0

我正在使用以下代码在数据库中插入一行。我总是得到错误

{"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show) VALUES('A E Jewelers','Quintin','Schmidt','131 South Rolling Meadows Dr.',' at line 1"}

这是我的查询

xxx/webservice/api.php?action=addStore&name=A%20E%20Jewelers&firstname=Quintin&lastname=Schmidt&address=131%20South%20Rolling%20Meadows%20Dr.&city=Fond%20du%20Lac&state=WI&country=USA&zip=54935&phone=(920)%20933%203601%0A&fax=(920)%20486-1734&email=Diadori@aejewelers.com&latitude=43.775931&longitude=-88.482894&website=www.aejewelers.com&show=1

    function AddStore() 
    {
        $name = trim($_REQUEST['name']);
        $firstname = trim($_REQUEST['firstname']);
        $lastname  = trim($_REQUEST['lastname']);
        $address = trim($_REQUEST['address']);
        $city = trim($_REQUEST['city']);
        $state = trim($_REQUEST['state']);
        $country = trim($_REQUEST['country']);
        $zip = trim($_REQUEST['zip']);
        $phone = trim($_REQUEST['phone']);
        $fax = trim($_REQUEST['fax']);
        $email = trim($_REQUEST['email']);
        $latitude = trim($_REQUEST['latitude']);        
        $longitude = trim($_REQUEST['longitude']);      
        $website = trim($_REQUEST['website']);      
        $show = 1;      

        return $show;
        $insert_id = 0;
        try {
            $conn = $this->GetDBConnection();
            $statement = $conn->prepare('INSERT INTO stores( name, firstname, lastname, address, city, state, country, zip, phone, fax, email, latitude,longitude, website,show) VALUES(:name,:firstname,:lastname,:address,:city,:state,:country,:zip,:phone,:fax, :email, :phone, :zip)');

            $statement->bindParam(':name',      $name, PDO::PARAM_STR);
            $statement->bindParam(':firstname', $firstname, PDO::PARAM_STR);
            $statement->bindParam(':lastname' , $lastname, PDO::PARAM_STR);
            $statement->bindParam(':address',   $address, PDO::PARAM_STR);
            $statement->bindParam(':city',      $city, PDO::PARAM_STR);
            $statement->bindParam(':state',     $state, PDO::PARAM_STR);
            $statement->bindParam(':country',   $country, PDO::PARAM_STR);
            $statement->bindParam(':zip',       $zip, PDO::PARAM_STR);
            $statement->bindParam(':phone',     $phone, PDO::PARAM_STR);
            $statement->bindParam(':fax'    ,   $fax, PDO::PARAM_STR);
            $statement->bindParam(':email'    , $email, PDO::PARAM_STR);
            $statement->bindParam(':latitude' , $latitude, PDO::PARAM_STR);
            $statement->bindParam(':longitude', $longitude, PDO::PARAM_STR);
            $statement->bindParam(':website'  , $website, PDO::PARAM_STR);
            $statement->bindParam(':show'     , $show, PDO::PARAM_INT);

            $statement->execute();

            $insert_id = $conn->lastInsertId();

            $conn = null;
        } catch(PDOException $e) {
            throw $e;
        }

        return $insert_id;
    }
4

2 回答 2

3

将列名 show 替换为 `show`

INSERT INTO stores( 
     name, firstname, lastname, address, city, state, 
     country, zip, phone, fax, email, latitude,longitude, 
     website,`show`)
VALUES (:name,:firstname,:lastname,:address,:city,
     :state,:country,:zip,:phone,:fax, :email, 
     :phone, :zip)'

show这个词是SQL中的一个关键字

于 2013-09-04T16:38:44.120 回答
0

始终将字段名称和表名称包含在反引号中是一种很好的做法,以防止这种常见的“陷阱”意外使用保留关键字。SQL 中的保留字数量惊人,因此只使用反引号可能比记住检查使用的每个字段或表名更容易。

我认为您已确认没有任何值是空/null 或嵌入空格、引号或逗号?PDO 库是否负责转义引号(例如,Mrs. O'Leary's Cow)并将数据包装在引号中?

于 2013-09-04T17:34:04.483 回答