I know there have been some posts that are close to the error I am getting with this PHP query, but I haven't found any that actually answer my question. I am using a MYSQL database and trying to input data using a simple script shown here
我知道有一些帖子与我在这个PHP查询中得到的错误很接近,但我还没有找到任何实际回答我的问题的帖子。我正在使用MYSQL数据库并尝试使用此处显示的简单脚本输入数据
include("includes/DbConnection.php");
global $connect;
$name = $_POST['name'];
$year = $_POST['year'];
$description = $_POST['about'];
$query = "INSERT INTO object (Name, Year, Description) VALUES ('{$name}',{$year},'{$description}')";
$query = mysql_query($query, $connect);
if(!$query){
die("Database Query Failed: " . mysql_error());
}
When I run the script I get the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '')' at line 1
but I cannot find any reason why this script should not work. Am I missing anything?
当我运行脚本时,我收到错误您的SQL语法中有错误;检查与MySQL服务器版本对应的手册,以便在第1行的“''''附近使用正确的语法,但我找不到任何理由说明为什么这个脚本不起作用。我错过了什么吗?
1 个解决方案
#1
0
What is the type of Year
column? Is it integer? If not then put the value in single quote like this '{$year}'
. As suggested by @minitech escape user data before storing in database using mysql_real_escape_string
Year列的类型是什么?是整数吗?如果没有,那么将值放在单引号中,如“{$ year}”。正如@minitech所建议的那样,在使用mysql_real_escape_string存储在数据库之前转义用户数据
#1
0
What is the type of Year
column? Is it integer? If not then put the value in single quote like this '{$year}'
. As suggested by @minitech escape user data before storing in database using mysql_real_escape_string
Year列的类型是什么?是整数吗?如果没有,那么将值放在单引号中,如“{$ year}”。正如@minitech所建议的那样,在使用mysql_real_escape_string存储在数据库之前转义用户数据