I am going crazy [syntax error] [closed]_问答_开发者

I am going crazy [syntax error] [closed]

开发者 https://www.devze.com 2023-01-09 04:19 出处：网络

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.

This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.

Closed 8 years ago.

Improve this question

I can't believe I am having this problem. I've been looking and looking but I can't see what is wrong. I hate this error message.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' poster_ip, message, posted, thread_id INTO posts ' at line 1



mysql_query("INSERT poster, poster_ip, message, posted, thread_id
  开发者_运维问答              INTO posts
                VALUES (
    {$post_info['poster']}, 
    '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."', 
    '".mysql_real_escape_string($post_info['message'])."', 
    {$post_info['posted']}, 
    {$post_info['thread_id']}") or die (mysql_error());

Your SQL syntax is wrong.

You should be using something similar to:

INSERT INTO posts (poster, poster_ip, message, posted, thread_id) VALUES (...)

Maybe you should look at the doc ;) Insert Syntax

If you're going to put the column names you should put it after the table name.

Example: INSERT INTO table (col1, col2) VALUES (val1, val2)

Looks like a good opportunity to practice some debugging techniques. Try building the string you are passing to the function and assigning it to a variable, then echoing that variable to see what it is you are actually passing to the function. You can learn a lot that way about why you are getting errors. Also, it would help to know the data types of the columns you are inserting values into.

I have written this code to show you why arrays are useful for query generation and less likely to make a syntax error if you need to add more fields in future.

$fields = array('poster, poster_ip, message, posted, thread_id'); // Our fields
$table = 'posts'; // Our table name
$values = array(
    $post_info['poster'], 
    $_SERVER['REMOTE_ADDR'], 
    $post_info['message'], 
    $post_info['posted'], 
    $post_info['thread_id']
);
$values = array_map('mysql_real_escape_string', $values); // Secure all inputs
// Generate query
$query = "INSERT INTO $table (" . implode(',', $fields) . ") VALUES ('" . implode("','", $values . "')";
// Run query
$result = mysql_query($query) or die('query error: ' . mysql_error());