Php 数据库连接失败您的SQL语法有错误;
我正在创建一个编辑配置文件页面,登录用户可以在其中编辑配置文件。我现在遇到了下面的错误。我该怎么办 错误:Php 数据库连接失败您的SQL语法有错误;,php,mysql,error-handling,database-connection,Php,Mysql,Error Handling,Database Connection,我正在创建一个编辑配置文件页面,登录用户可以在其中编辑配置文件。我现在遇到了下面的错误。我该怎么办 错误: Database Connection FailedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '= 'test@hotmail.com', Password =
Database Connection FailedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '= 'test@hotmail.com', Password = 'test', FirstName = 'hello', SecondName = 'world' at line 1
我的代码:
<?php
$connection = mysqli_connect('localhost', 'root', '', 'dbrateme');
if (!$connection){
die("Database Connection Failed" . mysql_error());
header('Location: dcf.php');
}
$select_db = mysqli_select_db($connection, 'dbrateme');
if (!$select_db){
die("Database Selection Failed" . mysqli_error());
}
if (isset($_POST['upd'])){
$course = $_POST['Course'];
$email = $_POST['inputEmail'];
$password = $_POST['inputPassword'];
$FN = $_POST['FirstName'];
$SN = $_POST['SecondName'];
$qsql = $_COOKIE['userID'];
$qresult = mysqli_query($connection, $qsql);
$qcount = mysqli_connect($qresult);
$sqli = "UPDATE tblaccounts Email = '".$email."', Password = '".$password."', FirstName = '".$FN."', SecondName = '".$SN."', Course = '".$course."' WHERE Student_ID='".$qsql."'";
$result = mysqli_query($connection, $sqli) or die("Database Connection Failed" . mysqli_error($connection));
//$count = mysqli_num_rows($result);
echo "Profile Update Successful!:";
header('Location: profile.php');
} else {
echo "Profile Update Failed!:";
?><br/><a href ="updatesettigns.php">Go back to the profile update screen.</a><?php
}
?>
您缺少SQL中设置的关键字。更新的语法是updateset=value
$sqli = "UPDATE tblaccounts SET Email = '".$email."', Password = '".$password."', FirstName = '".$FN."', SecondName = '".$SN."', Course = '".$course."' WHERE Student_ID='".$qsql."'";
了解防止SQL注入的准备状态
永远不要将密码存储为纯文本。使用函数对它们进行加密问题在于查询,但我的天哪,您是否面临sql注入的严重问题。针对第一个问题
UPDATE tblaccounts Email
将此更改为
UPDATE tblaccounts SET Email
您正在使用的查询易受sql注入攻击。你应该尽快解决这个问题。我建议对所有SQL查询使用PDO准备的语句 了解防止SQL注入的准备语句这是一个打字错误问题;您错过了SET
。我建议使用PDO准备的语句为什么使用PDO?mysqli还可以处理准备好的语句。不过,我认为,PDO是一种更好的语法,而且是一个更容易使用的库