dtyrxmoj20617 2016-05-29 18:57
浏览 78
已采纳

SQL语法错误''在文件长度之外的近线方式

I have this code to send the data of 3 input fields for an id-number and 2 dates (2 selectors, one text field) to my database. All 3 columns are VARCHAR. I am using a form with method POST.

I get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 336

I do not have 336 lines in any of my files.

This is what PHP and SQL code I have in my file. I've been going through it for a long while now but can't seem to find where this syntax error lies. Any ideas?

<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];

//Create DB object
$db = new Database();

//Create query to fetch personel
$query = "SELECT * FROM funktionar";

//Run above query
$personel = $db->select($query);

//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;

//Run above query
$konsert = $db->select($query);

if(isset($_POST['submit'])) {
    //Assign variables
    $namn = mysqli_real_escape_string($db->link, $_POST['personalID']);
    $tidStart = mysqli_real_escape_string($db->link, $_POST['tidStart']);
    $tidSlut = mysqli_real_escape_string($db->link, $_POST['tidSlut']);

    //Simple validation
    if($namn == '' || $tidStart == '' || $tidSlut == ''){
        //Set error if any field is left empty
        $error = 'V&auml;nligen fyll i alla f&auml;lt.';
        } else {
        $query = "INSERT INTO sakerhet
            (personalID, tidStart, tidSlut)
            VALUES ('$namn', '$tidStart', '$tidSlut')";

        $insert_row = $db->insert($query);
    }
}
?>

EDIT: Have added the insert function:

public function insert($query) {
       $insert_row = $this->link->query($query) or die($this->link->error.__LINE__);

       //Validate insert
       if($insert_row) {
           header("Location: index.php?msg=".urlencode('Record Added'));
           exit();
       } else {
           die('Error : ('.$this->link->errno .') '.$this->link->error);
       }

   }
  • 写回答

1条回答 默认 最新

  • douji5746 2016-05-30 12:26
    关注

    Final and working solution. This SQL error occured due to:

    • Missing table column. While the error was too vague to give this direct answer I put all input data into simple variables instead á "$selected = $_POST['name']" and echoed the variables á "echo $konsert;", etc, to check so the data was fetched properly from its form. Commenting out the query as I did.
    • Likely wrong use of either mysqli_real_escape_string or "->link->"? I do not work in sessions with this project as it's not required and won't go public so removing this will be alright for me.

    Conclusion It wasn't as much a syntax error as the query having problems executing itself due to above. The syntax was correct.

    Disclaimer This code is not 100% safe nor 100% done. The input fields are NOT sanitised and as was pointed out to me by @EagleRainbow it is not safe to use the "$id = $_GET['id'];".

    Code

    <?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];

//Create DB object
$db = new Database();

//Create query to fetch personel
$query = "SELECT * FROM funktionar";

//Run above query
$personel = $db->select($query);

//Select all from table sakerhet
$query = "SELECT * FROM sakerhet";

//Run above query
$safety = $db->select($query);

//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;

//Run above query
$konsert = $db->select($query);

<?php
    if(isset($_POST['submit'])) {
        //Assign variables
        $selected = $_POST['safetyName'];
        $tidStart = $_POST['tidStart'];
        $tidSlut = $_POST['tidSlut'];
        $konsert = $id;

        //Simple validation
        if($selected == '' || $tidStart == '' || $tidSlut == ''){
            //Set error if any field is left empty
            $error = "V&auml;nligen fyll i alla f&auml;lt.";
            } else {
                $query = "INSERT INTO sakerhet (personalID, tidStart, tidSlut, konsertID) VALUES ('$selected', '$tidStart', '$tidSlut', '$konsert')";
                $insert_row = $db->insert($query);
        }
    }
?>

    Code from database file

    public function insert($query) {
       $insert_row = $this->link->query($query) or die($this->link->error.__LINE__);

       //Validate insert
       if($insert_row) {
           header("Location: index.php?msg=".urlencode('Record Added'));
           exit();
       } else {
           die('Error : ('.$this->link->errno .') '.$this->link->error);
       }

   }

    Thanks for the help given.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥30 BC260Y用MQTT向阿里云发布主题消息一直错误
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)