在此查询中获取错误

时间:2023-01-16 15:46:33
function saveFile($catId,$docuTitle,$linkTitle) {

 $result = mysql_query("INSERT INTO categories (cd_title, cd_link)
                       VALUES ('$docuTitle','$linkTitle') WHERE c_name = '$catID'");    

            return 'yes';

        }

I want to insert the cd title and cd links based on the catergory selected.

我想根据所选的catergory插入cd标题和cd链接。

3 个解决方案

#1


Edit: Scott Saunders is right, you can't have a WHERE statement in an INSERT query.

编辑:Scott Saunders是对的,你不能在INSERT查询中有一个WHERE语句。

Original answer: You should give more info about the error, but you probably have a simple quote (') in on of the variables $docuTitle or $linkTitle, resulting in a malformed query.

原始答案:您应该提供有关错误的更多信息,但您可能在变量$ docuTitle或$ linkTitle中有一个简单的引号('),导致查询格式错误。

You should escape these variables, as well as $catId, with mysql_real_escape_string() before using them in requests, or else your app will be vulnerable to SQL Injection.

你应该在使用mysql_real_escape_string()之前使用mysql_real_escape_string()来转义这些变量以及$ catId,否则你的应用程序将容易受到SQL注入攻击。

You should read some docs about PDO, it is a great tool to avoid this kind of mistakes in SQL queries, and it helps a lot for evolutivity and maintainability.

您应该阅读一些关于PDO的文档,它是一个很好的工具,可以避免SQL查询中的这种错误,并且它对于进化和可维护性有很大帮助。

#2


You probably want:

你可能想要:

INSERT INTO categories (cd_title, cd_link, c_name) VALUES ('$docuTitle','$linkTitle', '$catID') 

Unless you're updating existing rows, then change 'INSERT INTO' to 'UPDATE'

除非您要更新现有行,否则请将“INSERT INTO”更改为“UPDATE”

#3


you are combining an INSERT statement and an UPDATE statement.

您正在组合INSERT语句和UPDATE语句。

You need to choose the correct syntax:

您需要选择正确的语法:

INSERT INTO [TABLE] [COLUMNS] VALUES [VALUES]

UPDATE [TABLE] SET [COLUMNS] = [VALUE] WHERE [where clause]

#1


Edit: Scott Saunders is right, you can't have a WHERE statement in an INSERT query.

编辑:Scott Saunders是对的,你不能在INSERT查询中有一个WHERE语句。

Original answer: You should give more info about the error, but you probably have a simple quote (') in on of the variables $docuTitle or $linkTitle, resulting in a malformed query.

原始答案:您应该提供有关错误的更多信息,但您可能在变量$ docuTitle或$ linkTitle中有一个简单的引号('),导致查询格式错误。

You should escape these variables, as well as $catId, with mysql_real_escape_string() before using them in requests, or else your app will be vulnerable to SQL Injection.

你应该在使用mysql_real_escape_string()之前使用mysql_real_escape_string()来转义这些变量以及$ catId,否则你的应用程序将容易受到SQL注入攻击。

You should read some docs about PDO, it is a great tool to avoid this kind of mistakes in SQL queries, and it helps a lot for evolutivity and maintainability.

您应该阅读一些关于PDO的文档,它是一个很好的工具,可以避免SQL查询中的这种错误,并且它对于进化和可维护性有很大帮助。

#2


You probably want:

你可能想要:

INSERT INTO categories (cd_title, cd_link, c_name) VALUES ('$docuTitle','$linkTitle', '$catID') 

Unless you're updating existing rows, then change 'INSERT INTO' to 'UPDATE'

除非您要更新现有行,否则请将“INSERT INTO”更改为“UPDATE”

#3


you are combining an INSERT statement and an UPDATE statement.

您正在组合INSERT语句和UPDATE语句。

You need to choose the correct syntax:

您需要选择正确的语法:

INSERT INTO [TABLE] [COLUMNS] VALUES [VALUES]

UPDATE [TABLE] SET [COLUMNS] = [VALUE] WHERE [where clause]