INSERT INTO `jos1_content`
(`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES
($title, $introtext, $fulltext, 1, 1, $catid, 5)
Query is made up of php script. Derivation of variables shows that they are not empty. At the request of phpMyAdmin shows the error:
1064 - You ha开发者_开发问答ve an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
You need to use single quotes to indicate strings to SQL - use:
INSERT INTO `jos1_content`
(`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES
('". $title ."', '". $introtext ."', '". $fulltext ."', 1, 1, $catid, 5)
A safer means would be to use:
$query = sprintf("INSERT INTO `jos1_content`
(`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES
('%s', '%s', '%s', 1, 1, %d, 5)",
mysql_real_escape_string($title),
mysql_real_escape_string($introtext),
mysql_real_escape_string($fulltext),
$catid);
Reference:
- SPRINTF
- MYSQL_REAL_ESCAPE_STRING
You need to surround your PHP variables that are being inserted into string-type fields with quotes:
INSERT INTO `jos1_content`
(`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES
('$title', '$introtext', '$fulltext', 1, 1, $catid, 5)
Read about prepared statements in the manual of your programming language or use mysql_escape_string
.
精彩评论