Php 为什么这个mysql更新脚本不能工作?
几个小时以来,我一直在努力更新我的数据库Php 为什么这个mysql更新脚本不能工作?,php,mysql,Php,Mysql,几个小时以来,我一直在努力更新我的数据库 <? //edit_item_data.php $con=mysqli_connect("localhost","root","","Inventory"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql= "UPDATE Item
<?
//edit_item_data.php
$con=mysqli_connect("localhost","root","","Inventory");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql= "UPDATE Item
SET Catagory = '$_POST[Catagory]',
Cost = '$_POST[Cost]',
Condition = '$_POST[Condition]',
PurchaseLot_PurchaseLotID = '$_POST[PurchaseLot]',
Location = '$_POST[Location]',
Desc = '$_POST[Desc]',
Notes = '$_POST[Notes]'
WHERE
ItemID = '$_POST[id]'";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
<script type='text/javascript'>
settimeout('self.close()',5000);
</script>
我正在运行mysql 5.6和PHP5.5。我敢肯定这有点愚蠢,但我一辈子都看不清它是什么。好吧,你很容易做你正在做的事情,但问题是你没有用引号括住你的变量,例如:
SET Catagory = '$_POST[Catagory]',
-- etc
SET Catagory = '" . mysqli_real_escape_string($_POST['Catagory'], $con) . "',
$sql = "UPDATE `Item` SET
`Catagory` = '".mysqli_real_escape_string($_POST['Catagory'],$con)."',
`Cost` = '".mysqli_real_escape_string($_POST['Cost'],$con)."',
........
WHERE `ItemID` = ".intval($_POST['id']);
SET Catagory = '" . mysqli_real_escape_string($_POST['Catagory'], $con) . "',
$sql = "UPDATE `Item` SET
`Catagory` = '".mysqli_real_escape_string($_POST['Catagory'],$con)."',
`Cost` = '".mysqli_real_escape_string($_POST['Cost'],$con)."',
........
WHERE `ItemID` = ".intval($_POST['id']);
编辑:如果你像我一样,不能被要求键入这么长的函数名
$e = function($str) use ($con) {
return mysqli_real_escape_string($str,$con);
};
真正的问题是缺乏严肃的口音
SET `Catagory` = '$_POST[Catagory]',
SQL语句无效,因为有多个字符串变量未加引号直接放入其中,这是无效的。你所拥有的是高度的。现在是退一步阅读的好时机,以缓解您的报价问题和大的安全问题。mysql_*已被弃用,-1建议-编辑好的快速编辑,我将收回,所以我错过了“I”。Sue me.还有连接资源另外,预先准备好的语句比
*\u real\u escape\u string