duanluwei9374 2015-11-03 06:49
浏览 135
已采纳

SQLSTATE [42000]:语法正常时语法错误

I'm really puzzled by error that comes from my simple insert. I've checked the syntax many times by different checkers and searched for similar troubles but haven't found solution.

The Error looks like this:

'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , , , , , , , , )' at line 1' in

And my code is basically this:

$yhteys = new PDO('mysql:host=localhost;dbname=XXXX', 'YYYY', 'ZZZZ');
$kysely = $yhteys->prepare("INSERT INTO hakija (Kutsumanimi, Etunimet, Sukunimi, SyntymAika, Syntymapaikka, Sahkoposti, Puhelinnumero, Postiosoite, Postinumero, Postitoimipaikka, Maa, Suosittelija, IPos, Lahetysaika, Vapaa_sana, Sosme) VALUES ($nimi, $etunimet, $sukunimi, $saika, $spaikka, $email, $puhelin, $osoite, $postinro, $postitmp, $maa, $suosittelija, $IPos, $lahetysaika, $vapaasana, $sosme)");
$kysely->execute();

If I use this INSERT directly via phpMyAdmin, it works, but from php.. Can anyone help me out?

PHP: native (5.4) MySQL 5.6

  • 写回答

2条回答 默认 最新

  • duankong8998 2015-11-03 07:52
    关注

    You should use prepared statements. It will prevent sql injections and you wont have to deal with variables types

    $yhteys = $dbh->prepare("INSERT INTO hakija (Kutsumanimi, Etunimet,...) VALUES (:kutsumanimi, :ktunimet, ...)");
$yhteys ->bindParam(':kutsumanimi', $kutsumanimi);
$yhteys ->bindParam(':ktunimet', $ktunimet);
...
$yhteys ->execute();

    Have a look here : http://php.net/manual/en/pdo.prepared-statements.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 slam rangenet++配置
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊