0

我不断收到此错误:

Query1 失败:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的“d41d8cd98f00b204e9800998ecf8427e”“d41d8cd98f00b204e9800998ecf8427e”、“d41d8cd”附近使用正确的语法

这是我正在使用的代码:

 <?php

     $payment = $_GET['payment'];
     if($payment){
include("connection.php");
$CardHolder = md5($_POST["CardHolder"]);
$CardType = md5($_POST["CardType"]);
$CardNumber = md5($_POST["CardNumber"]);
$SecurityCode = md5($_POST["SecurityCode"]);
$ExpiryDate = md5($_POST["ExpiryDate"]);
$PurchaseID = $_SESSION['purchaseid'];
$Email = $_SESSION['user'];

$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES (\"$CardHolder\", \"$CardType\", , \"$CardNumber\" \"$SecurityCode\", \"$ExpiryDate\", \"$PurchaseID\", \"$Email\")";
$result = mysqli_query($con, $sql) or die('Query1 failed: ' . mysqli_error($con));;

if($result){
    echo "<p>Your Payment has been Accepted. You are now being redirected to the to the HomePage.</p>
      <meta http-equiv=\"refresh\" content=\"1;URL=index.php\" />";

     } else {
         echo "<p>Payment Failed, Please try again later.</p>";
     }
}

      ?>

我不确定我做错了什么。提前感谢您的支持。

编辑:使用提供的答案后,我现在收到此错误 Query1 失败:列数与第 1 行的值计数不匹配。只是为了让你们知道我有一个 PaymentID,即 Auto INCREMENT。

4

4 回答 4

2

我相信你的逗号放错了位置(2 在 CardType 之后,0 在 CardNumber 之后)。

\"$CardType\", , \"$CardNumber\" \"$SecurityCode\",

话虽如此,您会受到 SQL 注入攻击,并且有更好的方法使用准备好的语句和绑定参数进行插入。以此为起点

于 2012-12-11T22:10:38.413 回答
1

看来您有一个没有价值的额外列:

$sql = "INSERT ... VALUES (\"$CardHolder\", \"$CardType\", , \"$CardNumber\"
                                                          ^

我建议您改用单引号。

$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES ('$CardHolder', '$CardType', '$CardNumber', '$SecurityCode', '$ExpiryDate', '$PurchaseID', '$Email')";
于 2012-12-11T22:07:17.740 回答
0

后面有两个逗号CardType

于 2012-12-11T22:07:23.870 回答
0

替换为:

$sql = "INSERT INTO Payment (CardHolder, CardType, CardNumber, SecurityCode, ExpiryDate, PurchaseID, Email) VALUES (\"$CardHolder\", \"$CardType\", \"$CardNumber\", \"$SecurityCode\", \"$ExpiryDate\", \"$PurchaseID\", \"$Email\")";
于 2012-12-11T22:07:59.140 回答