Query yields syntax error

2018-06-24 23:03:40

Running this MySQL query in PHP yields a syntax error I can't solve.

function queryTest(array $dataArray)
    $query = "Insert into users (email,fullName,password, accessLevel) values (($dataArray['formEmail']),($dataArray['formFullName']),($dataArray['formPassword']),($dataArray['formAccessLevel']))";                                                   

    if( $this->mysqli->real_query($query)) == FALSE
    {
        throw new exception ("failed");
    }  
}

Error:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /home/comp3170-036/public_html/lab2/Registration.php on line 148

您的INSERT查询似乎是错误的：

INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);

You probaly have an error in your query, check your last column name. Whitespace are not directly allowed :

$query = "Insert into users (email,fullName,password, access level )

For debugging issues like this, echo or vardump the contents of $query before submitting to the database. That will show you the actual SQL text that is being submitted to the database.

It looks like one of the problems is that single quotes are missing around literals in the values list. It also looks like this code is vulnerable to SQL Injection .

Best practice is to not include data values in the SQL text, but to instead make use of prepared statements with bind placeholders .

链接地址: http://www.djcxy.com/p/69892.html

上一篇: 解析错误：语法错误，意想不到的'if'（T

下一篇: 查询产生语法错误