-2
那麼正如標題所說,我的語法有問題。SQL語法錯誤。 0和1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1', '1', '1', '1', '0', '1', '0', '0', '0', '0', '0', '0', '0', '0'' at line 38
在這裏我的代碼。如果有人能讓我知道什麼問題,我將不勝感激。每當有人開始會話時,它會顯示一個包含下面列出的所有選項的表單,然後通過單擊提交顯示此內容。如果我更改第32行中的內容並不重要,它總是有同樣的問題。希望有人能幫忙。
<?php
include('test6.inc');
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: test2.php');
}
?>
Welcome: <b><?php echo $_SESSION['username']; ?>
<?php
$football = isset($_POST["football"]) ? $_POST["football"] : 0;
$baseball = isset($_POST["baseball"]) ? $_POST["baseball"] : 0;
$basketball = isset($_POST["basketball"]) ? $_POST["basketball"] : 0;
$cheer = isset($_POST["cheer"]) ? $_POST["cheer"] : 0;
$xcountry = isset($_POST["xcountry"]) ? $_POST["xcountry"] : 0;
$golf = isset($_POST["golf"]) ? $_POST["golf"] : 0;
$lacrosse = isset($_POST["lacrosse"]) ? $_POST["lacrosse"] : 0;
$rodeo = isset($_POST["rodeo"]) ? $_POST["rodeo"] : 0;
$soccer = isset($_POST["soccer"]) ? $_POST["soccer"] : 0;
$tennis = isset($_POST["tennis"]) ? $_POST["tennis"] : 0;
$track = isset($_POST["track"]) ? $_POST["track"] : 0;
$volleyball = isset($_POST["volleball"]) ? $_POST["volleball"] : 0;
$wrestling = isset($_POST["wrestling"]) ? $_POST["wrestling"] : 0;
$wbasketball = isset($_POST["wbasketball"]) ? $_POST["wbasketball"] : 0;
$wcheer = isset($_POST["wcheer"]) ? $_POST["wcheer"] : 0;
$wxcountry = isset($_POST["wxcountry"]) ? $_POST["wxcountry"] : 0;
$dance = isset($_POST["dance"]) ? $_POST["dance"] : 0;
$wgolf = isset($_POST["wgolf"]) ? $_POST["wgolf"] : 0;
$wlacrosse = isset($_POST["wlacrosse"]) ? $_POST["wlacrosse"] : 0;
$wrodeo = isset($_POST["wrodeo"]) ? $_POST["wrodeo"] : 0;
$wsoccer = isset($_POST["wsoccer"]) ? $_POST["wsoccer"] : 0;
$softball = isset($_POST["softball"]) ? $_POST["softball"] : 0;
$wtennis = isset($_POST["wtennis"]) ? $_POST["wtennis"] : 0;
$wtrack = isset($_POST["wtrack"]) ? $_POST["wtrack"] : 0;
$wvolleyball = isset($_POST["wvolleyball"]) ? $_POST["wvolleyball"] : 0;
$wwrestling = isset($_POST["wwrestling"]) ? $_POST["wwrestling"] : 0;
$student_aff = isset($_POST["student_aff"]) ? $_POST["student_aff"] : 0;
$int_club = isset($_POST["int_club"]) ? $_POST["int_club"] : 0;
$hist_act = isset($_POST["hist_act"]) ? $_POST["hist_act"] : 0;
$contests = isset($_POST["contests"]) ? $_POST["contests"] : 0;
$lib_events = isset($_POST["lib_events"]) ? $_POST["lib_events"] : 0;
$vik_exch = isset($_POST["vik_exch"]) ? $_POST["vik_exch"] : 0;
mysql_query("INSERT INTO `email`(`football`,
`baseball`,
`basketball`,
`cheer`,
`xcountry`,
`golf`,
`lacrosse`,
`rodeo`,
`soccer`,
`tennis`,
`track`,
`volleyball`,
`wrestling`,
`wbasketball`,
`wcheer`,
`wxcountry`,
`dance`,
`wgolf`,
`wlacrosse`,
`wrodeo`,
`wsoccer`,
`softball`,
`wtennis`,
`wtrack`,
`wvolleyball`,
`wwrestling`,
`sudent_aff`,
`int_club`,
`hist_act`,
`contests`,
`lib_events`,
`vik_exch`) VALUES ('$football',
'$baseball',
'$basketball',
'$cheer',
'$xcountry',
'$golf',
'$lacrosse,
'$rodeo',
'$soccer',
'$tennis',
'$track',
'$volleyball',
'$wrestling',
'$wbasketball',
'$wcheer',
'$wxcountry',
'$dance',
'$wgolf',
'$wlacrosse',
'$wrodeo',
'$wsoccer',
'$softball',
'$wtennis',
'$wtrack',
'$wvolleyball',
'$wwrestling',
'$student_aff',
'$int_club',
'$hist_act',
'$contests',
'$lib_events',
'$vik_exch')") or die(mysql_error());
?>
感謝
編輯:修正了以前的錯誤。有新的錯誤。
把查詢到一個變量和回聲它。我敢打賭,其中一個變量有一個報價。你最好改用PDO或mysqli,並使用參數化函數,以便所有變量都能正確轉義,這也將防止sql注入。 – aynber
你很容易受到[SQL注入攻擊](http://bobby-tables.com)。享受你的服務器pwn3d –