1. 首页
  2. 问答
  3. SQL语法错误 - 不知道为什么得到这个?

SQL语法错误 - 不知道为什么得到这个?

2013-04-07 149 views
0

我能不知道这一点,由于某种原因,即时得到此错误消息:SQL语法错误 - 不知道为什么得到这个?

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5

,这是我的MySQL查询,不知道是什么问题,请有人可以帮助我吗?

function blocked_users() { 
      global $connection; 
      global $_SESSION; 
      global $profile_id; 
      $query = "SELECT * 
         FROM ptb_block_user 
         WHERE ptb_block_user.blocked_id = \"$profile_id\" 
         AND ptb_block_user.user_id = ".$_SESSION['user_id']." 
         AND ptb_block_user.blocked='1' "; 
         $blocked_users = mysql_query($query, $connection); 
      confirm_query($blocked_users); 
      return $blocked_users; 

     }

来源

2013-04-07 James Pale

+0

您需要周围的$ _SESSION VAR我觉得单引号,所以'AND ptb_block_user.user_id = ' “$ _ SESSION [ 'USER_ID'。”'' – jdepypere 2013-04-07 15:36:03

+0

您有SQL注入漏洞。 – SLaks 2013-04-07 15:36:20

回答

0

你总是可以做一个print $query太了解SQL查询的样子。发现错误会更容易。

来源

2013-04-07 15:36:31 daniels

0 
function blocked_users() { 
      global $connection; 
      global $_SESSION; 
      global $profile_id; 
      $query = "SELECT * 
         FROM ptb_block_user 
         WHERE ptb_block_user.blocked_id = ".mysql_real_escape_string($profile_id)." 
         AND ptb_block_user.user_id = ".mysql_real_escape_string($_SESSION['user_id'])." 
         AND ptb_block_user.blocked=1;"; 
      $blocked_users = mysql_query($query, $connection); 
      confirm_query($blocked_users); 
      return $blocked_users; 
     }

使用的mysqli的lib为mysql:http://www.php.net/manual/en/book.mysqli.php

来源

2013-04-07 15:37:13 sdespont

0 
SELECT * 
    FROM ptb_block_user b 
WHERE b.blocked_id = '$profile_id' 
    AND b.user_id = '{$_SESSION['user_id']}' 
    AND b.blocked=1

来源

2013-04-07 15:37:31 Strawberry

0

如果你使用普通的php而没有框架,sou应该总是使用准备好的语句进行mysql通信。这是更安全的,并保护你免受mysql注入。

试试这个。

db = new mysqli("your_ip_or_host","username","password","name_of_database"); 
$st = $db->prepare("SELECT * 
        FROM ptb_block_user 
        WHERE ptb_block_user.blocked_id = ? 
        AND ptb_block_user.user_id = ? 
        AND ptb_block_user.blocked=?"); 

$st->bind_param('iii', intval($profile_id), intval($_SESSION['user_id']),1); 

$st->execute(); 

$st->store_result(); 
$st->bind_result($col1, $col2, ... , $colx); 

while($st->fetch()) 
{ 
    echo "col1=$col, col2=$col2, ...., colX=$colx \n"; 
} 

$st->close();

来源

2013-04-07 15:41:48 cb0

相关问题

 相关问题