1. 技术文章
  2. MySQL Syntax error. Can't solve it

MySQL Syntax error. Can't solve it

别来无恙 提交于 2019-12-20 07:06:35

问题


I wanna insert 0 to some db table's fields but can't get it work. The piece of code from my signup php script looks like that.

...

if (isset($type))
{
if($type==1)
{
$region=$data['region'];
$school=$data['school'];
$class=$data['class'];
$group='NULL';
$subject='NULL';
$university='NULL';
$profession='NULL';
}
if($type==2)
{
$group=$data['group'];
$region=$data['region'];
$school=$data['school'];
$class=$data['class'];
$subject='NULL';
$university='NULL';
$profession='NULL';

}
if($type==3)
{
$group='NULL';
$region='NULL';
$school='NULL';
$class='NULL';
$subject='NULL';    
$university=$data['university'];
$profession=$data['profession'];
}
if($type==4)
{
$group='NULL';
$region='NULL';
$school='NULL';
$class='NULL';
$university='NULL';
$profession='NULL';
$subject=$data['subject'];
}
}
$sql= "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type,   group, region, school, class, ip, subject, ban, university, profession) 
VALUES 
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age, now(), '$data[phone]', '$email', '$login', '$pwd', '$data[type]', '$data[region]', '$data[school]', '$data[class]',  '$ip', '$subject', NULL, '$university', '$profession')";

$result = $db->query($sql) or die(printf("Errorv: %s\n", $db->error));
$id = $db->insert_id();  
$md5_id = md5($id);
$db->query("update users set md5_id='$md5_id' where id='$id'");
//  echo "<h3>Thank You</h3> We received your submission.";

...

Getting every time this error message "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, region, school, class, ip, subject, ban, university, profession) VALUES' at line 2"

Tried '0', 0 instead of NULL. No success. Please help

Changed the code. Still no success

$sql= "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type, 'group', region, school, class, ip, subject, ban, university, profession) 
VALUES 
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age', now(), '$data[phone]', '$email', '$login', '$pwd', '$data[type]', '$data[region]', '$data[school]', '$data[class]',  '$ip', '$subject', NULL, '$university', '$profession')";

回答1:


Given your edit, you've mis-quoted the word group. YOu can't use single quotes to turn a reserved word into an "acceptable" word, it has to be backticks:

INSERT ....., `group`, ... VALUES ....
              ^-----^--- note the backticks

Single quotes turn anything into a string, but you can't use a string for a field name.

In the future, if you'r getting an SQL syntax error, show us the actual query that's causing the error. Generally the PHP that's building the query is not necessary - we want to see what MySQL is complaining about. Only after we figure out what the actual problem is can we tell you how to change your code to fix the problem.




回答2:


group is a reserved word. rename your field or put it within backticks (`)




回答3:


Group is a keyword, it needs to be wrapped around quotes. Also, it doesn't really look like you're doing any sanitisation, if not, you should.




回答4:


You miss ' quote after $age. Also you should use {$data['lname']} instead of $data[lname] in quotes.




回答5:


4 things,

  1. escape your values: mysql_real_escape_string
  2. properly add php vars to a string: sprintf or for array notation use curly braces "{$data['var']}"
  3. backtick around group (or every field name to be certain)
  4. Don't enclose NULL or NOW() in ticks, quotes etc.. (you are actually OK on this, just wanted to make sure you kept it)

<?php

$sql= sprintf("INSERT INTO `users`
    (`level`,`fname`, `mname`, `lname`, `dob`, `age`, `reg_date`, `phone`, `email`, `login`, `pwd`, `type`, `group`, `region`, `school`, `class`, `ip`, `subject`, `ban`, `university`, `profession`) 
    VALUES
    ('1','%s','%s','%s','%s','%s',now(),'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s', NULL,'%s','%s')",
    mysql_real_escape_string($data['fname']), 
    mysql_real_escape_string($data['mname']), 
    mysql_real_escape_string($data['lname']), 
    mysql_real_escape_string($dob), 
    mysql_real_escape_string($age),
    mysql_real_escape_string($data['phone']), 
    mysql_real_escape_string($email), 
    mysql_real_escape_string($login), 
    mysql_real_escape_string($pwd), 
    mysql_real_escape_string($data['type']), 
    mysql_real_escape_string($data['region']), 
    mysql_real_escape_string($data['school']), 
    mysql_real_escape_string($data['class']),  
    mysql_real_escape_string($ip), 
    mysql_real_escape_string($subject),
    mysql_real_escape_string($university), 
    mysql_real_escape_string($profession));



来源:https://stackoverflow.com/questions/7235508/mysql-syntax-error-cant-solve-it

标签
php
mysql
mysqli
registration
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!