PHP的錯誤更新表

我想在MySQL錶行這樣的更新一行：PHP的錯誤更新表

$conn = new mysqli('localhost','root','','db'); 
// Check connection 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 

//if input == members 
$sql = "UPDATE `members` SET id = ".$_POST['id']." fname = ".$_POST['fname'].", lname = ". 
$_POST['lname'].", gender = ".$_POST['gender'].", age_group = ".$_POST['age_group'].", status = ". 
$_POST['status'].", dob_day = ".$_POST['dob_day'].", dob_month = ".$_POST['dob_month'].", wed_anni_day = ". 
$_POST['wed_anni_day'].", wed_anni_month = ".$_POST['wed_anni_month'].", type = ". 
$_POST['type'].", email = ".$_POST['email'].", address = ".$_POST['address'].", city = ".$_POST['city'].", zipco = ". 
$_POST['zipco'].", contact1 = ".$_POST['contact1'].", contact2 = ".$_POST['contact2']; 

if ($conn->query($sql) === TRUE) { 
    echo "Record updated successfully"; 
} else { 
    echo "Error updating record: " . $conn->error; 
}

我收到此錯誤：

Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fname = s_name, lname = l_name, gender = Female, age_group = Adult, status = ' at line 1

我在做什麼錯？謝謝。

來源

2015-08-27 Adegoke A

不要直接在數據庫中查詢從POST/GET獲得的任何數據。在使用它之前，您應該過濾/轉義。 – Tomasz

有id = ".$_POST['id']."後失蹤,這裏contact2 = ".$_POST['contact2'];不能打破這樣

$sql = "UPDATE `members` SET id = ".$_POST['id']." 
fname = ".$_POST['fname'].", 
lname = ".$_POST['lname'].", 
gender = ".$_POST['gender'].", 
age_group = ".$_POST['age_group'].", 
status = ".$_POST['status'].", 
dob_day = ".$_POST['dob_day'].", 
dob_month = ".$_POST['dob_month'].", 
wed_anni_day = ".$_POST['wed_anni_day'].", 
wed_anni_month = ".$_POST['wed_anni_month'].", 
type = ".$_POST['type'].", 
email = ".$_POST['email'].", 
address = ".$_POST['address'].", 
city = ".$_POST['city'].", 
zipco = ".$_POST['zipco'].", 
contact1 = ".$_POST['contact1'].", 
contact2 = ".$_POST['contact2'];

行應該是

$sql = "UPDATE `members` SET id = ".$_POST['id'].", 
fname = ".$_POST['fname'].", 
lname = ".$_POST['lname'].", 
gender = ".$_POST['gender'].", 
age_group = ".$_POST['age_group'].", 
status = ".$_POST['status'].", 
dob_day = ".$_POST['dob_day'].", 
dob_month = ".$_POST['dob_month'].", 
wed_anni_day = ".$_POST['wed_anni_day'].", 
wed_anni_month = ".$_POST['wed_anni_month'].", 
type = ".$_POST['type'].", 
email = ".$_POST['email'].", 
address = ".$_POST['address'].", 
city = ".$_POST['city'].", 
zipco = ".$_POST['zipco'].", 
contact1 = ".$_POST['contact1'].", 
contact2 = ".$_POST['contact2']." ";

而且還WHERE子句是丟失。

或者可以在查詢應該是這樣

$sql = "UPDATE `members` SET fname = ".$_POST['fname'].", 
lname = ".$_POST['lname'].", 
gender = ".$_POST['gender'].", 
age_group = ".$_POST['age_group'].", 
status = ".$_POST['status'].", 
dob_day = ".$_POST['dob_day'].", 
dob_month = ".$_POST['dob_month'].", 
wed_anni_day = ".$_POST['wed_anni_day'].", 
wed_anni_month = ".$_POST['wed_anni_month'].", 
type = ".$_POST['type'].", 
email = ".$_POST['email'].", 
address = ".$_POST['address'].", 
city = ".$_POST['city'].", 
zipco = ".$_POST['zipco'].", 
contact1 = ".$_POST['contact1'].", 
contact2 = ".$_POST['contact2']." 
WHERE 
id = ".$_POST['id']." ";

做的最好的方法;

$id = mysql_real_escape_string($_POST['id']); 
$fname = mysql_real_escape_string($_POST['fname']); 
$lname = mysql_real_escape_string($_POST['lname']); 
$gender = mysql_real_escape_string($_POST['gender']); 
$age_group = mysql_real_escape_string($_POST['age_group']); 
$status = mysql_real_escape_string($_POST['status']); 
$dob_day = mysql_real_escape_string($_POST['dob_day']); 
$dob_month = mysql_real_escape_string($_POST['dob_month']); 
$wed_anni_day = mysql_real_escape_string($_POST['wed_anni_day']); 
$wed_anni_month= mysql_real_escape_string($_POST['wed_anni_month']); 
$type = mysql_real_escape_string($_POST['type']); 
$email = mysql_real_escape_string($_POST['email']); 
$address = mysql_real_escape_string($_POST['address']); 
$city = mysql_real_escape_string($_POST['city']); 
$zipco = mysql_real_escape_string($_POST['zipco']); 
$contact1 = mysql_real_escape_string($_POST['contact1']); 
$contact2 = mysql_real_escape_string($_POST['contact2']); 

$sql = "UPDATE `members` SET fname = '$fname', 
lname = '$lname', 
gender = '$gender', 
age_group = '$age_group', 
status = '$status', 
dob_day = '$dob_day', 
dob_month = '$dob_month', 
wed_anni_day = '$wed_anni_day', 
wed_anni_month = '$wed_anni_month ', 
type = '$type', 
email = '$email', 
address = '$address', 
city = '$city ', 
zipco = '$zipco', 
contact1 = '$contact1', 
contact2 = '$contact2' 
WHERE 
id = '$id' ";

來源

2015-08-27 20:45:18 Shehary

謝謝，但我仍然收到此錯誤： '更新記錄時出錯：您的SQL語法中有錯誤;檢查對應於您的MySQL服務器版本的手冊，以便在'@ tcd.ie， address = 40 CG， city = city， zipco = zip， contact1 = 187'line 11'處使用正確的語法。 –

更新答案代碼，使用上次更新的代碼 – Shehary

你錯過了,，這就是爲什麼錯誤

UPDATE `members` SET id = ".$_POST['id']." fname = ".$_POST['fname'] 
              ^..... Here

來源

2015-08-27 20:45:31 Rahul

你$_POST['id']後錯過了一個逗號和字符串必須引號內：

fname = '".$_POST['fname']."' 
     ^>> here   ^and here...

你需要對插入/更新字符串的所有字段進行更改。

來源

2015-08-27 20:47:12 baao

PHP的錯誤更新表

回答

相關問題