-1
我是PDO的新手,我試圖構建自己的CRUDS應用程序。我已經創建了CRD,但我遇到了更新用戶信息的問題。看起來我的語法有問題,但我徹底檢查了文檔,並且無法弄清楚代碼有什麼問題。它通過我這個錯誤:PHP PDO更新SQL語法錯誤
ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Doe, [email protected], location=New York City WHERE id=1' at line 1
這裏是我的代碼:
include('database.inc.php');
if (isset($_POST['submit'])) {
$id = $_POST['userId']; // 1
$name = $_POST['employee_name']; // John Doe
$email = $_POST['email']; // [email protected]
$location = $_POST['location']; // New York City
try {
$query = "UPDATE users SET employee_name=$name, email=$email, location=$location WHERE id=$id";
$statement = $conn->prepare($query);
$statement->execute();
header('Location: ../index.php');
} catch(PDOException $e) {
echo 'ERROR: ' .$e->getMessage();
}
}
將單引號放在您的變量中。-_-'$ query =「UPDATE users SET employee_name ='$ name',email ='$ email',location ='$ location'WHERE id = $ id 「;'和.. **注意:**'此('mysql_ *')擴展名從'PHP 5.5.0'開始不再使用,並且將來會被刪除。相反,** [MySQLi']的準備語句**(http://php.net/manual/en/mysqli.prepare.php)或['PDO_MySQL'](http://in2.php.net/ manual/en/pdo.prepare.php)擴展應該用來防止SQL注入攻擊!' –
我可以問,你正在檢查哪些文檔? –
@ShankarDamodaran可能你覺得你有點評論? –