错误:SQL语法中有错误;查看与MariaDB服务器版本对应的手册,以获取在Update中使用的正确语法

时间:2017-09-08 06:33:47

标签: php mysqli

似乎我的mysqli查询没有任何错误。但它显示以下错误。

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '( title = 'Maths', start ='10:00am', end ' at line 1

这是我的疑问。

$title = $_POST['title'];
$date = $_POST['date'];
$from = $_POST['from'].$_POST['from_time'];
$to = $_POST['to'].$_POST['to_time'];
$student=$_POST['student'];
$place = $_POST['location'];
$event_id = $_GET['event_id'];
$ti = $_SESSION['teacher_id'];

if ($date=='Monday'){

    $update = mysqli_query($conn,"UPDATE teacher_class_schedule SET(
        title = '".$title."',
        start ='".$from."',
        end ='".$to."',
        Monday = '".$date."',
        Tuesday = 'false',
        Wednesday = 'false',
        Thursday = 'false',
        Friday = 'false',
        Saturday = 'false',
        Sunday = 'false',
        teacher_id = '".$ti."' ,
        number_of_student = '".$student."',
        day = '".$date."',
        location = '".$place."') WHERE id = '".$event_id."'");

任何人都可以帮我修复此错误。

1 个答案:

答案 0 :(得分:2)

您应该使用预准备语句来避免代码注入。 (documentation

您也不必在SET数据周围使用括号(documentation

<?php
$stmt = $dbh->prepare("UPDATE teacher_class_schedule SET title = :title, start = :start, [...]");
$stmt->bindParam(':title', $_POST['title']);
$stmt->bindParam(':start', $_POST['from']);
// ...
$stmt->execute();
相关问题
最新问题