php - 查询无法正常工作。插入查询工作正常，但其他三个查询无法正常工作，发生了错误

Question

我创建了一个带有四个按钮(例如提交、更新、删除和搜索)的表单。插入查询工作正常，但其他三个查询无法工作，发生了错误。

更新

错误:从类(class)详细信息、个人详细信息、联系详细信息、学术详细信息、额外类(class)事件进行更新，其中类(class)详细信息.学生 ID =个人详细信息.学生 ID 和类(class)详细信息.学生 ID =联系详细信息.学生 ID 和类(class)详细信息 学生 ID =学术详细信息.学生 ID AND course_details.Student_ID =extra_course_activities.Student_ID AND St​​udent_ID =IM/20xx/002您的 SQL 语法有错误；检查与您的 MariaDB 服务器版本相对应的手册，了解在第 1 行“FROM course_details,personal_details,contact_details,academic_details,extra_curr”附近使用的正确语法

搜索

错误:结果错误

删除

错误:从类(class)详细信息、个人详细信息、联系详细信息、学术详细信息、额外类(class)事件中删除，其中类(class)详细信息.学生ID =个人详细信息.学生ID和类(class)详细信息.学生ID =联系详细信息.学生ID和类(class)详细信息.学生ID =学术详细信息.学生ID AND course_details.Student_ID =extra_course_activities.Student_ID AND St​​udent_ID =IM/20xx/002您的 SQL 语法有错误；检查与您的 MariaDB 服务器版本相对应的手册，了解在第 1 行“WHERE course_details.Student_ID =personal_details.Student_ID AND course_det”附近使用的正确语法

这是我的文件

Form.php

<?php

    $profile_picture=$_POST['profile_picture'];//define variables 
    $student_id=$_POST['student_id'];
    $admitted_date=$_POST['admitted_date'];
    $academic_year=$_POST['academic_year'];
    $course=$_POST['course'];

    $first_name=$_POST['first_name'];//define variables
    $middle_name=$_POST['middle_name'];
    $last_name=$_POST['last_name'];
    $dob=$_POST['dob'];
    $gender=$_POST['gender'];
    $nic=$_POST['nic'];
    $nationality=$_POST['nationality'];
    $religion=$_POST['religion'];
    $race=$_POST['race'];

    $p_add_line1=$_POST['p_add_line1'];//define variables
    $p_add_line2=$_POST['p_add_line2'];
    $p_add_line3=$_POST['p_add_line3'];
    $city=$_POST['city'];
    $email=$_POST['email'];
    $t_add_line1=$_POST['t_add_line1'];
    $t_add_line2=$_POST['t_add_line2'];
    $t_add_line3=$_POST['t_add_line3'];
    $stu_con_home=$_POST['stu_con_home'];
    $stu_con_mobile1=$_POST['stu_con_mobile1'];
    $stu_con_mobile2=$_POST['stu_con_mobile2'];
    $p_con_home=$_POST['p_con_home'];
    $p_con_mobile1=$_POST['p_con_mobile1'];
    $p_con_mobile2=$_POST['p_con_mobile2'];

    $o_admi_no=$_POST['o_admi_no'];//define variables
    $o_year=$_POST['o_year'];
    $o_subject1=$_POST['o_subject1'];
    $o_grade1=$_POST['o_grade1'];
    $o_subject2=$_POST['o_subject2'];
    $o_grade2=$_POST['o_grade2'];
    $o_subject3=$_POST['o_subject3'];
    $o_grade3=$_POST['o_grade3'];
    $o_subject4=$_POST['o_subject4'];
    $o_grade4=$_POST['o_grade4'];
    $o_subject5=$_POST['o_subject5'];
    $o_grade5=$_POST['o_grade5'];
    $o_subject6=$_POST['o_subject6'];
    $o_grade6=$_POST['o_grade6'];
    $o_subject7=$_POST['o_subject7'];
    $o_grade7=$_POST['o_grade7'];
    $o_subject8=$_POST['o_subject8'];
    $o_grade8=$_POST['o_grade8'];
    $o_subject9=$_POST['o_subject9'];
    $o_grade9=$_POST['o_grade9'];

    $a_admi_no=$_POST['a_admi_no'];//define variables
    $a_year=$_POST['a_year'];
    $a_subject1=$_POST['a_subject1'];
    $a_grade1=$_POST['a_grade1'];
    $a_subject2=$_POST['a_subject2'];
    $a_grade2=$_POST['a_grade2'];
    $a_subject3=$_POST['a_subject3'];
    $a_grade3=$_POST['a_grade3'];
    $a_subject4=$_POST['a_subject4'];
    $a_grade4=$_POST['a_grade4'];
    $z_score=$_POST['z_score'];

    $school_level=$_POST['school_level'];//define variables
    $zonal_level=$_POST['zonal_level'];
    $district_level=$_POST['district_level'];
    $provincial_level=$_POST['provincial_level'];
    $national_level=$_POST['national_level'];
    $international_level=$_POST['international_level'];
    $current_activities=$_POST['current_activities'];

    $connection = new mysqli("localhost","root","","student_information");//create connection

    //Test Connection
    if ($connection->connect_error) {
        die("Connection Failed :".$connection->connect_error);
    }

    //Create insert query
    if (isset($_POST['add'])) {
        $sql = "INSERT INTO course_details (Student_ID,Admitted_Date,Academic_Year,Course,Profile_Picture)
            VALUES ('$student_id','$admitted_date','$academic_year','$course','$profile_picture');";

        $sql .= "INSERT INTO personal_details (Student_ID,First_Name,Middle_Name,Last_Name,DOB,Gender,NIC,Nationality,Religion,Race)
            VALUES ('$student_id','$first_name','$middle_name','$last_name','$dob','$gender','$nic','$nationality','$religion','$race');";

        $sql .= "INSERT INTO contact_details (Student_ID,P_Add_Line1,P_Add_Line2,P_Add_Line3,City,Email,T_Add_Line1,T_Add_Line2,T_Add_Line3,stu_con_home,Stu_Con_Mobile1,Stu_Con_Mobile2,P_Con_Home,P_Con_Mobile1,P_Con_Mobile2)
            VALUES ('$student_id','$p_add_line1','$p_add_line2','$p_add_line3','$city','$email','$t_add_line1','$t_add_line2','$t_add_line3','$stu_con_home','$stu_con_mobile1','$stu_con_mobile2','$p_con_home','$p_con_mobile1','$p_con_mobile2');";
						
        $sql .= "INSERT INTO academic_details (Student_ID,O_Admi_No,O_Year,O_Subject1,O_Grade1,O_Subject2,O_Grade2,O_Subject3,O_Grade3,O_Subject4,O_Grade4,O_Subject5,O_Grade5,O_Subject6,O_Grade6,O_Subject7,O_Grade7,O_Subject8,O_Grade8,O_Subject9,O_Grade9,A_Admi_No,A_Year,A_Subject1,A_Grade1,A_Subject2,A_Grade2,A_Subject3,A_Grade3,A_Subject4,A_Grade4,Z_Score)
            VALUES ('$student_id','$o_admi_no','$o_year','$o_subject1','$o_grade1','$o_subject2','$o_grade2','$o_subject3','$o_grade3','$o_subject4','$o_grade4','$o_subject5','$o_grade5','$o_subject6','$o_grade6','$o_subject7','$o_grade7','$o_subject8','$o_grade8','$o_subject9','$o_grade9','$a_admi_no','$a_year','$a_subject1','$a_grade1','$a_subject2','$a_grade2','$a_subject3','$a_grade3','$a_subject4','$a_grade4','$z_score');";						

        $sql .= "INSERT INTO extra_curricular_activities (Student_ID,School_Level,Zonal_Level,District_Level,Provincial_Level,National_Level,International_Level,Current_Activities)
            VALUES ('$student_id','$school_level','$zonal_level','$district_level','$provincial_level','$national_level','$international_level','$current_activities')";

        //Test insert query
        if ($connection->multi_query($sql) === TRUE) {
            echo "Submitted Successsfully";
        } else {
            echo "Error: " . $sql . "<br>" . $connection->error;
        }
    }

    //create update query
    if (isset($_POST['update'])) {
        $sql ="UPDATE FROM course_details,personal_details,contact_details,academic_details,extra_curricular_activities WHERE course_details.Student_ID =personal_details.Student_ID AND
            course_details.Student_ID =contact_details.Student_ID AND
            course_details.Student_ID =academic_details.Student_ID AND
            course_details.Student_ID =extra_curricular_activities.Student_ID AND Student_ID=$student_id";

        if ($connection->multi_query($sql) === TRUE) {
            echo "Updated Successsfully";
        } else {
            echo "Error: " . $sql . "<br>" . $connection->error;
        }
    }

    //create delete query
    if (isset($_POST['delete'])) {
        $sql ="DELETE FROM course_details,personal_details,contact_details,academic_details,extra_curricular_activities WHERE course_details.Student_ID =personal_details.Student_ID AND
            course_details.Student_ID =contact_details.Student_ID AND
            course_details.Student_ID =academic_details.Student_ID AND
            course_details.Student_ID =extra_curricular_activities.Student_ID AND Student_ID=$student_id";

        if ($connection->multi_query($sql) === TRUE) {
            echo "Deleted Successsfully";
        } else {
            echo "Error: " . $sql . "<br>" . $connection->error;
        }
    }

    //create search query
    if (isset($_POST['search'])) {
        $sql ="SELECT course_details.*,personal_details.*,contact_details.*,academic_details.*,extra_curricular_activities.* FROM course_details,personal_details,contact_details,academic_details,extra_curricular_activities WHERE course_details.Student_ID =personal_details.Student_ID AND
            course_details.Student_ID =contact_details.Student_ID AND
            course_details.Student_ID =academic_details.Student_ID AND
            course_details.Student_ID =extra_curricular_activities.Student_ID AND Student_ID=$student_id";

        $result = mysqli_query($connection,$sql);

        if ($result) 
        {
            if (mysqli_num_rows($result)) 
            {
                while($rows=mysqli_fetch_array($result))
                {
                    $profile_picture=$rows['profile_picture'];
                    $student_id=$rows['student_id'];
                    $admitted_date=$rows['admitted_date'];
                    $academic_year=$rows['academic_year'];
                    $course=$rows['course'];

                    $first_name=$rows['first_name'];
                    $middle_name=$rows['middle_name'];
                    $last_name=$rows['last_name'];
                    $dob=$rows['dob'];
                    $gender=$rows['gender'];
                    $nic=$rows['nic'];
                    $nationality=$rows['nationality'];
                    $religion=$rows['religion'];
                    $race=$rows['race'];

                    $p_add_line1=$rows['p_add_line1'];
                    $p_add_line2=$rows['p_add_line2'];
                    $p_add_line3=$rows['p_add_line3'];
                    $city=$rows['city'];
                    $email=$rows['email'];
                    $t_add_line1=$rows['t_add_line1'];
                    $t_add_line2=$rows['t_add_line2'];
                    $t_add_line3=$rows['t_add_line3'];
                    $stu_con_home=$rows['stu_con_home'];
                    $stu_con_mobile1=$rows['stu_con_mobile1'];
                    $stu_con_mobile2=$rows['stu_con_mobile2'];
                    $p_con_home=$rows['p_con_home'];
                    $p_con_mobile1=$rows['p_con_mobile1'];
                    $p_con_mobile2=$rows['p_con_mobile2'];

                    $o_admi_no=$rows['o_admi_no'];
                    $o_year=$rows['o_year'];
                    $o_subject1=$rows['o_subject1'];
                    $o_grade1=$rows['o_grade1'];
                    $o_subject2=$rows['o_subject2'];
                    $o_grade2=$rows['o_grade2'];
                    $o_subject3=$rows['o_subject3'];
                    $o_grade3=$rows['o_grade3'];
                    $o_subject4=$rows['o_subject4'];
                    $o_grade4=$rows['o_grade4'];
                    $o_subject5=$rows['o_subject5'];
                    $o_grade5=$rows['o_grade5'];
                    $o_subject6=$rows['o_subject6'];
                    $o_grade6=$rows['o_grade6'];
                    $o_subject7=$rows['o_subject7'];
                    $o_grade7=$rows['o_grade7'];
                    $o_subject8=$rows['o_subject8'];
                    $o_grade8=$rows['o_grade8'];
                    $o_subject9=$rows['o_subject9'];
                    $o_grade9=$rows['o_grade9'];

                    $a_admi_no=$rows['a_admi_no'];
                    $a_year=$rows['a_year'];
                    $a_subject1=$rows['a_subject1'];
                    $a_grade1=$rows['a_grade1'];
                    $a_subject2=$rows['a_subject2'];
                    $a_grade2=$rows['a_grade2'];
                    $a_subject3=$rows['a_subject3'];
                    $a_grade3=$rows['a_grade3'];
                    $a_subject4=$rows['a_subject4'];
                    $a_grade4=$rows['a_grade4'];
                    $z_score=$rows['z_score'];

                    $school_level=$rows['school_level'];
                    $zonal_level=$rows['zonal_level'];
                    $district_level=$rows['district_level'];
                    $provincial_level=$rows['provincial_level'];
                    $national_level=$rows['national_level'];
                    $international_level=$rows['international_level'];
                    $current_activities=$rows['current_activities'];
                }
            }else{
                echo ("No data are available");
            }
        }else{
            echo ("result error");
        }
    }
    //print_r($_POST);

    $connection->close();
?>

Answer 1

您应该将变量 $student_id 括在引号中，以将此 Student_ID=IM/20xx/002 转换为此 Student_ID='IM/20xx/002' 并使您的查询有效。

无论如何，我建议使用 native MySQL/MariaDB 函数(由 PDO PHP 扩展提供)来转义查询值并避免安全问题。值的绑定(bind)也可以使用这些函数来完成。

看看:http://php.net/manual/en/function.mysql-real-escape-string.php