1. 首頁
  2. 問答
  3. 編輯帖子提交MySQL錯誤

編輯帖子提交MySQL錯誤

2014-06-17 34 views
-1

我設法修復我以前的帖子wrt編輯表單中沒有顯示的錯誤。 現在編輯的形式顯示,但是當我嘗試更新(提交),我得到的錯誤:編輯帖子提交MySQL錯誤

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

FF是代碼片段我用:

if (isset($_POST['submit'])) { 

    $query = "UPDATE $tbl SET message = mysql_real_escape_string(".$row['message'].") WHERE id = ".$row['id']." "; 

    $result = mysql_query($query) or die (mysql_error()); 

    while ($row = mysql_fetch_array($result)) { 

     echo "Your post has been edited to:", "<br>"; 
     echo $row['message']; 
    } 

    mysql_free_result($result); 
    mysql_close(); 

}

請幫助。謝謝!

按@弗雷德-II和@jeroen的要求,這裏是全碼:

<?php ob_start(); ?> 
<?php error_reporting(E_ALL); ini_set('display_errors', 1); ?> 
<html> 
    <head> 
    <title>BQuotes</title> 
    <!-- <meta name="viewport" content="width=device-width, initial-scale=1"> --> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> 
    <link href="votingfiles/voting.css" rel="stylesheet" type="text/css" /> 
    <script src="votingfiles/voting.js" type="text/javascript"></script> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" /> 
    <link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css"> 
    <script src="http://code.jquery.com/jquery-1.10.0.min.js"></script> 
    <script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script> 
    <style> 
     .head_text { 
     color: #ffffff; 
     } 
     a { 
     text-decoration: none; 
     } 
    </style> 

    <script type="text/javascript"> 
     $('#g-login').bind('click', function (event) { 
     // event.preventDefault(); 
     // $('#form-id').attr('action', 'google-login.php').trigger('submit'); 
     alert("Clicked"); 
     }); 
    </script> 
    </head> 
    <body style="color:#d4ffaa"> 


    <!-- BQ Edit Post Start --> 
    <div data-role="page" id="edit-post"> 
     <div data-role="header" style="background-color:#5FBF00"> 
     <h1 class="head_text">BQuotes</h1> 
     </div> 
     <div data-role="main" class="ui-content"> 




     </div> 



     <?php 




     session_start(); 

       if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){ 
       echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'> 
        <br/><input type='submit' value='Logout'/>"; 
       echo "</form>"; 
       echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>"; 



      define ('HOSTNAME', 'xxxx'); 
      define ('USERNAME', 'xxxx'); 
      define ('PASSWORD', 'xxxx'); 
      define ('DATABASE_NAME', 'xxxx'); 

      $db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.'); 

      mysql_select_db(DATABASE_NAME); 

      $tbl='xxxx'; 
      $id=$_GET['pid']; 


      $query="SELECT * from $tbl WHERE id = ".$_GET['pid']." "; 


      $result = mysql_query($query) or die (mysql_error()); 

      while ($row = mysql_fetch_array($result)){ 
      /*$id=$row['id']; 
      $username=$row['username']; 
      $message=$row['message']; 
      $tag=$row['tag'];*/ 



      echo "<form name='edit-post' action='' method='post'>"; 
      echo "<input type='hidden' name='id' value=".$row['id'].">"; 
      echo "<input type='hidden' name='username' value=".$row['username'].">"; 
      echo "Status: <textarea name='message'>".$row['message']."</textarea>"; 
      //echo "Tag: <textarea rows='1' name='tag'>".$row['tag']."</textarea>"; 
      echo "<input type='submit' name='submit' value='Submit'>"; 
      echo "</form>"; 


      if (isset($_POST['submit'])) {   

      echo $row['id']; 
      $tbl = 'xxxx';   
      $query = "UPDATE $tbl SET message = ".mysql_real_escape_string($row['message'])." WHERE id =".$row['id']." "; 

      $result = mysql_query($query) or die (mysql_error()); 


      while ($row = mysql_fetch_array($result)) { 

      echo "Your post has been edited to:", "<br>"; 
      echo $row['message']; 
      //echo $row['tag']; 
      } 

      mysql_free_result($result); 
      mysql_close(); 

      } 

       } 
       } 
      else if($_SESSION['myusername'] == null){ 
       echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";  
       echo "<span class='loginreq'>Login to Edit</span>";   
       echo "<br/><input type='submit' value='Login with Google'/>"; 
       echo "</form>"; 
      } 




      /* 
      <?php 
      $id2=$_POST['id']; 
      $username2=$_POST['username']; 
      $message2=$_POST['message']; 
      $tag2=$_POST['tag']; 
      */ 



     ?> 



     <a href='mybq-index.php'>Home</a> 


     </div> 


    </body> 
</html> 
<?php ob_flush(); ?>

來源

2014-06-17 adeoba

+0

也許mysql_real_escape_string應該在php中進行評估,而不是由MySQL後端進行評估,我對mysql_ *函數有任何疑問。 – Frazz

+0

將錯誤報告添加到文件頂部 'error_reporting(E_ALL); ini_set('display_errors',1);'向我們展示更多代碼,包括HTML表單和DB連接代碼,同時用'xxx'代替DB憑證。 –

+0

請閱讀我的回答及其下方的評論。對於你沒有在'UPDATE'語句中引用'message'的值。當你直接在sql語句中注入字符串時,需要引用字符串。 – jeroen

回答

0

定了! 問題是具有表單提交給自己,所以我創建了一個新的操作文件(編輯後act.php)這樣的:

<html> 
    <head> 
    <title>BQuotes</title> 
    <!-- <meta name="viewport" content="width=device-width, initial-scale=1"> --> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> 
    <link href="votingfiles/voting.css" rel="stylesheet" type="text/css" /> 
    <script src="votingfiles/voting.js" type="text/javascript"></script> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" /> 
    <link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css"> 
    <script src="http://code.jquery.com/jquery-1.10.0.min.js"></script> 
    <script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script> 
    <style> 
     .head_text { 
     color: #ffffff; 
     } 
     a { 
     text-decoration: none; 
     } 
    </style> 

    <script type="text/javascript"> 
     $('#g-login').bind('click', function (event) { 
     // event.preventDefault(); 
     // $('#form-id').attr('action', 'google-login.php').trigger('submit'); 
     alert("Clicked"); 
     }); 
    </script> 
    </head> 
    <body style="color:#d4ffaa"> 


    <!-- BQ Edit Post Act Start --> 
    <div data-role="page" id="edit-post-act"> 
     <div data-role="header" style="background-color:#5FBF00"> 
     <h1 class="head_text">BQuotes</h1> 
     </div> 
     <div data-role="main" class="ui-content"> 




     </div> 



     <?php 




     session_start(); 

       if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){ 
       echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'> 
        <br/><input type='submit' value='Logout'/>"; 
       echo "</form>"; 
       echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>"; 


      $id2=$_POST['id']; 
      $username2=$_POST['username']; 
      $message2=$_POST['message']; 
      $tag2=$_POST['tag']; 

      define ('HOSTNAME', 'xxxx'); 
      define ('USERNAME', 'xxxx'); 
      define ('PASSWORD', 'xxxx'); 
      define ('DATABASE_NAME', 'xxxx'); 

      $db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.'); 

      mysql_select_db(DATABASE_NAME); 


      $tbl = 'xxxx';   
      $query = "UPDATE $tbl SET message = '$message2' WHERE id = '$id2' "; 

      $result = mysql_query($query) or die (mysql_error()); 




      echo "Your post has been edited to:", "<br>"; 
      echo $message2; 


      mysql_free_result($result); 
      mysql_close(); 

      } 
      else if($_SESSION['myusername'] == null){ 
       echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";  
       echo "<span class='loginreq'>Login to Edit</span>";   
       echo "<br/><input type='submit' value='Login with Google'/>"; 
       echo "</form>"; 
      } 

      ?> 

     <a href='mybq-index.php'>Home</a> 


     </div> 


    </body> 
</html>

謝謝大家!抄送:@ Fred-ii,@ jeroen

來源

2014-06-17 16:31:59 adeoba

2

mysql_real_escape_string是一個PHP函數,而不是一個MySQL的功能。

所以語法是:

$query = "UPDATE $tbl SET message = '" . mysql_real_escape_string($row['message']) . "' WHERE id = ".$row['id']." ";

但你真的應該切換到PDOprepared statementsmysqli_* with prepared statements,爲mysql_*功能已被棄用。

來源

2014-06-17 13:30:07 jeroen

+0

對不起,但同樣的錯誤! – adeoba

+0

@adeoba你已經做了生成的SQL語句的'var_dump()'?可能表名需要反引號或ID需要根據列的類型引用,還要注意'message'值的單引號 – jeroen

+0

@jeroen也許OP的'id'不是'int's,應該使用'WHERE id ='「 $ row ['id']。''「;'(?) –

0

一次嘗試這樣

$query = "UPDATE $tbl SET 
      message = '".mysql_real_escape_string($row['message'])."' 
      WHERE id = ".$row['id']." ";

來源

2014-06-17 13:31:35 Sach

+0

對不起,同樣的錯誤! – adeoba

+0

請嘗試充實您的答案。只是在沒有任何解釋或上下文的情況下發布代碼塊並不好。在目前的狀態下,你的答案可能對將來尋找這個問題的答案的人沒有任何用處。 –

0

沒有頂住事實上,你使用的是mysql_功能和人愛你nagg有關。

嘗試使生活變得簡單一點爲自己和這樣做:

​​

或曾經這樣

$query = "UPDATE $tbl SET message = '" . 
      mysql_real_escape_string($row['message']) . 
      "' WHERE id = {$row['id']}";

那麼你或許會發現你錯過叫到身邊文本字段中的單引號message

來源

2014-06-17 13:31:39 RiggsFolly

+0

對不起,同樣的錯誤! – adeoba

0

我認爲你必須改變這種updatestatement:

$query = "UPDATE $tbl SET message = '".mysql_real_escape_string($row['message'])."' WHERE id = ".$row['id']." ";

來源

2014-06-17 13:32:35 Jens

+0

對不起,同樣的錯誤! – adeoba

+0

@adeoba和'$ row ['id']'不是空的? – Jens

+0

<?php echo $ row ['id']; ?>不顯示任何內容... – adeoba

相關問題

 相關問題