1. 首頁
  2. 問答
  3. PhP mysql插入語法錯誤

PhP mysql插入語法錯誤

2012-12-10 109 views
0

下面我得到一個語法錯誤,你的SQL語法有錯誤;請檢查與您的MySQL服務器版本相對應的手冊,以便在第1行的'call,county,id,location,callcreated,station,units,calltype,lat,lng)VAL'附近使用正確的語法,並且無法找出原因!任何幫助將不勝感激!PhP mysql插入語法錯誤

<?php 

mysql_connect("localhost", "test", "test") or die(mysql_error()); 
mysql_select_db("firecom") or die(mysql_error()); 

$data = file_get_contents("http://208.71.205.35/PITS/");//thanks WCCCA! 
$pattern = "/id=\"hidXMLID\" value=\"([^\"]+)\"/";//looking for the rnd xml id# 
preg_match_all($pattern, $data, $xmlext); 

$url = "http://208.71.205.35/PITS/xml/fire_data_" . $xmlext[1][0] . ".xml";//putting together the secret xml url 
$xml = simplexml_load_file($url); 

foreach ($xml->marker as $element) { 

$lat = $element->attributes()->lat; 
$lng = $element->attributes()->lng; 
$countydirty = $element->AGENCY;// gets agency 
$wcccanumberdirty = $element->CALL_NO; 
$iddirty = $element->TWO_DIGIT_CALL_NO;// gets call id# 
$calldirty = $element->CALL_TYPE_FINAL_D;// gets call type 
$locationdirty = $element->LOCATION;// gets location 
$callcreateddirty = $element->CALL_CREATED_DATE_TIME; 
$stationdirty = $element->BEAT_OR_STATION;// get first marker station 
$unitsdirty = $element->UNITS;// get first marker units 
$calltypedirty = $element->TYPE; 

//this next section removes the "~" from the start of all the lines 
$county = str_replace('~','',$countydirty); 
$wcccanumber = str_replace('~','',$wcccanumberdirty); 
$id = str_replace('~','',$iddirty); 
$call = str_replace('~','',$calldirty); 
$location = str_replace('~','',$locationdirty); 
$callcreated = str_replace('~','',$callcreateddirty); 
$station = str_replace('~','',$stationdirty); 
$units = str_replace('~','',$unitsdirty); 
$calltype = str_replace('~','',$calltypedirty); 

mysql_query("INSERT INTO calls (wcccanumber, call, county, id, location, callcreated, station, units, calltype, lat, lng) VALUES('$wcccanumber', '$call', '$county', '$id', '$location', '$callcreated', '$station', '$units', '$calltype', '$lat', '$lng')") or die(mysql_error()); 

echo "$call - $county - $wcccanumber - $id - $location - $callcreated - $station - $units - $calltype <br />"; 
} 

?>

來源

2012-12-10 Jon Erickson

+0

我假設你已經檢查過以確保你的列名是正確的? – NappingRabbit

+0

問題在於保留字「call」。 –

回答

5

callreserved word,則必須在後面被包裹蜱:

INSERT INTO calls (wcccanumber, `call`, ...

來源

2012-12-10 20:21:38 Kermit

2

call是在MySQL中的保留字,所以如果你把它作爲一個列名需要引用它反引號:

wcccanumber, `call`, county...

除此之外,你需要切換到PDO /庫MySQLi,準備語句來修復你有潛在的SQL注入的問題。

來源

2012-12-10 20:21:46 jeroen

+0

謝謝,就是這樣。你在說什麼可能的sql注入? –

+0

@Jon Erickson如果你的一個字段包含例如一個'''字符,它會破壞你的sql語句,這可能會被濫用。如果不更改爲PDO或mysqli,則至少應在變量中使用「mysql_real_escape_string」,然後再將它們添加到查詢中。 – jeroen

+0

好的,謝謝。順便說一下,XML文檔無法被濫用。它來自政府機構,xml鏈接的URL不斷變化並且是完全隨機的。 –

1

callreserved word。你必須引用反引號:

mysql_query("INSERT INTO calls (wcccanumber, `call`, county, id, ...

P.S.對於數據庫問題(特別是語法錯誤),您不需要包含所有DOM內容。如何獲得查詢的值幾乎總是不相關的。

來源

2012-12-10 20:21:51

相關問題

 相關問題