Fatal编程技术网
  • php/
  • Php 动态更新mysql表

Php 动态更新mysql表

php mysql

Php 动态更新mysql表,php,mysql,Php,Mysql,我试图在这里动态更新表 $QUERY = "UPDATE `internshala`.`student` SET `High_School` = \'$High_School\', `HS_Percentage` = \'$HS_Percentage\', `Intermediate` = \'$Intermediate\', `I_Percentage` = \'$I_Percentage\', `Graduation` = \'$Graduation\', `G_Score` = \'$G_

我试图在这里动态更新表

$QUERY = "UPDATE `internshala`.`student` SET `High_School` = \'$High_School\', `HS_Percentage` = \'$HS_Percentage\', `Intermediate` = \'$Intermediate\', `I_Percentage` = \'$I_Percentage\', `Graduation` = \'$Graduation\', `G_Score` = \'$G_Score\', `G_Year` = \'$G_Year\', `PG_Year` = \'$PG_Year\', `PostGraduation` = \'$PostGraduation\', `PG_Score` = \'$PG_Score\' WHERE `student`.`id` = '$_SESSION['user_id'];";
它抛出错误
语法错误、意外的“”(T\u封装的\u和\u空白)、预期的标识符(T\u字符串)或变量(T\u变量)或数字(T\u NUM\u字符串)

我无法找出正确的语法,上面使用的语法是我从phpmyadmin推导出来的

PS:update语句中使用的所有变量都设置为非空值。

您的查询存在很多问题。您正在转义单引号,同时使用双引号定义字符串。你不需要这个

SET `High_School` = \'$High_School\',
应该读

SET `High_School` = '$High_School',
此外,在结尾使用会话变量,而不是关闭报价

WHERE `student`.`id` = '$_SESSION['user_id'];";
您需要将数组项用大括号括起来,然后关闭单引号:

WHERE `student`.`id` = '{$_SESSION['user_id']}';";
您的完整查询应该如下所示

$QUERY = "UPDATE `internshala`.`student` SET 
  `High_School` = '$High_School', 
  `HS_Percentage` = '$HS_Percentage', 
  `Intermediate` = '$Intermediate',
  `I_Percentage` = '$I_Percentage',
  `Graduation` = '$Graduation',
  `G_Score` = '$G_Score', 
  `G_Year` = '$G_Year', 
  `PG_Year` = '$PG_Year', 
  `PostGraduation` = '$PostGraduation', 
  `PG_Score` = '$PG_Score' 
 WHERE `student`.`id` = '{$_SESSION['user_id']}';";
也不要使用这种方法。您可以接受sql注入。您真的应该在准备好的语句中使用PDO或mysqli。看看这篇文章:

现在,您的SQL语法出现了错误;检查与MySQL服务器版本对应的手册,了解在“\'Dr.VSEC\”、
HS\u Percentage
='12\”、
Intermediate
='Dr.VSEC\”、'I\u Percen'第1s行消息附近使用的语法是否正确。这些值来自变量,但出现此错误?我正在通过此函数clean\u input($data)传递每个输入{$data=stripslashes($data);$data=trim($data);$data=htmlspecialchars($data);return$data;}SQL注入仍然可行吗?无可否认,您的代码在清除值方面做得很好。但是,最好使用内置函数来最小化这种可能性。这只是一种良好的编码实践。