-3
我目前正在爲我的市場發佈拍賣的PHP腳本。我使用Ajax發佈$ _POST變量,包括:標題,描述,價格,標籤和SupportedOSes。該圖像作爲名爲「temp_images」的外部表中的斑點。複製BLOB數據MySQL PHP
我創建拍賣的方式是在'MarketDatas'中插入新拍賣。這在很大程度上是非常簡單的。然而;當我試圖插入BLOB它引發我一個錯誤:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax near '?+Qi}'?m?Am............' at line 2
創建拍賣的PHP腳本看起來如下:
/*
.... connect to database, etc!! I will spare you this and skip to the important part:
*/
// Get the posted variables
$title = $_POST["title"];
$descr = $_POST["description"];
$price = $_POST["price"];
$tagsx = $_POST["tags"];
$supOS = $_POST["SupportedOS"];
// Get our session variables
$Authenticated = ($_SESSION["LoggedIn"] == "1" ? true : false);
$User = $_SESSION["User"];
$Username = $_SESSION["username"];
// If we are authenticated, continue!
if ($Authenticated) {
// Get our temporary image
$ImgResult = mysql_query("SELECT * FROM temp_images WHERE User='$Username'");
if (mysql_num_rows($ImgResult) < 1) { die("NoImage"); }
// Get image blob
$image = mysql_result($ImgResult, 0, 'Image');
// Delete image
if (!mysql_query("DELETE FROM temp_images WHERE User='$Username'")) { die("Error deleting temp image from DB"); }
// Post auction on market
if (!mysql_query("INSERT INTO MarketDatas (Description, Price, Tags, Title, SupportedOS, image)
VALUES ('$descr', '$price', '$tagsx', '$title', '$supOS', '$image')")) { echo "Error posting auction [48]: syntax[" . mysql_error() . "]"; }
}
正如你所看到的,我試着存儲BLOB作爲字符串值。但它給我一個錯誤。
我該如何解決這個問題?
真誠..我沒看到你的代碼中的任何INSERT/UPDATE包含'$ image' –
你的代碼是WIDE OP EN用於SQL注入! – JvdBerg
我的不好,我試圖解決之前的問題:S – dotTutorials