2011-12-13 67 views
2

下面這段代碼給了我這個錯誤:MySQL錯誤:「你在你的SQL語法錯誤」

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1" 

我不明白這裏的問題

<?php 
include(".conf.php"); 
$con = mysql_connect($conf['db_hostname'], $conf['db_username'], $conf['db_password']) or die (mysql_error()); 
$db = mysql_select_db("aTable", $con); 
$pr = $_GET['aThing']; 
$pr = addslashes(htmlentities($prof)); 
$info_array = mysql_query("SELECT * FROM '$db' where id = '$pr'", $con) or die(mysql_error()); 

while($row = mysql_fetch_array($info_array)) { 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
}; 
?> 

感謝您的幫助。

回答

3

你應該把表名到FROMSELECT * FROM aTable WHERE ....。還有,你別沒有逃避來自用戶的變量。 你會需要這樣的東西:
mysql_query("SELECT * FROM aTable where id = '".mysql_real_escape_string($pr)."'", $con) or die(mysql_error());

+0

好吧,擺脫了錯誤,但現在說'沒有選擇數據庫' – 2011-12-13 23:49:26

2

功能mysql_select_db返回或者TRUEFALSE

相反,嘗試:

$info_array = mysql_query("SELECT * FROM aTable where id = '$pr'", $con) or die(mysql_error()); 

或許:

$dbtable = "aTable"; 
$info_array = mysql_query("SELECT * FROM $dbtable where id = '$pr'", $con) or die(mysql_error()); 
2

I am pretty sure it doesn't have any errors with the exception of the fatal error killing it.

我會說你會得到一個解決方案,如果你認爲MySQL時,它會告訴你有問題快。

重讀的錯誤信息:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1

我懷疑表名和周圍的ID引號。如果這是一個整數列,我希望看到一個沒有引號的數字。

1

如果我沒有記錯,mysql_select_db返回true或false。它不返回數據庫名稱。

相關問題