php和mysql错误“您的sql语法有错误;检查与您的mariadb服务器版本相对应的手册“

xjreopfe  于 2021-06-25  发布在  Mysql
关注(0)|答案(1)|浏览(260)

我正试图为我的家庭自动化脚本编写一个小日志,但后来出现了以下错误:
sql语法有错误;请检查与您的mariadb服务器版本相对应的手册,以获取第2行“”附近要使用的正确语法
我的sql是:

INSERT INTO
    logsa (timeb, msg, actionb)
VALUES 
    ('12-05-2018 02:29:38pm',
    'Succesfully send a trigger to https://maker.ifttt.com/trigger/test/with/key/xxxxxxxxxxxxxxxxxxxxxxxx With name test',
    'https://maker.ifttt.com/trigger/test/with/key/xxxxxxxxxxxxxxxxxxxxxxxx'

我的代码是:

$logmsg = ("Succesfully send a trigger to " . $row["actiona"] . " With name " . $row["namea"]);

    date_default_timezone_set("Europe/Stockholm");

    $date = date("d-m-Y");
    $time = date("h:i:sa");
    $fulldate = ($date . " " . $time);

    $actiona = $row["actiona"];
    $sql = "INSERT INTO logsa (timeb, msg, actionb)
    VALUES ('$fulldate', '$logmsg', '$actiona'";

    if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
wr98u20j

wr98u20j1#

更改 timeb 数据值 $fulldate 使用这样的有效日期时间格式

$fulldate = date('Y-m-d H:i:s');

mysql和mariadb希望datetime列以非常特定的格式存储,而您的列是无效的。
您还应该使用准备好的和参数化的查询[link]来避免像这样的sql注入攻击

$logmsg = ("Succesfully send a trigger to " . 
            $row["actiona"] . 
            " With name " . 
            $row["namea"]);

date_default_timezone_set("Europe/Stockholm");

$fulldate = date('Y-m-d H:i:s');
$actiona = $row["actiona"];

$sql = "INSERT INTO logsa (timeb, msg, actionb) VALUES (?,?,?)";
$stmt = $conn->prepare($sql);

$stmt->bind_param('sss', $fulldate, $logmsg, $actiona );
$result = $stmt->execute();
if ($result) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

相关问题