我能不知道这一点,由于某种原因,即时得到此错误消息:SQL语法错误 - 不知道为什么得到这个?
Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5
,这是我的MySQL查询,不知道是什么问题,请有人可以帮助我吗?
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = \"$profile_id\"
AND ptb_block_user.user_id = ".$_SESSION['user_id']."
AND ptb_block_user.blocked='1' ";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
您需要周围的$ _SESSION VAR我觉得单引号,所以'AND ptb_block_user.user_id = ' “$ _ SESSION [ 'USER_ID'。”'' – jdepypere 2013-04-07 15:36:03
您有SQL注入漏洞。 – SLaks 2013-04-07 15:36:20