个人中心
gpt4 book ai didi

php - 获取 "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version"

转载 作者:行者123 更新时间:2023-11-29 13:17:56 25 4
gpt4 key购买 nike

有人可以仔细检查一下我的代码,找出为什么我会得到这个:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

我知道这将是非常简单的事情,但我看不到它。 

<body>
<?php
//connect to database//
$dbc = mysql_connect("localhost", "root", "***");
if (!$dbc)
die ('Could not connect: ' . mysql_error());

//select database//
$db_selected = mysql_select_db("tafe", $dbc );
if (!$db_selected)
die ('Could not connect: ' . mysql_error());

// initialise variables to store form control values
$Name = "";
$Address = "";
$Phone = "";
$Mobile = "";
$Email = "";


if($_SERVER['REQUEST_METHOD'] == "POST") // if form has been posted
{  
// initialise variables to store posted values
$ContactID = $_POST["ContactID"];
$Name = $_POST["Name"];
$Address = $_POST["Address"];
$Phone = $_POST["Phone"];
$Mobile = $_POST["Mobile"];
$Email = $_POST["Email"];

//build sql insert statement
$qry = "UPDATE contacts SET Name = '" . $Name . "', Address = '" . $Address . "', Phone = '" . $Phone . "', Mobile = '" . $Mobile . "', Email = '" . $Email . "' WHERE ContactID =" . $ContactID;

// run insert statement against database
$rst = mysql_query($qry, $dbc);

if ($rst)
{
    echo "<b><font color='green'>The contact has been updated.</font></b>";
    echo "</br></br>";
    echo "<a href=list-contacts.php>Continue</a>"; 
}

else 

{
    echo "<b><font color='red'>Error: ". mysql_error($dbc) . "</font></b>"; //alert if contact could not be added//
}

}


else // if form has not been posted
{
// build sql statement
$qry = "SELECT * FROM contacts WHERE ContactID = " . $_GET["ContactID"];


// run select statement
$rst = mysql_query($qry, $dbc);

if ($rst)
{
    $row = mysql_fetch_assoc($rst); // fetch row and place column values into respective place holder variable 

    $Name = $row["Name"];
    $Address = $row["Address"];
    $Phone = $row["Phone"];
    $Mobile = $row["Mobile"];
    $Email = $row["Email"];
}

else // in case of an error
{
    echo "<b><font color='red'>Error: ". mysql_error($dbc) . "</font></b>"; 
} // end of nested else statement ?>

<form name="editcontact" method="post" action="edit-contact.php"> 
<table border="1" cellpadding="2">
<caption> Caption 5</caption>

<!--Name Input-->
<tr>
<td><label for="Name">Name</label></td>
<td><input type="text" name="Name" value="<?php echo $Name ?>" size="30" maxlength="50" tabindex="1"/>
</td>
</tr>

<!-- Address Input-->
<tr>
<td><label for="Address">Address</label></td>
<td><textarea name="Address" cols="45" rows="5" tabindex="2"><?php echo $Address?></textarea></td>
</tr>

<!--Phone Input-->
<tr>
<td><label for="Phone">Phone</label></td>
<td><input type="text" name="Phone" value="<?php echo $Phone ?>" size="20" maxlength="20" tabindex="3" /> </td>
</tr>

<!--Mobile Input-->
<tr>
<td><label for="Mobile">Mobile</label></td>
<td><input type="text" name="Mobile" value="<?php echo $Mobile ?>" size="20" maxlength="20" tabindex="4" /> </td>
</tr>

<!--Email Input-->
<tr>
<td><label for="Email">Email</label></td>
<td><input type="text" name="Email" value="<?php echo $Email ?>" size="30" maxlength="50" tabindex="5" /></td>
</tr>

<!--Submit Button-->
<tr>
<td colspan="2" align="center"><input type="submit" name="Submit" value="Submit" tabindex="6"/>      
</td>
</tr>

</table>
</form>



<?php
} // end of main else statement

mysql_free_result($rst); //free memory//

?>

</body>
</html>`

最佳答案

$_POST["ContactID"]返回 null,这就是您收到该错误的原因。 将ContactID发送到服务器:

<input type="hidden" name="ContactID" value="<?php echo $_GET["ContactID"]; ?>" />

您的代码存在七个问题:

  1. 请勿使用 mysql_*功能。它们已经过时了。使用mysqli_*PDO .
  2. 请务必检查用户发送的数据,否则用户可能会删除您的数据库。
  3. 请勿使用<b><font>标签。现在是 2014 年。使用 HTML5 和 CSS3。
  4. 使用htmlspecialchars() ,否则用户将能够攻击您的网站 ( XSS )
  5. 如果您使用标签,则需要设置输入的 ID。
  6. 不要使用表格来构建网站。使用 float div。

这段代码可以很好地工作:

 <?php
try
{
    $db = new PDO("mysql:dbname=tafe;host=localhost", "root", "***");
}
catch (PDOException $e)
{
    die("Cannot connect to database.");
}
function post($name)
{
    return isset($_POST[$name]) ? $_POST[$name] : "";
}
function html($x)
{
    return htmlentities($x, ENT_QUOTES, "UTF-8");
}
if (post("id"))
{  
    $query = $db->prepare("UPDATE contacts SET Name = :name, Address = :address, Phone = :phone, Mobile = :mobile, Email = :email WHERE ContactID = :id");
    $query->bindParam(":name", post("name"));
    $query->bindParam(":address", post("address"));
    $query->bindParam(":phone", post("phone"));
    $query->bindParam(":mobile", post("mobile"));
    $query->bindParam(":email", post("email"));
    $query->bindParam(":id", post("id"));
    if ($query->execute())
        $message = '<span style="color: green; font-weight: bold;">The contact has been updated.</span><br /><a href="list-contacts.php">Continue</a>';
    else
        $message =  '<span style="color: red; font-weight: bold;">There was an error.</span>';
}
elseif (isset($_GET["ContactID"]))
{
    $query = $db->prepare("SELECT Name, Address, Phone, Mobile, Email FROM contacts WHERE ContactID = :id");
    $query->bindParam(":id", $_GET["ContactID"]);
    if ($query->execute())
    {
        if (!$query->rowCount())
            $message = '<span style="color: red; font-weight: bold;">This contact does not exists.</span>';
        else
        {
            $row = $query->fetch(PDO::FETCH_ASSOC);
            foreach ($row as $k => $v)
                $_POST[$k] = $v;
        }
    }
    else
        $message = '<span style="color: red; font-weight: bold;">There was an error.</span>';
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Contact</title>
        <meta charset="utf-8" />
    </head>
    <body>
        <?php
        if (isset($message))
            echo "<p>".$message."</p>";
        ?>
        <form action="edit-contact.php" method="post"> 
            <label for="name">Name:</label><br />
            <input type="text" name="name" id="name" value="<?php echo html(post("name")) ?>" /><br />
            <label for="address">Address:</label><br />
            <textarea name="address" id="address"><?php echo html(post("address")) ?></textarea><br />
            <label for="phone">Phone:</label><br />
            <input type="text" name="phone" id="phone" value="<?php echo html(post("phone")) ?>" /><br />
            <label for="mobile">Mobile:</label><br />
            <input type="text" name="mobile" id="mobile" value="<?php echo html(post("mobile")) ?>" /><br />
            <label for="email">Email:</label><br />
            <input type="text" name="email" id="email" value="<?php echo html(post("email")) ?>" /><br />
            <input type="submit" name="submit" value="Submit" />      
            <input type="hidden" name="id" value="<?php echo isset($_GET["ContactId"]) ? intval($_GET["ContactId"]) : "0" ?>" />
        </form>
    </body>
</html>

关于php - 获取 "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21232199/

25 4 0
文章推荐: mysql - 一个 SQL 表用于所有回归记录还是多个表?
文章推荐: php - solr 按基于逻辑的字段选择排序
文章推荐: php - 使用php远程连接MySQL数据库
文章推荐: iphone - 追加字符串时的内存管理?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com