douluokuang7184 2014-11-07 18:19
浏览 74
已采纳

PHP + MySQL“INSERT INTO”错误

I have this sql string:

$sql = "INSERT INTO foto (id, nome, check)
            VALUES ('', '" . md5($file) . '.' .$Type. "', '" . md5($file2) . '.' .$Type2. "')";

but it returns this error:

INSERT INTO foto (nome, check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9b79a9a224865.jpg')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check) VALUES ('57f030f902b9fbd6907d1af52ec2a1ba.jpg', '8c96b1254a72dbd080a9' at line 1

'

md5($file) + $Type = 57f030f902b9fbd6907d1af52ec2a1ba.jpg
md5($file2) + $Type2 = 8c96b1254a72dbd080a9b79a9a224865.jpg

What's the problem? How can I solve it?

  • 写回答

1条回答 默认 最新

  • doudi2520 2014-11-07 18:21
    关注

    check is a MySQL reserved word

    which requires it to be wrapped in backticks, or rename it to checks for example in your table.

    $sql = "INSERT INTO foto (id, nome, `check`)
    

    if you want to rename it, then just do

    $sql = "INSERT INTO foto (id, nome, checks)
    

    which won't throw an error; the option is yours.


    Notice where the error starts and points to:

    >...MySQL server version for the right syntax to use near 'check
                                                              ^ starts there
    

    Plus, once you've fixed that, your code would still be open to SQL injection.
    Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥200 csgo2的viewmatrix值是否还有别的获取方式
  • ¥15 Stable Diffusion,用Ebsynth utility在视频选帧图重绘,第一步报错,蒙版和帧图没法生成,怎么处理啊
  • ¥15 请把下列每一行代码完整地读懂并注释出来
  • ¥15 pycharm运行main文件,显示没有conda环境
  • ¥15 寻找公式识别开发,自动识别整页文档、图像公式的软件
  • ¥15 为什么eclipse不能再下载了?
  • ¥15 编辑cmake lists 明明写了project项目名,但是还是报错怎么回事
  • ¥15 关于#计算机视觉#的问题:求一份高质量桥梁多病害数据集
  • ¥15 特定网页无法访问,已排除网页问题
  • ¥50 如何将脑的图像投影到颅骨上