【发布时间】:2015-06-22 08:23:22
【问题描述】:
目前我在实时服务器中运行我的代码时遇到问题,即使我可以在我的本地主机中运行它。
if($con->connect_error){
$response['success'] =0;
$response['message'] ='could not connect to database';
print(json_encode($response));
die(print(json_encode($response)));
}
$response['success'] =1;
$response['message'] ='successfully connected to the database';
print(json_encode($response));
$depart = $_GET['depart'];
$destination = $_GET['destination'];
$sql = "INSERT INTO request (dateNtime, depart, destination, status) VALUES (now(),$depart,$destination,0)";
$mysql=mysqli_query($con,$sql);
if($mysql)
{
echo "successfully";
}
else
{
echo mysqli_error($con);
}
mysqli_close($con);
目前这是我在实时服务器中运行此代码时遇到的错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'users\',0)' at line 1
我可以知道这个错误的原因是什么吗?
【问题讨论】:
-
危险:你很容易受到SQL injection attacks的影响,你需要defend你自己。