2013-05-16 47 views
-1

它顯示17行解析錯誤,我已經徹底檢查,但無法找到error.So如何解決這個error.it是insert_city_query.php在17行解析錯誤,如何解決它

<?php 
    include('../../Connections/autodealers.php'); 
    //error_reporting(0); 
    $cityname=$_POST['cityname']; 
    $cityorder=$_POST['cityorder']; 
    $status=$_POST['status']; 
    if($status="Enabled") 
    $status=1; 
    else 
    $status=0; 

    $query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values 
    (
    '" . addslashes($cityname) . "' , 
    '" . addslashes($cityorder) . "' , 
    '" . addslashes($status) . " ' 
    WHERE LCASE='strtolower($_REQUEST['cityname'])')"; 
    echo $query; 
    $result=mysql_query($query); 

    if(!$result) 
    { 
    die ('ERROR: '.mysql_error()); 
    header("Location: " .$base_url. "admin/city_insert.php");//if query fails 
    } 
    else 
    { 
    header("Location: " .$base_url. "admin/cities.php");//if query suceeds 
    } 
    mysql_close($autodealers); 



    ?> 

回答

1

查詢更改爲,

$query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values 
('" . addslashes($cityname) . "' , 
'" . addslashes($cityorder) . "' , 
'" . addslashes($status) . " ' 
WHERE LCASE='" . strtolower($_REQUEST['cityname']) . "')"; 

注:Please, don't use mysql_* functions in new code。他們不再維護and are officially deprecated。看到red box?請改爲了解prepared statements,並使用PDOMySQLi - this article將幫助您決定哪個。如果您選擇PDO,here is a good tutorial

警告:查詢是SQL Injection脆弱的,如果變量的值(小號)從外面走了進來。請看下面的文章,瞭解如何防止它。

+0

感謝烏拉圭回合的幫助 – lillac

+0

很樂意幫助你。請不要忘記通過點擊左側的複選標記來接受我的答案。 – Rikesh

0

不要使用strtolower()的功能。

你應該改變這一行:

WHERE LCASE='strtolower($_REQUEST['cityname'])')"; 

WHERE LCASE='".strtolower($_REQUEST['cityname'])."')"; 
+0

感謝您的幫助 – lillac

相關問題