连接失败:sqlstate[42000]:语法错误或访问冲突:1064

zzlelutf  于 2021-06-18  发布在  Mysql
关注(0)|答案(3)|浏览(530)

我已经看到很多类似的问题,但我的是不同的:我的错误不是由使用 "keyword" 在sql中!
当我运行代码时,如果我取消 WHERE 子句或我使用硬编码值,例如 " WHERE customerNumber = 356" 它工作得很好,但是如果我尝试使用变量的值 $custom_n ,它抛出一个错误。

<?php 
            $custom_n = $_POST["emp"];
            $servername = "localhost";
            $username = "root";
            $password = "";

            try {
                $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = $custom_n");
                $stmt -> execute();
                $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
                foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { 
                    echo $v;
                }
            }
            catch(PDOException $e) {
                echo "Connection failed: " . $e->getMessage();
            }

            $conn = null;

        ?>

如果我对custom\n做一个echo,得到的是:353 string,这就是我想要的。
这是完全错误:
连接失败:sqlstate[42000]:语法错误或访问冲突:1064您的sql语法有错误;请检查与您的mariadb服务器版本对应的手册,以获取在第1行的“”附近使用的正确语法
正如magnus eriksson所建议的,如果我 var_dump($custom_n); 我得到这个输出: string(12) ""

ff29svar

ff29svar1#

正如magnus eriksson所建议的,我的post方法有问题。。。即使看起来没问题,我的变量custom有一个奇怪的var\u dump输出 string(12)"" . 我记得我以前使用过相同的代码并且正在工作,所以我只需将代码修改为完全相同:在我有发送“post变量”的表单的页面中,我使用了以下代码:

<?php 

            $servername = "localhost";
            $username = "root";
            $password = "";

            $custom_n = array();

            try {
                $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn -> prepare("SELECT checkNumber, paymentDate, amount, customerNumber FROM payments ORDER BY paymentDate DESC");
                $stmt -> execute();
                $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
                foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { 
                    echo $v;
                    if ($k == 'customerNumber') {
                        array_push($custom_n, $v);
                    }
                }

                $tableCodes = "<table id='buttons'>";
                foreach ($custom_n as $c) {
                    $tableCodes .= "
                        <tr>
                            <td>
                                <form action='customers.php' method='post' target='POPUPW' onsubmit=\"POPUPW = window.open('about:blank','POPUPW', 'width=800px,height=600px');\">
                                    <button type='submit' name='code' value='$c'>Details</button>
                                </form>
                            </td>
                        </tr>
                    ";
                }
                $tableCodes .= "</table>";
                echo $tableCodes;
            }
            catch(PDOException $e) {
                echo "Connection failed: " . $e->getMessage();
            }

            $conn = null;

        ?>

我想我可以腾出一些时间从另一个查询中获取自定义值,这样就可以填充该页中的表,而不是进行另一个查询。我不确定这有什么问题,但通过这种改变,我解决了问题:

<?php 

            $servername = "localhost";
            $username = "root";
            $password = "";

            try {
                $conn = new PDO("mysql:host=$servername;dbname=classicmodels", $username, $password);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn -> prepare("SELECT checkNumber, paymentDate, amount, customerNumber FROM payments ORDER BY paymentDate DESC");
                $stmt -> execute();
                $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
                foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { 
                    echo $v; 
                }

                $customQuery = $conn -> prepare("SELECT customerNumber FROM payments ORDER BY paymentDate DESC");
                $customQuery -> execute();
                $custom = $customQuery->fetchAll(PDO::FETCH_COLUMN);
                $tableCodes = "<table id='buttons'>";
                foreach ($custom as $c) {
                    $tableCodes .= "
                        <tr>
                            <td>
                                <form action='customers.php' method='post' target='POPUPW' onsubmit=\"POPUPW = window.open('about:blank','POPUPW', 'width=800px,height=600px');\">
                                    <button type='submit' name='emp' value='$c'>Details</button>
                                </form>
                            </td>
                        </tr>
                    ";
                }
                $tableCodes .= "</table>";
                echo $tableCodes;
            }
            catch(PDOException $e) {
                echo "Connection failed: " . $e->getMessage();
            }

            $conn = null;

        ?>

我必须感谢每一个人,特别是magnuseriksson,masivuyecokile和pr1nc3,他们是我所不知道的关于参数化准备语句的人。非常感谢您,如果您发现以前的代码不起作用的原因,请随时发表评论:d。

xkftehaa

xkftehaa2#

首选方式是绑定。你可以这样和param绑定。你可以参考这里

$stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = :customernumber");

$stmt->bindParam(':customernumber', $custom_n, PDO::PARAM_INT);
olqngx59

olqngx593#

$stmt = $conn -> prepare("SELECT phone, salesRepEmployeeNumber, creditLimit FROM customers WHERE customerNumber = ?");
$stmt->execute(array($custom_n));

你的代码看起来不错,所以我假设你的字符串逃逸了查询。下次尽量使用事先准备好的语句。

相关问题