php - 语法错误或访问冲突 : 1064 You have an error in your SQL syntax

Question

我有以下 PHP 验证:

假设 POST 变量按预期在表单中设置。

 // Check if email input field is empty     
 if (empty($_POST["email"])) {
        $emailErr = "Email address required";
    }
    else {
    // If it is not empty, quote to prevent SQL injection and assign it to a variable
    $email = $_POST['email'];
    $safe_email = $db->quote($_POST['email']);
    }

    // same for password, but instead of quote I hash the password below
    if (empty($_POST["password"])) {
        $passwordErr = "Password required";
    }
    else {
        $password = $_POST["password"];
    }

如果没有错误: //哈希密码 $hashed_pa​​ssword = md5($password);

// create an insert query, insert safe email and hashed password into database
$query = "INSERT INTO user VALUES ('', 0, '$safe_email', '$hashed_password')";

// perform the above query
$result = $db->query($query);

我遇到的问题是，当我在查询中使用 $safe_email 而不是仅使用 $email 时，它会给出以下错误:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leomessi@adidas.com'', 'ce0a8ad8a758c3d242d9e050c4707fb6')' at line 1' in C:\wamp\www\Coursework\register.php on line 65

不太确定这里的问题是什么，因为我的语法似乎没问题。

这是我的数据库结构:

Answer 1

您已经使用 $db->quote() 添加了引号，因此您需要从 $query 中删除它们。访问http://pl1.php.net/manual/en/pdo.quote.php#112169并检查示例中的代码。