-4

我是 PHP 和 SQL 的新手,由于某种原因,我得到了这个非常奇怪和神秘的错误。

致命错误:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在 /home/ 的第 1 行的“INSER INTO history(stype, symbol, amount, price, time, userid) VALUES (?, ?, ?, ') 附近使用正确的语法jharvard/vhosts/localhost/includes/functions.php 在第 139 行

这是我使用的代码:

<?php 
require("../includes/config.php");
if ($_SERVER["REQUEST_METHOD"] == "POST"){
    // Retrieve the requested user's symbol and calculate the stock's price
    $symbol = $_POST["symbol"];
    $price = lookup($symbol)["price"];
    // If lookup fails, apologize
    if ($price === null) {
    apologize("Sorry!");}
    // Retrieve user's cash balance
    $cash = query("select cash from users where id = ?", $_SESSION["id"]);
    foreach ($cash as $qux){$cash = $qux["cash"];}
    // Calculate the amount of money needed to buy the amount of stock
    $PayPrice = $_POST["SAmount"] * $price;
    // If user doesnt have enough cash, apologize
    if ($cash < $PayPrice){apologize("Your a cheapskate");}
    // If user enters a decimal or negative number, apologize
    if (preg_match("/^\d+$/", $_POST["SAmount"]) != true){apologize("Y u so decimal");}
    // Deduct the amount of cash from user's money   
    $result = query("UPDATE users SET cash = ? where id = ?", ($cash - $PayPrice), $_SESSION["id"]);
    if ($result === false){apologize("Update failed, cash");}
    // Update the user's stock
    $result = query("INSERT INTO stocks (id, symbol, stock) VALUES (?,?,?) ON DUPLICATE KEY UPDATE stock = stock + ?", $_SESSION['id'], $_POST["symbol"], $_POST["SAmount"], $_POST["SAmount"]);
    if ($result === false){apologize("Update failed, stock");}
    // Update history
    $result = query("INSER INTO history(stype, symbol, amount, price, time, userid) VALUES (?, ?, ?, ?, ?, ?)", 'buy', $symbol, $_POST['SAmount'], $PayPrice, time(), $_SESSION['id']);

}
else{render("BuyPage.php");}

?>

这是查询()代码

function query(/* $sql [, ... ] */)
    {
        // SQL statement
        $sql = func_get_arg(0);

        // parameters, if any
        $parameters = array_slice(func_get_args(), 1);

        // try to connect to database
        static $handle;
        if (!isset($handle))
        {
            try
            {
                // connect to database
                $handle = new PDO("mysql:dbname=" . DATABASE . ";host=" . SERVER, USERNAME, PASSWORD);

                // ensure that PDO::prepare returns false when passed invalid SQL
                $handle->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); 
            }
            catch (Exception $e)
            {
                // trigger (big, orange) error
                trigger_error($e->getMessage(), E_USER_ERROR);
                exit;
            }
        }

        // prepare SQL statement
        $statement = $handle->prepare($sql);
        if ($statement === false)
        {
            // trigger (big, orange) error
            trigger_error($handle->errorInfo()[2], E_USER_ERROR);
            exit;
        }

        // execute SQL statement
        $results = $statement->execute($parameters);

        // return result set's rows, if any
        if ($results !== false)
        {
            return $statement->fetchAll(PDO::FETCH_ASSOC);
        }
        else
        {
            return false;
        }
    }

这个问题非常神秘,因为我不知道发生了什么,我包含了我认为需要的所有代码,但如果需要更多,请告诉我。Ps:不用说,问题只是在我输入了最后一行用于插入历史的SQL代码之后才出现的,否则其他一切都很好。

4

1 回答 1

2

代替:

$result = query("INSER INTO history(stype, symbol, amount, price, time, userid) VALUES (?, ?, ?, ?, ?, ?)", 'buy', $symbol, $_POST['SAmount'], $PayPrice, time(), $_SESSION['id']);

和:

$result = query("INSERT INTO history(stype, symbol, amount, price, time, userid) VALUES (?, ?, ?, ?, ?, ?)", 'buy', $symbol, $_POST['SAmount'], $PayPrice, time(), $_SESSION['id']);
于 2013-04-14T09:06:12.600 回答