1. 首頁
  2. 問答
  3. QUERY FAILED:您的SQL語法錯誤;檢查對應於您的MariaDB服務器版本的手冊,以便在

QUERY FAILED:您的SQL語法錯誤;檢查對應於您的MariaDB服務器版本的手冊,以便在

2016-04-13 62 views
0
附近使用正確的語法

正如我在測試此表單數據條目時,我沒有任何問題。當我嘗試添加更復雜的文本時,在由$post_content = $_POST['post_content'];帶有數字和非字母字符的textarea中,我遇到了這個錯誤。QUERY FAILED:您的SQL語法錯誤;檢查對應於您的MariaDB服務器版本的手冊,以便在

QUERY FAILED:您的SQL語法錯誤;檢查對應於您MariaDB的服務器版本的手冊正確的語法附近

我的代碼使用方法如下:

<?php 
    if (isset($_POST['create_post'])){ 

     $post_title = $_POST['title']; 
     $post_author = $_POST['author']; 
     $post_category_id = $_POST['post_category_id']; 
     $post_status = $_POST['post_status']; 
     $post_image = $_FILES['image']['name']; 
     $post_image_temp = $_FILES['image']['tmp_name']; 
     $post_tag = $_POST['post_tag']; 
     $post_content = $_POST['post_content']; 
     $post_date = date('d-m-y'); 
     $post_comment_count = 4; 

     move_uploaded_file($post_image_temp, "../images/$post_image"); 

     $query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) "; 

     $query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}',now(),'{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}') "; 

     $create_post_query = mysqli_query($connection, $query); 
     checkQuery($create_post_query); 
    } 
?> 
<form action="" method="post" enctype="multipart/form-data"> 
    <div class="form-group"> 
     <label for="post_status">Post Title</label> 
     <input type="text" class="form-control" name="title"> 
    </div> 
    <div class="form-group"> 
     <label for="post_category">Post Category Id</label> 
     <input type="text" class="form-control" name="post_category_id" placeholder="Please enter a number"> 
    </div> 
    <div class="form-group"> 
     <label for="post_author">Post Author</label> 
     <input type="text" class="form-control" name="author"> 
    </div> 
    <div class="form-group"> 
     <label for="post_status">Post Status</label> 
     <input type="text" class="form-control" name="post_status"> 
    </div> 
    <div class="form-group"> 
     <label for="post_image">Post Image</label> 
     <input type="file" name="image"> 
    </div> 
    <div class="form-group"> 
     <label for="post_tag">Post Tags</label> 
     <input type="text" class="form-control" name="post_tag"> 
    </div> 
    <div class="form-group"> 
     <label for="post_tags">Post Content</label> 
     <textarea class="form-control" name="post_content" id="" cols="30" rows="10"></textarea> 
    </div> 
    <div class="form-group"> 
     <input class="btn btn-primary" type="submit" name="create_post" value="Publish Post"> 
    </div> 
</form>

我試圖用mysqli_real_escape_string結合我$post_content = $_POST['post_content'];並沒有成功,這導致我認爲我的查詢語法關閉。任何幫助將不勝感激。

來源

2016-04-13 Devon Deason

+2

您應該使用準備和綁定查詢。在這樣的查詢上取得成功要容易得多,而且您不必擔心sql注入。 – Rasclatt

+1

回顯您的查詢並檢查它返回的內容! – Saty

+1

您可以[** SQL注入**](https://www.owasp.org/index.php/SQL_Injection)。你正在犯錯誤,因爲你正在破壞自己的腳本。正如@Rasclatt所說,你應該使用準備好的語句。 –

回答

-1

嘗試,

此查詢您的查詢是不正確

$query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) "; 

    $query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}','".date('Y-m-d')."','{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}') ";

來源

2016-04-13 05:30:09 Maulik

相關問題

 相關問題