当前位置: 动力学知识库 > 问答 > 编程问答 >

php - MySQL Error: You have an error in your SQL syntax

问题描述:

I get this error message from mySQL:

You have an error in your SQL syntax; check the manual that corresponds to your

MySQL server version for the right syntax to use near 'key,time)

VALUES ('FreeTest','86400')' at line 2

Here is the code:

if ((isset($_POST['key'])) && (isset($_POST['days']))) {

$key = mysql_escape_string($_POST['key']);

$days = mysql_escape_string($_POST['days'] * 86400);

$add = "INSERT INTO licence

(key,time)

VALUES

('$key','$days')";

$addkey = mysql_query($add);

}

网友答案:

The column named KEY, which is one of the column names, happens to be a reserved keyword, you need to escape with backticks so you won't get syntax error, TIME is also a reserved keyowrd but mysql permits it to be used without backticks.

INSERT INTO licence (`key`,time) VALUES ('$key','$days')
  • MySQL Reserved Keywords List

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

  • How to prevent SQL injection in PHP?
分享给朋友:
您可能感兴趣的文章:
随机阅读: