希望一些老圣人能对此有所了解。我很困惑(很容易)。
当我这样准备我的 SQL 语句时(在表和列名上使用 `,这里的输出中没有显示?)...
$sql = "INSERT INTO `order` (`orderid`, `username`, `payer_email`, `purchase_str`, `mc_gross`, `tnx_id`, `status`) VALUES (default,'$user','$useremail','$purchase_str','$mc_gross','46737264646','pending')";
$result = mysqli_query ( $cxn, $sql ) or die ( "Query died: fusername" );
...它成功插入一行。
但是,当我在表名和列名上使用无单引号或 ' 而不是 ` 时,它会因 mysql 错误而失败,即
$sql = "INSERT INTO order (orderid,username,payer_email,purchase_str,mc_gross,tnx_id,status) VALUES (default,'$user','$useremail','$purchase_str','$mc_gross','46737264646','pending')";
$result = mysqli_query ( $cxn, $sql ) or die ( "Query died: fusername" );
错误:
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (orderid, username, payer_email, purchase_str, mc_gross, tnx_id, status) V' at line 1
或者
$sql = "INSERT INTO 'order' ('orderid', 'username', 'payer_email', 'purchase_str', 'mc_gross', 'tnx_id', 'status') VALUES (default,'$user','$useremail','$purchase_str','$mc_gross','','pending')";
$result = mysqli_query ( $cxn, $sql ) or die ( "Query died: fusername" );
错误:
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''order' ('orderid', 'username', 'payer_email', 'purchase_str', 'mc_gross', 'tnx_' at line 1
我有另一个插入查询,没有在工作正常的表和列名称上使用“或”,即
$sql = "INSERT INTO user (username,password,created,email,firstname,lastname,dob,gender,house,street,area,city,county,postcode,country,skype,proofread)
VALUES ('$updatedb[username]','$hash',NOW(),'$updatedb[email]','$updatedb[firstname]','$updatedb[lastname]','$updatedb[dob]','$updatedb[gender]',
'$updatedb[house]','$updatedb[street]','$updatedb[area]','$updatedb[city]','$updatedb[county]','$updatedb[postcode]','$updatedb[country]',
'$updatedb[skype]','$updatedb[proofread]')";
非常非常困惑。任何指针将不胜感激。再见。