Php 动态更新mysql表
我试图在这里动态更新表Php 动态更新mysql表,php,mysql,Php,Mysql,我试图在这里动态更新表 $QUERY = "UPDATE `internshala`.`student` SET `High_School` = \'$High_School\', `HS_Percentage` = \'$HS_Percentage\', `Intermediate` = \'$Intermediate\', `I_Percentage` = \'$I_Percentage\', `Graduation` = \'$Graduation\', `G_Score` = \'$G_
$QUERY = "UPDATE `internshala`.`student` SET `High_School` = \'$High_School\', `HS_Percentage` = \'$HS_Percentage\', `Intermediate` = \'$Intermediate\', `I_Percentage` = \'$I_Percentage\', `Graduation` = \'$Graduation\', `G_Score` = \'$G_Score\', `G_Year` = \'$G_Year\', `PG_Year` = \'$PG_Year\', `PostGraduation` = \'$PostGraduation\', `PG_Score` = \'$PG_Score\' WHERE `student`.`id` = '$_SESSION['user_id'];";
它抛出错误语法错误、意外的“”(T\u封装的\u和\u空白)、预期的标识符(T\u字符串)或变量(T\u变量)或数字(T\u NUM\u字符串)
我无法找出正确的语法,上面使用的语法是我从phpmyadmin推导出来的
PS:update语句中使用的所有变量都设置为非空值。您的查询存在很多问题。您正在转义单引号,同时使用双引号定义字符串。你不需要这个
SET `High_School` = \'$High_School\',
应该读
SET `High_School` = '$High_School',
此外,在结尾使用会话变量,而不是关闭报价
WHERE `student`.`id` = '$_SESSION['user_id'];";
您需要将数组项用大括号括起来,然后关闭单引号:
WHERE `student`.`id` = '{$_SESSION['user_id']}';";
您的完整查询应该如下所示
$QUERY = "UPDATE `internshala`.`student` SET
`High_School` = '$High_School',
`HS_Percentage` = '$HS_Percentage',
`Intermediate` = '$Intermediate',
`I_Percentage` = '$I_Percentage',
`Graduation` = '$Graduation',
`G_Score` = '$G_Score',
`G_Year` = '$G_Year',
`PG_Year` = '$PG_Year',
`PostGraduation` = '$PostGraduation',
`PG_Score` = '$PG_Score'
WHERE `student`.`id` = '{$_SESSION['user_id']}';";
也不要使用这种方法。您可以接受sql注入。您真的应该在准备好的语句中使用PDO或mysqli。看看这篇文章:现在,您的SQL语法出现了错误;检查与MySQL服务器版本对应的手册,了解在“\'Dr.VSEC\”、
HS\u Percentage
='12\”、Intermediate
='Dr.VSEC\”、'I\u Percen'第1s行消息附近使用的语法是否正确。这些值来自变量,但出现此错误?我正在通过此函数clean\u input($data)传递每个输入{$data=stripslashes($data);$data=trim($data);$data=htmlspecialchars($data);return$data;}SQL注入仍然可行吗?无可否认,您的代码在清除值方面做得很好。但是,最好使用内置函数来最小化这种可能性。这只是一种良好的编码实践。