douwenpin0428 2013-01-29 16:06
浏览 93
已采纳

仍然运行脚本的PHP mssql_query警告

So, I am doing a bunch of things parsing an XML from 1 server, writing stuff into another server and then updating the mssql db! The whole process appeared to run smoothly until I ran the script from the terminal for the sake of FUN! When I run it from the terminal, it throws in a bunch of warnings like: 

PHP Warning:  mssql_query(): message: Incorrect syntax near 's'. (severity 15) in 
/Volumes/Data/Users/username/Desktop/createXML.php on line 375

PHP Warning:  mssql_query(): General SQL Server error: Check messages from the SQL 
Server (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375

PHP Warning:  mssql_query(): message: Unclosed quotation mark after the character 
string ';'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375

PHP Warning:  mssql_query(): General SQL Server error: Check messages from the SQL 
Server (severity 15) in /Volumes/Data/Users/pdwivedi/Desktop/createXML.php on line 375

PHP Warning:  mssql_query(): Query failed in /Volumes/Data/Users/username/Desktop
/createXML.php on line 375

Here is line 375:

$query = mssql_query("UPDATE table_name SET C_ITP_STATUS = '".$ITP_Status."', 
C_ITP_ERRORS = '". $ITP_Error ."' WHERE id = '".$ID."';");

The funny thing is that the query executes and I have an updated DB. But, it still shows these warnings when run from terminal. And I WANT TO get rid of them! I MUST user MS SQL!!

Have tried looking around for solutions, but people hardly use MS SQL with mySQL being so much better (at least in terms of being widely used). Any help?

FUNNY THING: When I ONLY connect to the DB and perform this query in a new php script, it works fine and there are no warnings. Not sure why its like this!

RESOLVED: I didnt care to test my input parameters (pretty lame) in to the string BECAUSE I was super confident about what I was doing! ALWAYS ESCAPE SPECIAL CHARS no matter how confident you are (just shouting out loud)!!

  • 写回答

1条回答 默认 最新

  • dongpa3109 2013-01-29 16:13
    关注

    It sounds to me like one of your input strings might contain a quote, and this is messing up the query. Your errors also indicate this. You should always treat all possible user input as tainted, and make it a habit to sanitize them every time, even if you don't think you need to.

    I created a new php script and hard coded the 3 parameters and the query runs fine!

    This also leads me to believe that there is a quote or special character somewhere in your variables that is messing up the query. You would want to use mysql_real_escape_string() to correct this.

    $ITP_Status = mysql_real_escape_string($ITP_Status);
$ITP_Error = mysql_real_escape_string($ITP_Error);
$ID = mysql_real_escape_string($ID);
$query = mssql_query("UPDATE table_name SET C_ITP_STATUS = '".$ITP_Status."', C_ITP_ERRORS = '". $ITP_Error ."' WHERE id = '".$ID."';");

    It should also be noted that you are using the old MySQL functions. The new MySQLi functions are the replacement, and what you should be using at a bare minimum.

    You mention MS SQL. If you plan on using that, you cannot use the MySQLi functions. In that case it is recommended that you use the PDO interface, which will work for both MySQL and MS SQL. Many recommend PDO over MySQLi even if you are only using MySQL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化