【发布时间】:2017-07-18 15:59:24
【问题描述】:
升级到php7后出现这个错误,我已经解决了大部分问题。
错误:您的 SQL 语法有错误;检查手册 对应于您的 MySQL 服务器版本,以便使用正确的语法 第 1 行的 '' 附近
这是代码的开头(这似乎是导致问题的原因)。页面加载时 $_POST 未设置,有一个下拉菜单(从 sql1 创建),此结果将在脚本稍后提供给其他 sql 查询。
<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC";
这是完整的代码
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<?php include 'header.php'; ?>
<div class='container'>
<?php include 'menu.php'; ?>
<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC";
//$sql1="SELECT Site_ID, Site_name_1 FROM 'Sites' ORDER BY 'Sites'.'Site_ID' ASC";
$sqltable1="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$sqltable2="SELECT Aspects.Aspect, Aspect_Pub_join.Pub_ID FROM `Aspects` INNER JOIN `Aspect_Pub_join` ON Aspects.Aspect_ID=Aspect_Pub_join.Aspect_ID WHERE Aspect_Pub_join.Pub_ID=$post_pub";
$sqltable3="SELECT Publications.Pub_ID, Questions.Question FROM `Publications` LEFT JOIN `Aspect_Pub_join` ON Publications.Pub_ID=Aspect_Pub_join.Pub_ID LEFT JOIN `Aspect_question_join` ON Aspect_Pub_join.Aspect_ID=Aspect_question_join.Aspect_ID LEFT JOIN `Questions` ON Aspect_question_join.Question_ID=Questions.Question_ID Where Publications.Pub_ID=$post_pub GROUP BY Question ORDER BY Publications.Pub_ID ASC";
$sqltable4="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$sqltable5="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$result1=mysqli_query($mysqli, $sql1) or die("Error: ".mysqli_error($mysqli));
$result_table1=mysqli_query($mysqli, $sqltable1) or die("Error: ".mysqli_error($mysqli));
$result_table2=mysqli_query($mysqli, $sqltable2) or die("Error: ".mysqli_error($mysqli));
$result_table3=mysqli_query($mysqli, $sqltable3) or die("Error: ".mysqli_error($mysqli));
$result_table4=mysqli_query($mysqli, $sqltable4) or die("Error: ".mysqli_error($mysqli));
$result_table5=mysqli_query($mysqli, $sqltable5) or die("Error: ".mysqli_error($mysqli));
$site_array = array();
while (list($id, $name) = mysqli_fetch_row($result1)) {$site_array[$id] = $name;}
//// Free result set
//mysqli_free_result($result);
function get_options($arr, $current=null)
{
$opts = '';
foreach ($arr as $k => $v) {
$sel = $k==$current ? 'selected="selected"' : '';
$opts .= "<option value='$k' $sel>$k $v</option>\n";
}
return $opts;
}
?>
<html>
<body>
<br/>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<select name="site" onchange="this.form.submit();">
<?php echo"<option>Select Site</option>";?>
<?php echo get_options($site_array);?>
</select>
</form>
<br/>
<p> Displaying all information for:<?php if(isset($_POST['site'])){echo $_POST['site'];} ?></p>
<div style="void:both;";></div>
<div class='table_holder'>
<div class='table' style='height:100px; margin-right:20px;'>
<table width='100%' align='center' id='table1' class='tablesorter'>
<thead>
<tr>
<th>Publication Title</th>
</tr>
</thead>
<?php while($rows1=mysqli_fetch_array($result_table1)){ ?>
<tr>
<td><?php echo $rows1['ART_TITEL']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table2' class='tablesorter'>
<thead>
<tr>
<th>Aspects</th>
</tr>
</thead>
<?php while($rows2=mysqli_fetch_array($result_table2)){ ?>
<tr>
<td><?php echo $rows2['Aspect']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table3' class='tablesorter'>
<thead>
<tr>
<th>Question</th>
</tr>
</thead>
<?php while($rows3=mysqli_fetch_array($result_table3)){ ?>
<tr>
<td><?php echo $rows3['Question']; ?></td>
</tr>
<?php } ?>
</table>
</div>
</div>
<?php include 'footer.php' ?>
【问题讨论】:
-
这将是一个使用准备好的语句而不是假设它是一个有效整数的好地方。
-
sql注入漏洞的完美例子
-
您的“connect.php”文件中是否包含连接数据库的代码?如果是这样,您确定那里还没有出现问题吗?如果您可以发布它的内容(当然没有凭据)可能会有所帮助。
-
添加
if(empty($post_pub)){echo 'something not right'; exit();}以验证您的 post 变量; -
connect.php 内容(详情已更改)
<?php $servername = "localhost"; $username = "user"; $password = "pw"; $database = "db"; ?> <?php // Create connection $mysqli = mysqli_connect($servername, $username, $password, $database); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } ?>