獲得「你在你的SQL語法錯誤;檢查對應於你的MySQL服務器版本的手冊」

Question

是否有人可以運行他們的眼睛在我的編碼找到爲什麼我收到這樣的：

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

我知道這將是非常簡單的事情，但我看不到它。

<body> 
<?php 
//connect to database// 
$dbc = mysql_connect("localhost", "root", "***"); 
if (!$dbc) 
die ('Could not connect: ' . mysql_error()); 

//select database// 
$db_selected = mysql_select_db("tafe", $dbc); 
if (!$db_selected) 
die ('Could not connect: ' . mysql_error()); 

// initialise variables to store form control values 
$Name = ""; 
$Address = ""; 
$Phone = ""; 
$Mobile = ""; 
$Email = ""; 


if($_SERVER['REQUEST_METHOD'] == "POST") // if form has been posted 
{ 
// initialise variables to store posted values 
$ContactID = $_POST["ContactID"]; 
$Name = $_POST["Name"]; 
$Address = $_POST["Address"]; 
$Phone = $_POST["Phone"]; 
$Mobile = $_POST["Mobile"]; 
$Email = $_POST["Email"]; 

//build sql insert statement 
$qry = "UPDATE contacts SET Name = '" . $Name . "', Address = '" . $Address . "', Phone = '" . $Phone . "', Mobile = '" . $Mobile . "', Email = '" . $Email . "' WHERE ContactID =" . $ContactID; 

// run insert statement against database 
$rst = mysql_query($qry, $dbc); 

if ($rst) 
{ 
    echo "<b><font color='green'>The contact has been updated.</font></b>"; 
    echo "</br></br>"; 
    echo "<a href=list-contacts.php>Continue</a>"; 
} 

else 

{ 
    echo "<b><font color='red'>Error: ". mysql_error($dbc) . "</font></b>"; //alert if contact could not be added// 
} 

} 


else // if form has not been posted 
{ 
// build sql statement 
$qry = "SELECT * FROM contacts WHERE ContactID = " . $_GET["ContactID"]; 


// run select statement 
$rst = mysql_query($qry, $dbc); 

if ($rst) 
{ 
    $row = mysql_fetch_assoc($rst); // fetch row and place column values into respective place holder variable 

    $Name = $row["Name"]; 
    $Address = $row["Address"]; 
    $Phone = $row["Phone"]; 
    $Mobile = $row["Mobile"]; 
    $Email = $row["Email"]; 
} 

else // in case of an error 
{ 
    echo "<b><font color='red'>Error: ". mysql_error($dbc) . "</font></b>"; 
} // end of nested else statement ?> 

<form name="editcontact" method="post" action="edit-contact.php"> 
<table border="1" cellpadding="2"> 
<caption> Caption 5</caption> 

<!--Name Input--> 
<tr> 
<td><label for="Name">Name</label></td> 
<td><input type="text" name="Name" value="<?php echo $Name ?>" size="30" maxlength="50" tabindex="1"/> 
</td> 
</tr> 

<!-- Address Input--> 
<tr> 
<td><label for="Address">Address</label></td> 
<td><textarea name="Address" cols="45" rows="5" tabindex="2"><?php echo $Address?></textarea></td> 
</tr> 

<!--Phone Input--> 
<tr> 
<td><label for="Phone">Phone</label></td> 
<td><input type="text" name="Phone" value="<?php echo $Phone ?>" size="20" maxlength="20" tabindex="3" /> </td> 
</tr> 

<!--Mobile Input--> 
<tr> 
<td><label for="Mobile">Mobile</label></td> 
<td><input type="text" name="Mobile" value="<?php echo $Mobile ?>" size="20" maxlength="20" tabindex="4" /> </td> 
</tr> 

<!--Email Input--> 
<tr> 
<td><label for="Email">Email</label></td> 
<td><input type="text" name="Email" value="<?php echo $Email ?>" size="30" maxlength="50" tabindex="5" /></td> 
</tr> 

<!--Submit Button--> 
<tr> 
<td colspan="2" align="center"><input type="submit" name="Submit" value="Submit" tabindex="6"/>  
</td> 
</tr> 

</table> 
</form> 



<?php 
} // end of main else statement 

mysql_free_result($rst); //free memory// 

?> 

</body> 
</html>` 

Answer 1

試試這個

$qry = "UPDATE contacts SET 
       Name = '" . mysql_real_escape_string($Name) . "', 
       Address = '" . mysql_real_escape_string($Address) . "', 
       Phone = '" . mysql_real_escape_string($Phone) . "', 
       Mobile = '" . mysql_real_escape_string($Mobile) . "', 
       Email = '" . mysql_real_escape_string($Email) . "' 
       WHERE ContactID =" . $ContactID; 

請確保您的HTML表單，你有一個隱藏的文本框或文本框的名字「的ContactID」 因爲您在查詢中使用這一點，我沒有看到那個在表格內。

$ContactID = $_POST["ContactID"]; 

注意：您正在使用的是過時mysql_ *功能，開始使用mysqli_ *函數或PDO

Answer 2

試試這個

$qry = "UPDATE contacts 
     SET Name = '" . $Name . "', 
      Address = '" . $Address . "', 
      Phone = '" . $Phone . "', 
      Mobile = '" . $Mobile . "', 
      Email = '" . $Email . "' 
     WHERE ContactID = '" . $ContactID . "' " ; 

，並切換到查詢還

$qry = "SELECT * FROM contacts WHERE ContactID = '" . $_GET['ContactID']."' " ; 

nB：

1-你應該mysql_real_escape_string()

2-逃不過你的變量，你應該使用PDO或mysqli的，而不是MYSQL

Answer 3

的$_POST["ContactID"]返回null，這就是爲什麼你得到了錯誤。
發送的ContactID到服務器：

<input type="hidden" name="ContactID" value="<?php echo $_GET["ContactID"]; ?>" /> 

有sevenal問題與您的代碼：

1. 不要使用mysql_*功能。他們已經過時了。使用mysqli_*或PDO。
2. 請務必檢查用戶發送的數據，否則用戶可能會刪除您的數據庫。
3. 請勿使用<b>和<font>標籤。現在是2014年。使用HTML5和CSS3。
4. 使用htmlspecialchars()，否則用戶將能夠攻擊你的網站（XSS）
5. 如果使用標籤，您需要設置輸入的ID。
6. 請勿使用表格來建立網站。使用浮動div。

此代碼將工作做好：

<?php 
try 
{ 
    $db = new PDO("mysql:dbname=tafe;host=localhost", "root", "***"); 
} 
catch (PDOException $e) 
{ 
    die("Cannot connect to database."); 
} 
function post($name) 
{ 
    return isset($_POST[$name]) ? $_POST[$name] : ""; 
} 
function html($x) 
{ 
    return htmlentities($x, ENT_QUOTES, "UTF-8"); 
} 
if (post("id")) 
{ 
    $query = $db->prepare("UPDATE contacts SET Name = :name, Address = :address, Phone = :phone, Mobile = :mobile, Email = :email WHERE ContactID = :id"); 
    $query->bindParam(":name", post("name")); 
    $query->bindParam(":address", post("address")); 
    $query->bindParam(":phone", post("phone")); 
    $query->bindParam(":mobile", post("mobile")); 
    $query->bindParam(":email", post("email")); 
    $query->bindParam(":id", post("id")); 
    if ($query->execute()) 
     $message = '<span style="color: green; font-weight: bold;">The contact has been updated.</span><br /><a href="list-contacts.php">Continue</a>'; 
    else 
     $message = '<span style="color: red; font-weight: bold;">There was an error.</span>'; 
} 
elseif (isset($_GET["ContactID"])) 
{ 
    $query = $db->prepare("SELECT Name, Address, Phone, Mobile, Email FROM contacts WHERE ContactID = :id"); 
    $query->bindParam(":id", $_GET["ContactID"]); 
    if ($query->execute()) 
    { 
     if (!$query->rowCount()) 
      $message = '<span style="color: red; font-weight: bold;">This contact does not exists.</span>'; 
     else 
     { 
      $row = $query->fetch(PDO::FETCH_ASSOC); 
      foreach ($row as $k => $v) 
       $_POST[$k] = $v; 
     } 
    } 
    else 
     $message = '<span style="color: red; font-weight: bold;">There was an error.</span>'; 
?> 
<!DOCTYPE html> 
<html> 
    <head> 
     <title>Contact</title> 
     <meta charset="utf-8" /> 
    </head> 
    <body> 
     <?php 
     if (isset($message)) 
      echo "<p>".$message."</p>"; 
     ?> 
     <form action="edit-contact.php" method="post"> 
      <label for="name">Name:</label><br /> 
      <input type="text" name="name" id="name" value="<?php echo html(post("name")) ?>" /><br /> 
      <label for="address">Address:</label><br /> 
      <textarea name="address" id="address"><?php echo html(post("address")) ?></textarea><br /> 
      <label for="phone">Phone:</label><br /> 
      <input type="text" name="phone" id="phone" value="<?php echo html(post("phone")) ?>" /><br /> 
      <label for="mobile">Mobile:</label><br /> 
      <input type="text" name="mobile" id="mobile" value="<?php echo html(post("mobile")) ?>" /><br /> 
      <label for="email">Email:</label><br /> 
      <input type="text" name="email" id="email" value="<?php echo html(post("email")) ?>" /><br /> 
      <input type="submit" name="submit" value="Submit" />  
      <input type="hidden" name="id" value="<?php echo isset($_GET["ContactId"]) ? intval($_GET["ContactId"]) : "0" ?>" /> 
     </form> 
    </body> 
</html>