1. 首頁
  2. 問答
  3. SQL語法錯誤附近哪裏陳述在更新功能

SQL語法錯誤附近哪裏陳述在更新功能

2012-05-05 42 views
0

好吧,所以我不明白是怎麼回事。據我所知,代碼是正確的,但它拋出了一個SQL語法錯誤,這很奇怪,因爲我在我的網站上使用了相同的代碼。我希望有人可以查看它,讓我知道他們看到的任何錯誤。謝謝。SQL語法錯誤附近哪裏陳述在更新功能

錯誤: 您的SQL語法錯誤;檢查對應於你的MySQL服務器版本正確的語法使用手動附近「WHERE ID = 954001」在行1

驗證碼:

<?php session_start(); //!!!!Nothing Can Go Before Me!!!! 
require_once('***********'); 
$id = $_SESSION['id']; 

//INFO UPDATE// 
$her_name = $_POST['her_name']; 
$her_pic_url = $_POST['her_pic_url']; 
$his_name = $_POST['his_name']; 
$his_pic_url = $_POST['his_pic_url']; 
$event_date = $_POST['event_date']; 
$time = $_POST['time']; 
$event_address = $_POST['event_address']; 
$email = $_POST['email']; 
$her_about = $_POST['her_about']; 
$her_fb = $_POST['her_fb']; 
$her_twit = $_POST['her_twit']; 
$him_about = $_POST['him_about']; 
$him_fb = $_POST['him_fb']; 
$him_twit = $_POST['him_twit']; 
$userpic_1 = $_POST['userpic_1']; 
$usercap_1 = $_POST['usercap_1']; 
$userpic_2 = $_POST['userpic_2']; 
$usercap_2 = $_POST['usercap_2']; 
$userpic_3 = $_POST['userpic_3']; 
$usercap_3 = $_POST['usercap_3']; 
$userpic_4 = $_POST['userpic_4']; 
$usercap_4 = $_POST['usercap_4']; 
$userpic_5 = $_POST['userpic_5']; 
$usercap_5 = $_POST['usercap_5']; 
$userpic_6 = $_POST['userpic_6']; 
$usercap_6 = $_POST['usercap_6']; 
$userpic_7 = $_POST['userpic_7']; 
$usercap_7 = $_POST['usercap_7']; 
$userpic_8 = $_POST['userpic_8']; 
$usercap_8 = $_POST['usercap_8']; 
$userpic_9 = $_POST['userpic_9']; 
$usercap_9 = $_POST['usercap_9']; 
$userpic_10 = $_POST['userpic_10']; 
$usercap_10 = $_POST['usercap_10']; 
$userpic_11 = $_POST['userpic_11']; 
$usercap_11 = $_POST['usercap_11']; 
$userpic_12 = $_POST['userpic_12']; 
$usercap_12 = $_POST['usercap_12']; 
$userpic_13 = $_POST['userpic_13']; 
$usercap_13 = $_POST['usercap_13']; 
$userpic_14 = $_POST['userpic_14']; 
$usercap_14 = $_POST['usercap_14']; 
$userpic_15 = $_POST['userpic_15']; 
$usercap_15 = $_POST['usercap_15']; 
$userpic_16 = $_POST['userpic_16']; 
$usercap_16 = $_POST['usercap_16']; 
$userpic_17 = $_POST['userpic_17']; 
$usercap_17 = $_POST['usercap_17']; 
$userpic_18 = $_POST['userpic_18']; 
$usercap_18 = $_POST['usercap_18']; 
$userpic_19 = $_POST['userpic_19']; 
$usercap_19 = $_POST['usercap_19']; 
$userpic_20 = $_POST['userpic_20']; 
$usercap_20 = $_POST['usercap_20']; 
$userpic_21 = $_POST['userpic_21']; 
$usercap_21 = $_POST['usercap_21']; 
$userpic_22 = $_POST['userpic_22']; 
$usercap_22 = $_POST['usercap_22']; 
$userpic_23 = $_POST['userpic_23']; 
$usercap_23 = $_POST['usercap_23']; 
$userpic_24 = $_POST['userpic_24']; 
$usercap_24 = $_POST['usercap_24']; 
$userpic_25 = $_POST['userpic_25']; 
$usercap_25 = $_POST['usercap_25']; 

$insert = "UPDATE ******* SET her_name = '$_POST[her_name]', her_pic_url = '$_POST[her_pic_url]', his_name = '$_POST[his_name]', his_pic_url = '$_POST[his_pic_url]', event_date = '$_POST[event_date]', time = '$_POST[time]', event_address = '$_POST[event_address]', email = '$_POST[email]', her_about = '$_POST[her_about]', her_fb = '$_POST[her_fb]', her_twit = '$_POST[her_twit]', him_about = '$_POST[him_about]', him_fb = '$_POST[him_fb]', him_twit = '$_POST[him_twit]', userpic_1 = '$_POST[userpic_1]', usercap_1 = '$_POST[usercap_1]', userpic_2 = '$_POST[userpic_2]', usercap_2 = '$_POST[usercap_2]', userpic_3 = '$_POST[userpic_3]', usercap_3 = '$_POST[usercap_3]', userpic_4 = '$_POST[userpic_4]', usercap_4 = '$_POST[usercap_4]', userpic_5 = '$_POST[userpic_5]', usercap_5 = '$_POST[usercap_5]', userpic_6 = '$_POST[userpic_6]', usercap_6 = '$_POST[usercap_6]', userpic_7 = '$_POST[userpic_7]', usercap_7 = '$_POST[usercap_7]', userpic_8 = '$_POST[userpic_8]', usercap_8 = '$_POST[usercap_8]', userpic_9 = '$_POST[userpic_9]', usercap_9 = '$_POST[usercap_9]', userpic_10 = '$_POST[userpic_10]', usercap_10 = '$_POST[usercap_10]', userpic_11 = '$_POST[userpic_11]', usercap_11 = '$_POST[usercap_11]', userpic_12 = '$_POST[userpic_12]', usercap_12 = '$_POST[usercap_12]', userpic_13 = '$_POST[userpic_13]', usercap_13 = '$_POST[usercap_13]', userpic_14 = '$_POST[userpic_14]', usercap_14 = '$_POST[usercap_14]', userpic_15 = '$_POST[userpic_15]', usercap_15 = '$_POST[usercap_15]', userpic_16 = '$_POST[userpic_16]', usercap_16 = '$_POST[usercap_16]', userpic_17 = '$_POST[userpic_17]', usercap_17 = '$_POST[usercap_17]', userpic_18 = '$_POST[userpic_18]', usercap_18 = '$_POST[usercap_18]', userpic_19 = '$_POST[userpic_19]', usercap_19 = '$_POST[usercap_19]', userpic_20 = '$_POST[userpic_20]', usercap_20 = '$_POST[usercap_20]', userpic_21 = '$_POST[userpic_21]', usercap_21 = '$_POST[usercap_21]', userpic_22 = '$_POST[userpic_22]', usercap_22 = '$_POST[usercap_22]', userpic_23 = '$_POST[userpic_23]', usercap_23 = '$_POST[usercap_23]', userpic_24 = '$_POST[userpic_24]', usercap_24 = '$_POST[usercap_24]', userpic_25 = '$_POST[userpic_25]', usercap_25 = '$_POST[usercap_25]', WHERE id=$id"; 

$result=mysql_query($insert) or die(mysql_error()); 

if ($result) { 
header("location:**********"); 
} 

else { 
echo "Whoops! There seems to have been an error! Please try again! If the problem persists please contact Modern Event Productions to update your event!<a href='***************'>Click here to go back to the Vendor System and try again.</a>"; 
} ?>

來源

2012-05-05 Tyler Radlick

+3

**你的代碼很容易受到SQL注入。**你真的* *應使用準備好的語句,在其中傳遞的變量爲不得到SQL評估參數。如果你不知道我在說什麼,或者如何解決它,請閱讀[Bobby Tables](http://bobby-tables.com)的故事。 – eggyal

+1

「usercap_25 ='$ _POST [usercap_25]')」後面有一個,應該刪除,因爲「usercap_25 ='$ _POST [usercap_25]',WHERE ...」無效。 你應該保護你的數據庫免受SQL注入。 – Wezelkrozum

+0

這可以通過循環/內爆來簡化。 – Blake

回答

0

,WHERE id=$id

這是告訴你的SQL語句是不正確的,問題是語句的WHERE條款。

擺脫,

來源

2012-05-05 23:22:35

2

set子句中的最後一個元素包含尾隨逗號在WHERE之前。

WHERE子句之前刪除逗號','應清除錯誤。

來源

2012-05-05 23:21:45 eggyal

+0

謝謝,我將接受8小分。 –

相關問題

 相關問題