0

将数组插入数据库时​​出现错误。 错误:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 23 行的“访问学生应咨询学生应参考相关部分”附近使用正确的语法。

这是下面的数组

array
 'Choose by Subject Category or Module Code' => string '' (length=0)
 '
Back to Home page' => string '' (length=0)
 'International' => string 'visiting students should consult the' (length=36)
 'Undergraduate' => string 'students should refer to the relevant section of the UCC' (length=56)
 'Postgraduate' => string 'students should refer to the relevant section of the UCC' (length=56)
 'Credit Weighting' => string '5' (length=1)
 'Teaching Period(s)' => string 'Teaching Period 1.' (length=18)
 'No. of Students' => string 'Min 15, Max 30.' (length=15)
 'Pre-requisite(s)' => string 'None' (length=4)
 'Co-requisite(s)' => string 'None' (length=4)
 'Teaching Methods' => string '1 x 4hr(s) Lectures; Other (Distance Education Module - Up to 146hrs Self Directed Study).' (length=90)
 'Module Co-ordinator' => string 'Dr Peter Cleary, Department of Accounting, Finance and Information Systems.' (length=75)
 'Lecturer(s)' => string 'Staff, Department of Accounting, Finance and Information Systems.' (length=65)
 'Module Objective' => string 'To examine the management uses of accounting information and to enhance students ability to exert effective managerial control.' (length=127)
 'Module Content' => string 'Topics include; the accounting information needs of management, costs and pricing; estimating costs; the identification of key performance indicators; budgeting for control; capital investment appraisal and  implications for strategic planning and control.' (length=256)
 'Learning Outcomes' => string 'On successful completion of this module, students should be able to:' (length=68)
 'Assessment' => string 'Total Marks 100: Continuous Assessment 100 marks (Project/ Essay. Approximately 1500 words.).' (length=93)
 'Compulsory Elements' => string 'Continuous Assessment.' (length=22)
 'Penalties (for late submission of Course/Project Work etc.)' => string 'Where work is submitted up to and including 7 days late, 10% of the total marks available shall be deducted from the mark achieved.  Where work is submitted up to and including 14 days late, 20% of the total marks available shall be deducted from the mark achieved.  Work submitted 15 days late or more shall be assigned a mark of zero.' (length=336)
 'Pass Standard and any Special Requirements for Passing Module' => string '40%.' (length=4)
 'End of Year Written Examination Profile' => string 'No End of Year Written Examination.' (length=35)
 'Requirements for Supplemental Examination' => string 'Marks in passed element(s) of Continuous Assessment are carried forward, Failed element(s) of Continuous Assessment must be repeated (Resubmission of revised Continuous Assessment).' (length=181)

下面是查询。

//============== INSERT QUERY================//
$result = array();      
foreach($result as $snode){ 
$query = sprintf("INSERT INTO save_array 
       (ModuleCode,
        Homepage,
        International,
        ......) VALUES ('%s')",mysql_real_escape_string($snode)); 


foreach ($result as $key => $value) 
$query = $query . "$value"; 

 echo '<br /><br />'; 
mysql_query($query) or die($query."<br/><br/>".mysql_error());  
echo $snode. '<br />'; 
}
echo '<br /><br /><br />';

任何帮助将不胜感激。

//================== New Updated Query Using Mysqli =============================

$result = array();
foreach($result as $snode){ 
$snode = mysql_real_escape_string($snode);
$query = sprintf("INSERT INTO save_array 
       (ModuleCode,Homepage,International,.......)VALUES ('%s')",implode("','",$result)); 

echo $query. '<br />'; 

foreach ($result as $key => $value) 
    $query = $query . "$value"; 
$result = mysql_query($query) or die (mysql_error());
}

我回应了查询,似乎将正确的值插入到正确的列中,但没有执行到数据库中。

错误:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 23 行的“访问学生应咨询学生应参考相关部分”附近使用正确的语法

4

4 回答 4

1

回显您的 $query,您将看到。它不是有效的 SQL 语句。

用于调试动态查询的规则号 1,2 和 3:查看查询本身。

于 2012-06-27T09:37:34.980 回答
1

您正在尝试保存到多个列中:

ModuleCode,
Homepage,
International,
Undergraduate,
...

具有单个值('%s')

另请注意,mysql_real_escape_string它采用SINGLE值,而不是数组(我假设$snode是一个数组)。还可以考虑使用PDOor mysqli

您可以这样做(例如;不知道 $snode 结构)并检查输出:

foreach($snode as &$val) {
   $val = mysql_real_escape_string($val);
}
...VALUES ('%s'),implode("','",$snode)

更新:

我找不到问题;查询应该工作。我什至在我的系统中创建了您的表结构(假设每列的VARCHAR(256) )并且您的查询输出按预期工作(插入)..

$result = array();
foreach($result as $snode) { 

   foreach($snode as &$val) {
      $val = mysql_real_escape_string($val);
   }

   $query = sprintf("INSERT INTO save_array (
        ModuleCode,Homepage,International,Undergraduate,Postgraduate,CreditWeighting, 
        TeachingPeriod,NoofStudents,Prerequisite,Corequisite,TeachingMethods, 
        ModuleCoordinator,Lecturer,ModuleObjective,ModuleContent,LearningOutcomes, 
        Assessment,CompulsoryElements,Penalties,PassStandard, 
        EndofYearWrittenExamination,RequirementsforExamination) 
        VALUES ('%s')",implode("','",$snode)); 

   $result = mysql_query($query) or die (mysql_error());
}

按原样运行上面的代码片段;不要改变任何东西。

于 2012-06-27T09:40:15.853 回答
0

你的主要问题是引号:

('%s')

然后你的:

mysql_real_escape_string

它会导致您的 SQL 发生冲突。使用 MySQL 转义或 '.

所以发生的事情是你双重转义你的 SQL 输入,这导致它实际上是 SQL 注入......

MYSQL 真正的转义字符串也不会将 $snode 作为数组插入。您将需要 foreach 数组提取值构建和数组以注入 SQL 查询。

于 2012-06-27T09:40:37.950 回答
0

假设您的数组$node与您显示的列的顺序相同,您可以使用它vsprintf()来生成结果查询:

// assuming $node is the array with the data
// generate list of place holders
$placeholders = join(',', array_fill(0, count($node), "'%s'"));

// construct full query using array_map applied to the escaping function
$query = vsprintf("INSERT INTO save_array (ModuleCode,
        Homepage,
        International,
        Undergraduate,
        Postgraduate,
        CreditWeighting,
        TeachingPeriod,
        NoofStudents,
        Prerequisite,
        Corequisite,
        TeachingMethods,
        ModuleCoordinator,
        Lecturer,
        ModuleObjective,
        ModuleContent,
        LearningOutcomes,
        Assessment,
        CompulsoryElements,
        Penalties,
        PassStandard,
        EndofYearWrittenExamination,
        RequirementsforExamination) VALUES ($placeholders)", 
            array_map('mysql_real_escape_string', $node)
);

顺便说一句,不要使用mysql_函数!

于 2012-06-27T09:50:55.750 回答