MYSQL語法錯誤1064

我只是無法弄清楚，爲什麼我從這個查詢MYSQL語法錯誤1064

//prep the data for database use 
$manufacturer_id = $_GET['id']; 
$manufacturer_display_name = mysql_prep($_POST['manufacturer_display_name']); 
$manufacturer_name = mysql_prep($_POST['manufacturer_name']); 


$query = "UPDATE IT_manufacturer SET 
     manufacturer_name = '{$manufacturer_name}', 
     manufacturer_display_name = '{$manufacturer_display_name}', 
     WHERE manufacturer_id = {$manufacturer_id} 
     "; 

$result = mysql_query($query, $connection); 
confirm_query ($result);

收到錯誤1064如果我贊同變量$ MANUFACTURER_NAME，$ manufacturer_display_name，$ MANUFACTURER_ID他們都有價值，但我得到這個錯誤

無法執行查詢您的SQL語法中有錯誤;檢查對應於你的MySQL服務器版本正確的語法使用手動附近「WHERE MANUFACTURER_ID = 1」第4行的錯誤編號1064

任何幫助

來源

2010-01-04 Gatura

的示例是不安全（嘗試「/ ID = 2或1 = 1？」）。 http://stackoverflow.com/questions/tagged/sql-injection – serbaut 2010-01-04 20:59:02

刪除逗號之前在哪裏，應該是

$query = "UPDATE IT_manufacturer SET manufacturer_name = '{$manufacturer_name}', 
       manufacturer_display_name = '{$manufacturer_display_name}' 
       WHERE manufacturer_id = {$manufacturer_id} ";

逗號只是分開設置不同的變量，而不是來自哪裏的集合。

來源

2010-01-04 20:16:50

很好用謝謝 – Gatura 2010-01-04 20:22:14

在其中前取出逗號：

'{$manufacturer_display_name}', WHERE manufacturer_id 
          ^^^

來源

2010-01-04 20:17:35 Andomar

MYSQL語法錯誤1064

回答

相關問題