2015-01-24 16:42
浏览 64


I have this little bit of code here and I am totally lost as I am getting a syntax error near 'unique = 'dD0231q' LIMIT 1' at line 1. It might be something very simple, but I seem to be blind to my own errors..

 $unique = $_GET["unique"];
 $results = $mysqli->query("SELECT * FROM written WHERE unique = '$unique' LIMIT 1

图片转代码服务由CSDN问答提供 功能建议

我这里有一些代码,我完全迷失了,因为我在'unique =附近遇到语法错误 'dD0231q'限制1'在第1行。这可能是非常简单的事情,但我似乎对自己的错误视而不见..

  $ unique = $ _GET [“  unique“]; 
 $ results = $ mysqli-> query(”SELECT * FROM written WHERE unique ='$ unique'LIMIT 1 
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongxie2613 2015-01-24 16:46

    UNIQUE is a keyword in MySQL. If you want to use it as a table column name please wrap it in ` (backtick) quotes like this:

    SELECT * FROM written WHERE `unique` = '$unique' LIMIT 1

    Also please don't just put values you recieve from a user directly into your query. That's how SQL injections happen. Rather use Prepared Statements.

    打赏 评论
  • dty5753 2015-01-24 16:46

    UNIQUE is a MySQL reserved word http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

    either wrap the column in ticks or rename it.

    SELECT * FROM written WHERE `unique` = '$unique'

    The error says it all:

    syntax error near 'unique

    Plus, in regards to SQL injection which is something you are open to, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

    Just for argument's sake, finish it off:

    $results = $mysqli->query("SELECT * FROM written WHERE `unique` = '$unique' LIMIT 1");
    打赏 评论

相关推荐 更多相似问题