mysql error.Error在sql查询的语法中

The code below is giving an error.The query alone is working fine on phpmyadmin directly but but in my php code:

Database Error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'to\',\' message\',\'from\')' at line.. but i cannot figure out why?

<?php
$con = mysqli_connect("localhost","","","");
if (!$con)
  {
     echo" Not connected to database";
  die('Could not connect: ' . mysqli_error());
  }
if(isset($_POST['submit'])){
$username=$_SESSION["username"];
$sql = "INSERT INTO `dbase.mail`(`Date`, `to`, `message`, `from`) VALUES (CURDATE(),\'$_POST[username1]\',\'$_POST[message]\',\'$username\')";
$xy=mysqli_query($con,$sql);
if (!$xy)
  {
  die('Database Error ' . mysqli_error($con));
  }
echo "Your message is stored";


}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doukangbin9698 2014-01-25 20:03
关注
Several problems:

You must delimit the database name and table separately.

INSERT INTO `dbase`.`mail` -- RIGHT

not this:

INSERT INTO `dbase.mail` -- WRONG

You don't need to backslash single-quotes inside a double-quoted string.

$string = "that's the way"; -- RIGHT

not this:

$string = "that\'s the way"; -- WRONG

The error message suggests that you are using straight single-quotes to delimit your columns, not back-ticks.

INSERT INTO `dbase`.`mail`(`Date`, `to`, `message`, `from`) -- RIGHT

not this:

INSERT INTO 'dbase.mail'('Date', 'to', 'message', 'from') -- WRONG

You must not interpolate $_POST variables directly into your SQL! This will allow hackers to attack your website easily. See What is SQL injection? and How can I prevent SQL injection in PHP?

This is not the source of the error you asked about in this question, but it's a security practice you must learn how to handle properly before you put your code on the internet. If you were an electrician, this is analogous to safe wiring to prevent fires.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

mysql error.Error在sql查询的语法中 mysql php
2014-01-25 19:55

回答 1 已采纳 Several problems: You must delimit the database name and table separately. INSERT INTO `dbase`.
【MySQL】SQL语法错误 mysql sql
2021-05-30 23:55

回答 1 已采纳目测是id字段中，主键定义和类型之间少个空格..... 欢迎关注，《一行代码把服务干挂了，竟然是Docker误把库删了......》, 一起来围观吧 https://blog.csdn.net/qq
关于MySQL中RANK（）函数报错 mysql sql 数据库有问必答
2022-03-23 14:42

回答 3 已采纳在mysql 8.0版本，直接用你的脚本测试，没有报错因此你mysql的版本可能是8以前的老版本，老版本不支持开窗函数的
MySQL java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax 关键字异常处理
2023-06-21 15:15

Yeats_Liao的博客 MySQL java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax 关键字异常处理
您的SQL语法PHP MySQL中有错误 mysql php sql
2014-09-01 12:05

回答 2 已采纳 Remember that case is a reserved word and therefore should be inside backticks: `case` INSERT
用mysql选择使用inet_ntoa的SQL语法错误 mysql php sql
2014-04-09 02:21

回答 1 已采纳 FROM and TO are reserved keywords in MySQL. If you're going to use them, you must wrap them in tic
MySQL INSERT查询返回“您的SQL语法中有错误”错误 mysql php
2013-12-28 10:23

回答 2 已采纳 try $con = mysqli_connect("localhost","root","","test_sms"); if (mysqli_connect_errno()) { e
Mysql异常 java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax
2022-09-28 17:24

xikx99的博客今天在工作中分配了两个bug给我，起初以为是MySQL语法有问题，然后经过一顿分析sql，发现sql并没有问题，且sql语句能在Navicat上正常运行。于是......
查询无效：SQL语法中存在错误; 语法在附近使用 mysql php sql
2015-11-01 12:44

回答 2 已采纳 Remove comma after last column: $sql = "SELECT `username` AS `username`,
You have an error in your SQL syntax; mysql sql 数据库
2022-01-28 11:32

回答 5 已采纳两个问题，最后一个字段后面不要接逗号单引号包裹的是字符串，不能作为名称修改成下面这个样子后，创建成功，注意那玩意不是单引号，是你键盘左上角数字1左边的那个点 CREATE TABLE abc (`
MySql中check约束的语法问题 mysql 数据库
2022-05-02 17:22

回答 1 已采纳 1、query undefined --查询无法定义2、UNKNOWN_CODE_PLEASE_REPORT --未知代码请重试3、An expression of a check constra
mysql sql 语法错误_执行SQL查询时出现MySQL语法错误
2021-03-13 20:41

师父曰的博客当我尝试运行下面的代码时,我得到：You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘?’ at line 1`String query=...
在mysql中附加逗号分隔的字符串时出现语法错误 mysql php sql
2014-02-26 14:33

回答 3 已采纳 I have a string "SI2,VS1,SI1,VS2,VVS2,VVS1,IF,FL" How would i do this If you have values in C
h2数据库导入mysql的sql语句报Syntax error in SQL statement语法错误
2021-09-16 16:44

阿里渣渣java研发组-群主的博客 1. mysql导出的sql语句之主键带索引 DROP TABLE IF EXISTS `tyg_shop_withdrawal_record`; CREATE TABLE `tyg_shop_withdrawal_record` ( `record_id` bigint(18) NOT NULL AUTO_INCREMENT COMMENT '分销店提现记录...
解决Cause: java.sql.SQLException: sql injection violation, dbType mysql ... token IDENTIFIER deleted错误
2023-03-21 07:49

互联网全栈开发实战的博客 Cause: java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.11, syntax error: not supported.pos 86, line 1, column 79, token IDENTIFIER deleted : xxx详细的解决方法以及建表...
没有解决我的问题, 去提问

悬赏问题

¥35 平滑拟合曲线该如何生成
¥100 c语言，请帮蒟蒻写一个题的范例作参考
¥15 名为“Product”的列已属于此 DataTable
¥15 安卓adb backup备份应用数据失败
¥15 eclipse运行项目时遇到的问题
¥15 关于#c##的问题：最近需要用CAT工具Trados进行一些开发
¥15 南大pa1 小游戏没有界面，并且报了如下错误，尝试过换显卡驱动，但是好像不行
¥15 自己瞎改改，结果现在又运行不了了
¥15 链式存储应该如何解决
¥15 没有证书，nginx怎么反向代理到只能接受https的公网网站

mysql error.Error在sql查询的语法中

1条回答 默认 最新

悬赏问题

1条回答默认最新