想不通這有什麼錯我的SQL語法

Question

我運行下面的SQL查詢在PHP

try { 
     $sql = "INSERT INTO doc SET type = 1, 
     candID = :candID, 
     userID = ".$_SESSION['userid'].", 
     filename = ".$_FILES['file']['tmp_name'].", 
     date=date_format(curdate(), '%d/%m/%Y')"; 

     $s = $pdo->prepare($sql); 
     $s->bindValue(':candID', $_POST['candid']); 
     $s->execute(); 
    } 
    catch (PDOException $e) { 
     $error = 'Error adding doc: ' . $e->getMessage(); 
     include $errorpage; 
     exit(); 
    } 

而且我發現了以下錯誤：

Error adding doc: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':\xampp\tmp\phpD58B.tmp, date=date_format(curdate(), '%d/%m/%Y')' at line 5

我可以」不知道爲什麼我會得到這個錯誤。我錯過了我的語法有什麼問題嗎？

Answer 1

filename = ".$_FILES['file']['tmp_name'].",應該是filename = '".$_FILES['file']['tmp_name']."',

，使代碼看起來應該是用於UPDATE語句

try { 
    $sql = "INSERT INTO doc SET type = 1, 
    candID = :candID, 
    userID = ".$_SESSION['userid'].", 
    filename = '".$_FILES['file']['tmp_name']."', 
    date=date_format(curdate(), '%d/%m/%Y')"; 

    $s = $pdo->prepare($sql); 
    $s->bindValue(':candID', $_POST['candid']); 
    $s->execute(); 
} 
catch (PDOException $e) { 
    $error = 'Error adding doc: ' . $e->getMessage(); 
    include $errorpage; 
    exit(); 
} 

Answer 2

SET。

$sql = "INSERT INTO doc (type, candID, userID, finame, date) VALUES (1, :candID, :userID, :filename, :date)"; 

$s = $pdo->prepare($sql); 
$s->execute(array(':candID' => $_POST['candid'], ':userID' => $_SESSION['userid'], ':filename' => $_FILES['file']['tmp_name'], ':date' => date('d/m/Y'));