Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/246.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/maven/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 数据库连接失败您的SQL语法有错误;_Php_Mysql_Error Handling_Database Connection - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 数据库连接失败您的SQL语法有错误;

Php 数据库连接失败您的SQL语法有错误;

php mysql error-handling

Php 数据库连接失败您的SQL语法有错误;,php,mysql,error-handling,database-connection,Php,Mysql,Error Handling,Database Connection,我正在创建一个编辑配置文件页面,登录用户可以在其中编辑配置文件。我现在遇到了下面的错误。我该怎么办 错误: Database Connection FailedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '= 'test@hotmail.com', Password =

我正在创建一个编辑配置文件页面,登录用户可以在其中编辑配置文件。我现在遇到了下面的错误。我该怎么办

错误:

Database Connection FailedYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '= 'test@hotmail.com', Password = 'test', FirstName = 'hello', SecondName = 'world' at line 1
我的代码:

            <?php
            $connection = mysqli_connect('localhost', 'root', '', 'dbrateme');  
            if (!$connection){ 
                die("Database Connection Failed" . mysql_error());
                        header('Location: dcf.php');
            }
            $select_db = mysqli_select_db($connection, 'dbrateme'); 
            if (!$select_db){ 
                die("Database Selection Failed" . mysqli_error());  
            }

            if (isset($_POST['upd'])){ 
                        $course = $_POST['Course'];
                        $email = $_POST['inputEmail'];
                        $password = $_POST['inputPassword'];
                        $FN = $_POST['FirstName'];
                        $SN = $_POST['SecondName']; 

                    $qsql = $_COOKIE['userID'];
                    $qresult = mysqli_query($connection, $qsql);
                    $qcount = mysqli_connect($qresult);
                    $sqli = "UPDATE tblaccounts Email = '".$email."', Password = '".$password."', FirstName = '".$FN."', SecondName = '".$SN."', Course = '".$course."' WHERE Student_ID='".$qsql."'";

                    $result = mysqli_query($connection, $sqli) or die("Database Connection Failed" . mysqli_error($connection));
                    //$count = mysqli_num_rows($result);
                    echo "Profile Update Successful!:";
                    header('Location: profile.php');
            } else { 
                        echo "Profile Update Failed!:";
                        ?><br/><a href ="updatesettigns.php">Go back to the profile update screen.</a><?php
                    }
            ?>

您缺少SQL中设置的关键字。更新的语法是
updateset=value


$sqli = "UPDATE tblaccounts SET Email = '".$email."', Password = '".$password."', FirstName = '".$FN."', SecondName = '".$SN."', Course = '".$course."' WHERE Student_ID='".$qsql."'";


了解防止SQL注入的准备状态


永远不要将密码存储为纯文本。使用函数对它们进行加密
问题在于查询,但我的天哪,您是否面临sql注入的严重问题。针对第一个问题


UPDATE tblaccounts Email


将此更改为


UPDATE tblaccounts SET Email



您正在使用的查询易受sql注入攻击。你应该尽快解决这个问题。我建议对所有SQL查询使用PDO准备的语句
 了解防止SQL注入的准备语句这是一个打字错误问题;您错过了
SET
。我建议使用PDO准备的语句为什么使用PDO?mysqli还可以处理准备好的语句。不过,我认为,PDO是一种更好的语法,而且是一个更容易使用的库