dougou7008 2009-11-02 12:43
浏览 7
已采纳

插入发布数据时出现mysql错误

I dont know where my error is in this mysql query

$sql = "INSERT INTO `events` ( `owner` ,  `title` ,  `tagline` ,  `location` ,  `street` ,  `citytown` ,  `startdate` ,  `enddate` ,  `active`  ) VALUES(  '{$username}' ,  '{$data[title]}' ,  '{$data['tagline']}' ,  '{$data['location']}' ,  '{$data['street']}' ,  '{$data['citytown']}' ,  '{$data['startdate']}' ,  '{$data['enddate']}' ,  '{$data['active']}'  ) "; 
mysql_query($sql) or die(mysql_error());

It tells my i have an error in the syntax near... and then outputs part of my data where i have apostrophes

(example: title = Dave's Party)

  • 写回答

3条回答 默认 最新

  • dragon201401 2009-11-02 12:46
    关注

    You want to escape single quotes in your strings before you insert them into the database.

    You'll probably want to use mysql_real_escape_string on each element of your $data array.

    For example:

    $escaped_data = array();

foreach ($data as $key => $val) {
    $escaped_data[$key] = mysql_real_escape_string($val);
}

$sql = "INSERT INTO `events` ( `owner` ,  `title` ,  `tagline` ,  `location` ,  `street` ,  `citytown` ,  `startdate` ,  `enddate` ,  `active`  ) VALUES(  '{$username}' ,  '{$escaped_data[title]}' ,  '{$escaped_data['tagline']}' ,  '{$escaped_data['location']}' ,  '{$escaped_data['street']}' ,  '{$escaped_data['citytown']}' ,  '{$escaped_data['startdate']}' ,  '{$escaped_data['enddate']}' ,  '{$escaped_data['active']}'  ) "; 
mysql_query($sql) or die(mysql_error());

    As an aside, take a look at the PHP documentation for SQL injection.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘