0

我无法弄清楚,由于某种原因,我收到此错误消息:

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5

这是我的mysql查询,不知道是什么问题,请有人帮帮我吗?

function blocked_users() {
            global $connection;
            global $_SESSION;
            global $profile_id;
            $query = "SELECT * 
                        FROM ptb_block_user
                        WHERE ptb_block_user.blocked_id = \"$profile_id\"
                        AND ptb_block_user.user_id = ".$_SESSION['user_id']."
                        AND ptb_block_user.blocked='1' ";
                        $blocked_users = mysql_query($query, $connection);
            confirm_query($blocked_users);
            return $blocked_users;

        }
4

4 回答 4

0

您也可以随时print $query查看您的 SQL 查询的外观。更容易发现错误。

于 2013-04-07T15:36:31.603 回答
0 
function blocked_users() {
            global $connection;
            global $_SESSION;
            global $profile_id;
            $query = "SELECT * 
                        FROM ptb_block_user
                        WHERE ptb_block_user.blocked_id = ".mysql_real_escape_string($profile_id)."
                        AND ptb_block_user.user_id = ".mysql_real_escape_string($_SESSION['user_id'])."
                        AND ptb_block_user.blocked=1;";
            $blocked_users = mysql_query($query, $connection);
            confirm_query($blocked_users);
            return $blocked_users;
        }

使用 MySqli lib 而不是 MySql:http ://www.php.net/manual/en/book.mysqli.php

于 2013-04-07T15:37:13.657 回答
0 
SELECT * 
  FROM ptb_block_user b
 WHERE b.blocked_id = '$profile_id' 
   AND b.user_id = '{$_SESSION['user_id']}' 
   AND b.blocked=1

?

于 2013-04-07T15:37:31.487 回答
0

如果您使用纯 php 且没有框架,则应始终使用准备好的语句进行 mysql 通信。这更加安全,并且可以保护您免受 mysql 注入。

尝试这个。

db = new mysqli("your_ip_or_host","username","password","name_of_database");
$st = $db->prepare("SELECT * 
                    FROM ptb_block_user
                    WHERE ptb_block_user.blocked_id = ?
                    AND ptb_block_user.user_id = ?
                    AND ptb_block_user.blocked=?");

$st->bind_param('iii', intval($profile_id), intval($_SESSION['user_id']),1);

$st->execute();

$st->store_result();
$st->bind_result($col1, $col2, ... , $colx);

while($st->fetch())
{
    echo "col1=$col, col2=$col2, ...., colX=$colx \n";
}

$st->close();
于 2013-04-07T15:41:48.967 回答