sql语法查询中的错误

时间:2019-03-24 14:48:38

标签: php mysql sql

我发现sql语法错误,我是新手,请帮助解决我的问题

<?php include "db.php";?>

<?php  include "function.php";?>



<?php

if(isset($_POST['submit'])) {

    $username = $_POST['username'];

    $password = $_POST['password'];

    $id = isset($_POST['id']);

    $query = "UPDATE users SET ";

    $query .= "username = '$username', ";

    $query .= "password = '$password' ";

    $query .= "WHERE id = $id ";

    $result = mysqli_query($connection, $query);

    if(!$result) {
        die("QUERY FAILED" . mysqli_error($connection));
    }
}
?>





<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <title>Document</title>

    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">

    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>

</head>
<body>
<div class="container">
    <div class="col-sm-6">
        <form action="login_update.php" method="post">
            <div class="form-group">
                <label for="username">Username</label>
                <input type="text" name="username" class="form-control">
            </div>

            <div class="form-group">

                <label for="password">password</label>
                <input type="password" name="password" class="form-control">
            </div>

            <div class="form-group">    
                <select name="" id="">
<?php

showAlldata();

?>

                </select>    
            </div>
            <input class="btn btn-primary" type="submit" name="submit" value="Update">

        </form>
    </div>
</div>
</body>
</html>

1 个答案:

答案 0 :(得分:3)

isset返回true或false,而不是id的值

请参见doc

  

如果var存在并且具有非NULL的值,则返回TRUE。假   否则。

所以您的代码必须看起来像这样:

  if (isset($_POST['id'])){
     $id =$_POST['id'];

BTW就像评论中所说的那样:阅读有关防止SQL注入且不存储纯文本密码的准备好的语句,请使用password_hash或其他一些功能。

相关问题
最新问题