1. 首頁
  2. 問答
  3. 這個PHP和/或MySQL查詢有什麼問題?

這個PHP和/或MySQL查詢有什麼問題?

2012-12-31 19 views
0

我正在學習PHP和MySQL。我嘗試了一個簡單的頁面,我可以提交一條短消息,並從服務器檢索一條消息(對於這種特殊情況,只是一個隨機數)。這個PHP和/或MySQL查詢有什麼問題?

<?php 

$success = false; 

require_once '../../../phpIncludes/mysqlIncludes.php'; 
require_once '../../../phpIncludes/iphandler.php'; 
$creds = new MySQLLoginCredentials; 
$con = $creds->ConnectToDB(); 

mysql_select_db("testDB", $con); 

$userMsg = trim($_POST['msg']); 
//The simple version for 128 Characters from the beginning of the string 
$userMsg = substr($userMsg,0,128); 
$userMsg = filter_var($userMsg, FILTER_SANITIZE_STRING,!FILTER_FLAG_STRIP_LOW); 

$ip = encode_ip($_SERVER['REMOTE_ADDR']); 

$time = time(); 

$returnMsg = "". rand() . ""; 

$userAgent = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']); 
//Trim to 256 since that is largest db can hold 
$userAgent = substr($userAgent,0,256); 
$userAgent = filter_var($userAgent, FILTER_SANITIZE_STRING); 

//Debug 
echo "Time : " . $time . "<br>" 
. " IP: " . $ip . " | " . decode_ip($ip) . "<br>" 
. " UserAgent: " . $userAgent . "<br>" 
. " Msg: " . $userMsg . "<br>" 
. " Return: " . $returnMsg . "<br>"; 

$sql = "INSERT INTO TestMessageTbl (TimeStamp, IPAddress, ClientInfo, IncMsg, OutMsg) 
VALUES ('" . $time . "', " . $ip . ", " . $userAgent . ", " . $userMsg . ", " . $returnMsg .")"; 

$success = mysql_query($sql, $con); 

if($success == false) 
{ 
    echo "Error: " . mysql_error(); 
} 

echo $returnMsg; 

mysql_close($con); 
?>

輸出是:

<i>Time : 1356919336 
IP: * | * 
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko)  Chrome/23.0.1271.97 Safari/537.11 
Msg: 
Return: 743166102 
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.' at line 2743166102</i>

表看起來是這樣的:

UID bigint(20) unsigned, AUTO_INCREMENT 
TimeStamp bigint(20) unsigned 
IPAddress varchar(32) utf8_general_ci 
ClientInfo varchar(256) utf8_general_ci 
IncMsg varchar(128) utf8_general_ci 
OutMsg varchar(128) utf8_general_ci

我從MySQL人工轉錄,櫃面有錯別字......

讓我印象深刻立即奇數是錯誤的非常大的行號。那是怎麼回事?

P.S.我知道,因爲它代表,$味精會變成空白

來源

2012-12-31 Mister Goat

+0

好廢話,只要我張貼這一切你的價值觀,我意識到這個問題是引號: $ SQL = 「INSERT INTO TestMessageTbl(TimeStamp,IPAddress,ClientInfo,IncMsg,OutMsg) \t VALUES(」。$ time。「,'」。$ ip。「','。。$ userAgent。」','。。$ userMsg。 「','」。$ returnMsg。「')」; 作品 –

+0

'mysql'-擴展名已過期(現在多年),不再維護,並將在5.5中標記爲「已棄用」。改爲使用'PDO_MySQL'或'MySQLi'。 http://php.net/en/mysql-connect – KingCrunch

+0

啊,謝謝KingCrunch。任何建議哪個更好用? –

回答

2

裹簡單的報價

$sql = "INSERT INTO TestMessageTbl (TimeStamp, IPAddress, ClientInfo, IncMsg, OutMsg) 
VALUES ('" . $time . "', '" . $ip . "', '" . $userAgent . "', '" . $userMsg . "', '" . $returnMsg ."')";

來源

2012-12-31 02:21:35

相關問題

 相關問題