-6

フォームを開こうとするとエラーが発生します。

エラー: SQL 構文にエラーがあります。MySQL サーバーのバージョンに対応するマニュアルを参照して、1 行目の ') VALUES ( )' 付近で使用する正しい構文を確認してください。

ここにファイルがあります

<?php
 $con = mysql_connect("localhost","*********","**************");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("**********", $con);


    $sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)
VALUES (
$_POST[pcname]
$_POST[pcaddress]
$_POST[pcaddress2]
$_POST[pcstate]
$_POST[pccity]
$_POST[pczip]
$_POST[pccellphone] 
$_POST[pcphone]
$_POST[pcworkphone]
$_POST[pcemail]
$_POST[pcmake]
$_POST[pcram]
$_POST[pcproc]
$_POST[pchd]
$_POST[pcserial]
$_POST[pcextra]
$_POST[pcgroupid]
$_POST[prefcontact]
$_POST[pcnotes]
$_POST[custsourceid])";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_pcid = mysql_insert_id();

    $sql = "INSERT INTO pc_wo (pcid, probdesc, virusesfound, custnotes, technotes, dropdate, pickupdate, readydate, pcstatus, called, thepass, custassets, bench, workarea, pcpriority, cityuser, cobyuser, commonproblems, storeid, thesig, assigneduser) VALUES ('$last_insert_pcid','NULL','$_POST[woid]','$_POST[pcid]','$_POST[probdesc]','$_POST[virusesfound]','$_POST[custnotes]','$_POST[technotes]','$_POST[dropdate]','$_POST[pickupdate]','$_POST[readydate]','$_POST[pcstatus]','$_POST[pcstatus]','$_POST[called]','$_POST[thepass]','$_POST[custassets]','$_POST[bench]','$_POST[workarea]','$_POST[pcpriority]','$_POST[cibyuser]','$_POST[cobyuser]','$_POST[commonproblems]','$_POST[storeid]','$_POST[thesig]','$_POST[assigneduser]')";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_woid = mysql_insert_id();

    $result = mysql_query("SELECT * FROM pc_owner WHERE pcid='$last_insert_pcid'");

    $result1 = mysql_query("SELECT * FROM pc_wo WHERE woid='$last_insert_woid'");
    echo "<table border='1'>
    <tr>
    <th>Computer id</th>
    <th>Name</th>
    <th>Phone Number</th>
    <th>Mobile</th>
    <th>Work</th>
    <th>Email</th>
    <th>Address</th>
    <th>Second Line</th>
    <th>State</th>
    <th>City</th>
    <th>Postal Code</th>
    <th>WorkOrder Id</th>
    <th>PC Id</th>
    <th>Pc make</th>
    <th>probdes</th>
    <th>virusesfound</th>
    <th>Ram</th>
    <th>pcprod</th>
    <th>HDD</th>
    <th>Pc Serial No</th>
    <th>Pc Extra</th>
    <th>Pc Note</th>
    <th>custnotes</th>
    <th>technotes</th>
    <th>dropdate</th>
    <th>pickupdate</th>
    <th>readydate</th>
    <th>pcstatus</th>
    <th>called</th>
    <th>thepass</th>
    <th>custassets</th>
    <th>bench</th>
    <th>workarea</th>
    <th>pcpriorty</th>
    <th>Checked in by</th>
    <th>Checked out by</th>
    <th>Common Problems</th>
    <th>Store Id</th>
    <th>Assigned User</th>
    </tr>";
    while($row = mysql_fetch_array($result))
    {
    echo "<tr>";
    echo "<td>" . $row['pcid'] . "</td>";
    echo "<td>" . $row['pcname'] . "</td>";
    echo "<td>" . $row['pcphone'] . "</td>";
    echo "<td>" .$row['pccellphone'] . "</td>";
    echo "<td>" .$row['pcworkphone'] . "</td>";
    echo "<td>" .$row['pcemail'] . "</td>";
    echo "<td>" .$row['pcaddress'] . "</td>";
    echo "<td>" .$row['pcaddress2'] . "</td>";
    echo "<td>" .$row['pcstate'] . "</td>";
    echo "<td>" .$row['pccity'] . "</td>";
    echo "<td>" .$row['pczip'] . "</td>";
    }
    //considering these are the values returned by 1st query (ie., table client)
    while($row = mysql_fetch_array($result1)) {

    echo "<td>" .$row['woid'] . "</td>";
    echo "<td>" .$row['pcid'] . "</td>";
    echo "<td>" .$row['pcmake'] . "</td>";
    echo "<td>" .$row['pcprobdesc'] . "</td>";
    echo "<td>" .$row['virusesfound'] . "</td>";
    echo "<td>" .$row['pcram'] . "</td>";
    echo "<td>" .$row['pcproc'] . "</td>";
    echo "<td>" .$row['pchd'] . "</td>";
    echo "<td>" .$row['pcserial'] . "</td>";
    echo "<td>" .$row['pcextra'] . "</td>";
    echo "<td>" .$row['pcnotes'] . "</td>";
    echo "<td>" .$row['custnotes'] . "</td>";
    echo "<td>" .$row['technotes'] . "</td>";
    echo "<td>" .$row['dropdate'] . "</td>";
    echo "<td>" .$row['pickupdate'] . "</td>";
    echo "<td>" .$row['readydate'] . "</td>";
    echo "<td>" .$row['pcstatus'] . "</td>";
    echo "<td>" .$row['called'] . "</td>";
    echo "<td>" .$row['thepass'] . "</td>";
    echo "<td>" .$row['custassets'] . "</td>";
    echo "<td>" .$row['bench'] . "</td>";
    echo "<td>" .$row['workarea'] . "</td>";
    echo "<td>" .$row['pcpriority'] . "</td>";
    echo "<td>" .$row['cibyuser'] . "</td>";
    echo "<td>" .$row['cobyuser'] . "</td>";
    echo "<td>" .$row['commonproblems'] . "</td>";
    echo "<td>" .$row['storeid'] . "</td>";
    echo "<td>" .$row['thesig'] . "</td>";
    echo "<td>" .$row['assigneduser'] . "</td>";
    echo "</tr>";
    }
    echo "</table>";
    echo "woid is complete";
    print "Thank you for booking with us and your Repair ID number is ".$last_insert_woid;
    mysql_close($con);
    ?>

なぜそれが起こっているのですか?

4

2 に答える 2

4

コンマを取り除く

... prefcontact,pcnotes,) VALUES ...
                       ^----------here

また、値を区切るためにコンマが必要です。

また、入力データを使用して、エスケープせずに DB に入れるべきではありません。

SQL インジェクションを防ぐ方法を見る

于 2012-11-14T16:44:38.083 に答える
0

3つのこと、ここから余分なコンマを削除します$sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)

値を引用符で囲み'、その後にカンマを付ける必要がありますVALUES ('$_POST[pcname]','$_POST[pcaddress]', ....)"

于 2012-11-14T16:46:13.197 に答える