SQL语法错误

时间:2013-08-15 03:56:01

标签: php mysql

我有以下代码。 

<?php
include ('include/DB_Functions.php');

if(isset($_POST['submit']))
{   $id =$_REQUEST['roomid'];
    $title = $_POST['title'];
    $uid = $_POST['clientId'];
    $location = $_POST['location'];
    $quantity = $_POST['number'];
    $price = $_POST['price'];
    $size = $_POST['size'];
    $description = $_POST['description'];
    $categoryID = 1;
    $sellerAddress = $_POST['selleradd'];
    $sellerPhone = $_POST['sellerphn'];

    mysql_query("UPDATE room_tb SET location ='$location', quantity ='$quantity',price ='$price',area ='$size' description = '$description' postTitle = '$title' WHERE roomID = '$id'")
                or die(mysql_error()); 

    echo "Saved!";  

header('Location:table.php'); 
}

我收到错误..您的SQL语法出错了;检查与MySQL服务器版本对应的手册,以便在'description =''postTitle =''WHERE roomID ='983''第1行附近使用正确的语法 我做错了什么DB_Functions.php包含所有数据库连接。

6 个答案:

答案 0 :(得分:3)

这些area ='$size' description = '$description' postTitle = '$title'

之间缺少逗号

我想在评论时不予理睬,但又想推荐一些其他建议:

  1. 您仍在使用已弃用的mysql_函数,您应该使用mysqlipdo来处理这些问题。
  2. 您希望修复代码,使其不会受到SQL注入攻击。看看在这些请求和发布变量上添加mysql_real_escape_string()函数。请在SQL Injection上阅读此页面。

    3. 导致此错误的查询应用修复程序位于:

    mysql_query("UPDATE room_tb SET location ='$location', quantity ='$quantity',price ='$price',area ='$size', description = '$description', postTitle = '$title' WHERE roomID = '$id'") or die(mysql_error());

答案 1 :(得分:2)

您的代码中缺少逗号。

mysql_query("UPDATE room_tb SET location ='$location', quantity ='$quantity',price ='$price',area ='$size' ,description = '$description' ,postTitle = '$title' WHERE roomID = $id")
            or die(mysql_error());

并且不要使用'$ id',因为它是一个整数。不需要报价。

答案 2 :(得分:2)

您的查询似乎很可能缺少两个逗号:

UPDATE room_tb 
SET location ='$location', 
    quantity ='$quantity',
    price ='$price',
    area ='$size',   <= missing
    description = '$description',  <= missing
    postTitle = '$title' 
WHERE roomID = '$id'

另外两个建议:

  1. 自PHP 5.5.0起,不推荐使用MySQL扩展,将来会删除它。相反,应使用MySQLiPDO_MySQL扩展名。
  2. 您的代码为SQL injection敞开了大门。在您的语句和mysql_real_escape_string()中使用$_POST - 变量之前,至少要在filter the $_POST-variables处放置一个{{3}}。

答案 3 :(得分:0)

当然,看看你的SQL查询...它缺少逗号。

UPDATE room_tb SET location ='$location', quantity ='$quantity',price ='$price',area ='$size' description = '$description' postTitle = '$title' WHERE roomID = '$id'"

应该是:

UPDATE room_tb SET location ='$location', quantity ='$quantity', price ='$price', 
area ='$size', description = '$description', postTitle = '$title' WHERE roomID = '$id'"

答案 4 :(得分:0)

  

✓以下两个缺少逗号:

area ='$size' description = '$description' postTitle = '$title'
             ^                            ^

应为:

area ='$size', description = '$description', postTitle = '$title'

答案 5 :(得分:0)

<?php
include ('include/DB_Functions.php');
extract($_POST);

if (isset($submit)){
    $sql="UPDATE room_tb SET location ='$location', quantity ='$number',price ='$price',area ='$size', description = '$description', postTitle = '$title' WHERE roomID = '$roomid'";
    mysql_query($sql) or die(mysql_error());
    header('Location:table.php'); 
}
相关问题
最新问题