我在这个PHP代码上遇到语法错误:
<snip>
$last = (isset($_GET['last']) && $_GET['last'] != '') ? $_GET['last'] : 0;
$query = "SELECT message_id, user_name, message, date_format(post_time, '%h:%i') AS post_time" .
" FROM message WHERE chat_id = " . db_input($_GET['chat']) . " AND message_id > " . $last . ";";
$message_query = db_query($query);
</snip>
Run Code Online (Sandbox Code Playgroud)
而且db_query:
function db_query($query, $link = 'db_link') {
global $$link;
$result = mysql_query(mysql_real_escape_string($query), $$link) or db_error($query, mysql_errno(), mysql_error());
return result;
}
Run Code Online (Sandbox Code Playgroud)
确切的错误是这样的:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '\' %h:%i\')
AS post_time FROM message WHERE chat_id = 1 AND message_id > 0' at line 1<br><br>
SELECT message_id, user_name, message, date_format(post_time, '%h:%i') AS
post_time FROM message WHERE chat_id = 1 AND message_id > 0;
Run Code Online (Sandbox Code Playgroud)
正如您所看到的,它在我的代码中没有/看到的字符上抛出错误.这里发生了什么?
您mysql_real_escape_string只需要使用变量,而不是整个sql查询.
现在它正在翻译:
date_format(post_time, '%h:%i')
Run Code Online (Sandbox Code Playgroud)
至:
date_format(post_time, \'%h:%i\')
Run Code Online (Sandbox Code Playgroud)
顺便说一句,我假设你的db_input函数准备你的变量用于数据库,所以你肯定也需要将它用于你的$last变量.
| 归档时间: |
|
| 查看次数: |
84 次 |
| 最近记录: |