0

下面我收到一个语法错误,您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 'call, County, id, location, callcreated, station, units, calltype, lat, lng) VAL' 附近使用正确的语法,但不知道为什么!任何帮助将不胜感激!

<?php

mysql_connect("localhost", "test", "test") or die(mysql_error());
mysql_select_db("firecom") or die(mysql_error());

$data = file_get_contents("http://208.71.205.35/PITS/");//thanks WCCCA!
$pattern = "/id=\"hidXMLID\" value=\"([^\"]+)\"/";//looking for the rnd xml id#
preg_match_all($pattern, $data, $xmlext);

$url = "http://208.71.205.35/PITS/xml/fire_data_" . $xmlext[1][0] . ".xml";//putting together the secret xml url
$xml = simplexml_load_file($url);

foreach ($xml->marker as $element) {

$lat = $element->attributes()->lat;
$lng = $element->attributes()->lng;
$countydirty = $element->AGENCY;// gets agency
$wcccanumberdirty = $element->CALL_NO;
$iddirty = $element->TWO_DIGIT_CALL_NO;// gets call id#
$calldirty = $element->CALL_TYPE_FINAL_D;// gets call type
$locationdirty = $element->LOCATION;// gets location
$callcreateddirty = $element->CALL_CREATED_DATE_TIME;
$stationdirty = $element->BEAT_OR_STATION;// get first marker station
$unitsdirty = $element->UNITS;// get first marker units
$calltypedirty = $element->TYPE; 

//this next section removes the "~" from the start of all the lines
$county = str_replace('~','',$countydirty);
$wcccanumber = str_replace('~','',$wcccanumberdirty);
$id = str_replace('~','',$iddirty);
$call = str_replace('~','',$calldirty);
$location = str_replace('~','',$locationdirty);
$callcreated = str_replace('~','',$callcreateddirty);
$station = str_replace('~','',$stationdirty);
$units = str_replace('~','',$unitsdirty);
$calltype = str_replace('~','',$calltypedirty);

mysql_query("INSERT INTO calls (wcccanumber, call, county, id, location, callcreated, station, units, calltype, lat, lng) VALUES('$wcccanumber', '$call', '$county', '$id', '$location', '$callcreated', '$station', '$units', '$calltype', '$lat', '$lng')") or die(mysql_error()); 

echo "$call - $county - $wcccanumber - $id - $location - $callcreated - $station - $units - $calltype <br />";
}

?>
4

3 回答 3

5

call保留字,必须用反引号括起来:

INSERT INTO calls (wcccanumber, `call`, ...
于 2012-12-10T20:21:38.480 回答
2

call是 mysql 中的保留字,因此如果将其用作列名,则需要在反引号中引用它:

wcccanumber, `call`, county...

除此之外,您需要切换到 PDO / mysqli 和准备好的语句来解决您遇到的潜在 sql 注入问题。

于 2012-12-10T20:21:46.390 回答
1

call是一个保留字。你必须用反引号引用它:

mysql_query("INSERT INTO calls (wcccanumber, `call`, county, id, ...

PS 对于数据库问题(尤其是语法错误),您不需要包含所有这些 DOM 内容。如何获取查询的值几乎总是无关紧要的。

于 2012-12-10T20:21:51.197 回答