-6

我在尝试打开表单时遇到了他的错误。

错误:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 ') VALUES ( )' 附近使用正确的语法

这是文件

<?php
 $con = mysql_connect("localhost","*********","**************");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("**********", $con);


    $sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)
VALUES (
$_POST[pcname]
$_POST[pcaddress]
$_POST[pcaddress2]
$_POST[pcstate]
$_POST[pccity]
$_POST[pczip]
$_POST[pccellphone] 
$_POST[pcphone]
$_POST[pcworkphone]
$_POST[pcemail]
$_POST[pcmake]
$_POST[pcram]
$_POST[pcproc]
$_POST[pchd]
$_POST[pcserial]
$_POST[pcextra]
$_POST[pcgroupid]
$_POST[prefcontact]
$_POST[pcnotes]
$_POST[custsourceid])";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_pcid = mysql_insert_id();

    $sql = "INSERT INTO pc_wo (pcid, probdesc, virusesfound, custnotes, technotes, dropdate, pickupdate, readydate, pcstatus, called, thepass, custassets, bench, workarea, pcpriority, cityuser, cobyuser, commonproblems, storeid, thesig, assigneduser) VALUES ('$last_insert_pcid','NULL','$_POST[woid]','$_POST[pcid]','$_POST[probdesc]','$_POST[virusesfound]','$_POST[custnotes]','$_POST[technotes]','$_POST[dropdate]','$_POST[pickupdate]','$_POST[readydate]','$_POST[pcstatus]','$_POST[pcstatus]','$_POST[called]','$_POST[thepass]','$_POST[custassets]','$_POST[bench]','$_POST[workarea]','$_POST[pcpriority]','$_POST[cibyuser]','$_POST[cobyuser]','$_POST[commonproblems]','$_POST[storeid]','$_POST[thesig]','$_POST[assigneduser]')";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_woid = mysql_insert_id();

    $result = mysql_query("SELECT * FROM pc_owner WHERE pcid='$last_insert_pcid'");

    $result1 = mysql_query("SELECT * FROM pc_wo WHERE woid='$last_insert_woid'");
    echo "<table border='1'>
    <tr>
    <th>Computer id</th>
    <th>Name</th>
    <th>Phone Number</th>
    <th>Mobile</th>
    <th>Work</th>
    <th>Email</th>
    <th>Address</th>
    <th>Second Line</th>
    <th>State</th>
    <th>City</th>
    <th>Postal Code</th>
    <th>WorkOrder Id</th>
    <th>PC Id</th>
    <th>Pc make</th>
    <th>probdes</th>
    <th>virusesfound</th>
    <th>Ram</th>
    <th>pcprod</th>
    <th>HDD</th>
    <th>Pc Serial No</th>
    <th>Pc Extra</th>
    <th>Pc Note</th>
    <th>custnotes</th>
    <th>technotes</th>
    <th>dropdate</th>
    <th>pickupdate</th>
    <th>readydate</th>
    <th>pcstatus</th>
    <th>called</th>
    <th>thepass</th>
    <th>custassets</th>
    <th>bench</th>
    <th>workarea</th>
    <th>pcpriorty</th>
    <th>Checked in by</th>
    <th>Checked out by</th>
    <th>Common Problems</th>
    <th>Store Id</th>
    <th>Assigned User</th>
    </tr>";
    while($row = mysql_fetch_array($result))
    {
    echo "<tr>";
    echo "<td>" . $row['pcid'] . "</td>";
    echo "<td>" . $row['pcname'] . "</td>";
    echo "<td>" . $row['pcphone'] . "</td>";
    echo "<td>" .$row['pccellphone'] . "</td>";
    echo "<td>" .$row['pcworkphone'] . "</td>";
    echo "<td>" .$row['pcemail'] . "</td>";
    echo "<td>" .$row['pcaddress'] . "</td>";
    echo "<td>" .$row['pcaddress2'] . "</td>";
    echo "<td>" .$row['pcstate'] . "</td>";
    echo "<td>" .$row['pccity'] . "</td>";
    echo "<td>" .$row['pczip'] . "</td>";
    }
    //considering these are the values returned by 1st query (ie., table client)
    while($row = mysql_fetch_array($result1)) {

    echo "<td>" .$row['woid'] . "</td>";
    echo "<td>" .$row['pcid'] . "</td>";
    echo "<td>" .$row['pcmake'] . "</td>";
    echo "<td>" .$row['pcprobdesc'] . "</td>";
    echo "<td>" .$row['virusesfound'] . "</td>";
    echo "<td>" .$row['pcram'] . "</td>";
    echo "<td>" .$row['pcproc'] . "</td>";
    echo "<td>" .$row['pchd'] . "</td>";
    echo "<td>" .$row['pcserial'] . "</td>";
    echo "<td>" .$row['pcextra'] . "</td>";
    echo "<td>" .$row['pcnotes'] . "</td>";
    echo "<td>" .$row['custnotes'] . "</td>";
    echo "<td>" .$row['technotes'] . "</td>";
    echo "<td>" .$row['dropdate'] . "</td>";
    echo "<td>" .$row['pickupdate'] . "</td>";
    echo "<td>" .$row['readydate'] . "</td>";
    echo "<td>" .$row['pcstatus'] . "</td>";
    echo "<td>" .$row['called'] . "</td>";
    echo "<td>" .$row['thepass'] . "</td>";
    echo "<td>" .$row['custassets'] . "</td>";
    echo "<td>" .$row['bench'] . "</td>";
    echo "<td>" .$row['workarea'] . "</td>";
    echo "<td>" .$row['pcpriority'] . "</td>";
    echo "<td>" .$row['cibyuser'] . "</td>";
    echo "<td>" .$row['cobyuser'] . "</td>";
    echo "<td>" .$row['commonproblems'] . "</td>";
    echo "<td>" .$row['storeid'] . "</td>";
    echo "<td>" .$row['thesig'] . "</td>";
    echo "<td>" .$row['assigneduser'] . "</td>";
    echo "</tr>";
    }
    echo "</table>";
    echo "woid is complete";
    print "Thank you for booking with us and your Repair ID number is ".$last_insert_woid;
    mysql_close($con);
    ?>

任何想法为什么会发生?

4

2 回答 2

4

去掉逗号

... prefcontact,pcnotes,) VALUES ...
                       ^----------here

你需要逗号来分隔你的价值观。

并且您永远不应该使用您的输入数据将其放入您的数据库中而不转义它。

了解如何防止 SQL 注入

于 2012-11-14T16:44:38.083 回答
0

3件事,从这里删除多余的逗号$sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)

并且您需要用引号将值括起来',后跟逗号,例如VALUES ('$_POST[pcname]','$_POST[pcaddress]', ....)";

于 2012-11-14T16:46:13.197 回答