正確的響應基於回聲聲明。

來源

2012-08-01 KickingLettuce

+1

圍繞項目\\項目\'使用反引號。 – walrii 2012-08-01 03:13:38

回答

2

在單引號(')而不是BACKTICKS(`)中有表items

來源

2012-08-01 03:14:28

+0

就是這樣,標示你是正確的! (當時間允許的話) – KickingLettuce 2012-08-01 03:16:15

+0

我希望你已經在$ item_id上調用mysql_real_escape_string,否則你打開SQL注入。 – 2012-08-01 18:53:40

+0

是的,我已經確認了這一點。我有$ item = $ database-> escape_value(trim($ _ POST ['item']));它指向一種做這種事情的方法。編輯:雖然,$ item_id在$ item變量被提交後 - 我現在沒有保護它,即使它不是用戶輸入? – KickingLettuce 2012-08-01 20:08:57

相關問題

 相關問題