PHP SQL语法错误MYSQL更新
这段代码运行了很长一段时间,但现在我突然发现了这个错误: 错误:您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解在第1行“j_用户”集合patient=''、year=''、gender=''、age=''、height='选择a'附近使用的正确语法 救命啊PHP SQL语法错误MYSQL更新,php,mysql,Php,Mysql,这段代码运行了很长一段时间,但现在我突然发现了这个错误: 错误:您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解在第1行“j_用户”集合patient=''、year=''、gender=''、age=''、height='选择a'附近使用的正确语法 救命啊 define('DB_NAME', 'DATABASE'); define('DB_USER', 'USERNAME'); define('DB_PASSWORD', 'PASSWORD'); define('DB_HO
define('DB_NAME', 'DATABASE');
define('DB_USER', 'USERNAME');
define('DB_PASSWORD', 'PASSWORD');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$value = htmlspecialchars($_POST['patient']);
$value4 = htmlspecialchars($_POST['year']);
$value5 = htmlspecialchars($_POST['gender']);
$value6 = htmlspecialchars($_POST['age']);
$value7 = htmlspecialchars($_POST['height']) . '.' . htmlspecialchars($_POST['height_inch']);
$value8 = htmlspecialchars($_POST['weight']);
$value9 = htmlspecialchars($_POST['foot_length']);
$value10 = htmlspecialchars($_POST['sheight']) . '.' . htmlspecialchars($_POST['sheight1']);
$value11 = htmlspecialchars($_POST['Amputation']);
$value13 = htmlspecialchars($_POST['Side']);
$value16 = htmlspecialchars($_POST['Flesh']);
$value18 = htmlspecialchars($_POST['Activity']);
$value21 = htmlspecialchars($_POST['practitioner']);
$value22 = htmlspecialchars($_POST['phone']);
$value23 = htmlspecialchars($_POST['email']);
$value24 = htmlspecialchars($_POST['Account']);
$value25 = htmlspecialchars($_POST['companyname']);
$value26 = htmlspecialchars($_POST['streetaddress']);
$value27 = htmlspecialchars($_POST['city']);
$value28 = htmlspecialchars($_POST['state']);
$value29 = htmlspecialchars($_POST['zip']);
$value30 = htmlspecialchars($_POST['companyname2']);
$value31 = htmlspecialchars($_POST['streetadress2']);
$value32 = htmlspecialchars($_POST['city2']);
$value33 = htmlspecialchars($_POST['state2']);
$value34 = htmlspecialchars($_POST['zip2']);
$value35 = htmlspecialchars($_POST['foot']);
$value39 = htmlspecialchars($_POST['purchaseorder']);
$value40 = htmlspecialchars($_POST['radio']);
$value41 = htmlspecialchars($_POST['lightflesh2']);
$value42 = htmlspecialchars($_POST['darkfleah2']);
$value43 = htmlspecialchars($_POST['foamcalf']);
$value44 = htmlspecialchars($_POST['additional']);
$value45 = htmlspecialchars($_POST['Sock1']);
$value46 = htmlspecialchars($_POST['Sock2']);
$value47 = htmlspecialchars($_POST['Sock3']);
$value48 = htmlspecialchars($_POST['day']);
//$sql = "INSERT INTO order_form (patient, newamputee, yearamputee, year, gender, age, height, weight, foot_length, sheight, ak, bk, left1, right1, bilateral, light_flesh, dark_flesh, k2, k3, k4, k4_extrme, practitioner, email, Account, companyname, streetaddress, city, state, zip, companyname2, streetaddress2, city2, state2, zip2, UltraStride, ActiveStride, NaturalStride, K2_ComfortStride, purchaseorder, radio, lightflesh2, darkfleah2, foamcalf, additional, Sock1, Sock2, Sock3, ground, thirdday, twoday, nextday) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6', '$value7', '$value8', '$value9', '$value10', '$value11', '$value12', '$value13', '$value14', '$value15', '$value16', '$value17', '$value18', '$value19', '$value20', '$value21', '$value22', '$value23', '$value24', '$value25', '$value26', '$value27', '$value28', '$value29', '$value30', '$value31', '$value32', '$value33', '$value34', '$value35', '$value36', '$value37', '$value38', '$value39', '$value40', '$value41', '$value42', '$value43', '$value44', '$value45', '$value46', '$value47', '$value48', '$value49', '$value50', '$value51')";
$update = "UPDATE 'j_users'
SET patient = '$value', year = '$value4', gender = '$value5', age = '$value6', height = '$value7', weight = '$value8', foot_length = '$value9', sheight = '$value10', Amputation = '$value11', Side = '$value13', Flesh = '$value16', Activity = '$value18', practitioner='$value21', phone='$value22', email='$value23', Account = '$value24', companyname = '$value25', streetadress='$value26', city='$value27', state='$value28', zip='$value29', companyname2='$value30', streetadress2='$value31', city2='$value32', state2='$value33', zip2='$value34', foot='$value35', purchaseorder='$value39', radio='$value40', lightflesh2='$value41', darkfleah2='$value42', foamcalf='$value43', foamcalf='$value44', Sock1='$value45', Sock2='$value45', Sock3='$value46', day='$value47'
WHERE user_login = '" . $user . "'";
if (!$update) {
die('Invalid query: ' . mysql_error());
}
mysql_query($update, $link);
if (!mysql_query($update)) {
die('Error: ' . mysql_error()) ;
mysql_close();
}
正如Uuerdo在注释中指出的,错误的直接原因是表名引用中的错误符号(单引号而不是反勾号)——在这种情况下,不需要引用,因为它是固定的,不包含特殊字符 代码中还有其他问题,我们暂时不讨论,因为它们不会立即影响问题,但是如果OP对其他问题感兴趣,我会更新答案,这将是很好的解决方法 更新-要解决的问题:
- 正如Drew和Uueerdo在评论中指出的那样,从不推荐使用的
接口迁移到mysql\uu
或PDOmysqli\u - 用户输入的值应使用
(使用当前界面)、mysql\u real\u escape\u string()
或通过PDO参数持有者(mysqli\u escape\u string()
)进行转义,具体取决于界面,但不能使用?
。如果需要进行HTML转义,则应在显示HTML之前立即进行转义,而不是在将HTML存储在数据库中时进行转义htmlspecialchars() - 请注意,大多数输入名称与数据库列名匹配。因此,您最好通过
将字段从数据库中提取到硬编码数组中,然后对其进行编辑以排除不相关的字段(另一个选项是动态提取字段并在提取后修复数组),在循环遍历数组并生成查询时,添加一些逻辑来处理异常,如SHOW fields
和height
。因此,代码变得更灵活,更易于维护height\u inches - 为数据库访问创建一些包装器接口,而不是直接访问MySQL API。这样,如果需要更改接口(例如,
到mysql\uu
),只需在一个模块中修复几个调用,而不是进行重大代码更改。您还可以添加查询日志记录、跟踪模式下的自动查询mysqli解释、性能计时,以及您可能想到的与查询相关的任何其他内容,这些都非常简单
`~'“