按提交显示错误后编辑用户

时间:2012-04-05 08:00:33

标签: php edit

我的编辑用户遇到问题。单击提交按钮后,它将显示错误“您的SQL语法中有错误;请查看与您的MySQL服务器版本对应的手册,以便在第1行附近使用正确的语法” 这是它的错误代码。 我不知道我的代码发生了什么。我尝试多次调试。

<?php
//set session start
session_start();

function renderForm($UID,$Username,$Unitno,$Cont,$PW,$UEmail,$UPay,$JD,$PD)
    {?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link href="styles/style1.css" media="screen" rel="stylesheet" title="CSS" type="text/css" /></head><body><!-- Begin Container -->
    <div id="container">
        <!-- Begin Masthead -->
        <div id="masthead">

        </div>
        <!-- End Masthead -->

        <!-- Begin Navigation -->
        <div id="navigation">
            <ul>
                <li><a href="homepage.php">Home Page</a></li>
                <li><a href="notice.php">Notice</a></li>
                <li><a href="feedback.php">Feedback</a></li>
                <li><a href="user.php">User</a></li>
                <li><a href="logout.php">Logout</a></li>
            </ul>
        </div>
        <!-- End Navigation -->

        <!-- Begin Content -->
        <div id="content">
            <!-- #BeginEditable "content" -->
            <h1>Edit User</h1>

            <hr/>

            You are on: 
                <a href="user.php">User</a>

            <br/>

            <form action="" method="post">
                <table align="center">
                <tr>
                <p align = "center"><strong>User ID: </strong> <?php echo $UID?></p><br/>
                    <td align = "right">

                    <strong>User Name: </strong> <input type="text" name="UserName" value = "<?php echo $Username; ?>" /><br/>
                    <strong>Unit No: </strong> <input type="text" name="UnitNo" value = "<?php echo $Unitno; ?>" /><br/>
                    <strong>Contact: </strong> <input type="text" name="Contact" value = "<?php echo $Cont; ?>" /><br/>
                    <strong>Password: </strong> <input type="text" name="Password" value = "<?php echo $PW; ?>" /><br/>
                    <strong>Email: </strong> <input type="text" name="UserEmail" value = "<?php echo $UEmail; ?>" /><br/>
                    <strong>User Pay: </strong> <input type="text" name="UPayment" value = "<?php echo $UPay; ?>" /><br/>
                    <strong>Join Date: </strong> <input type="text" name="JoinDate" value = "<?php echo $JD; ?>" /><br/>
                    <strong>Pay Date: </strong> <input type="text" name="PayDate" value = "<?php echo $PD; ?>" /><br/>

                    <input type="submit" name="submit" value="Submit">

                    </td>
                    </tr></table>
            <br/>

            <hr/>
        </div>
        <!-- End Content -->

        <!-- Begin Footer -->
        <div id="footer">
            <p>
                Copyright &copy; 2012 Condominium Management. All Rights Reserved.
            </p>
        </div>
        <!-- End Footer -->
    </div>
    <!-- End Container -->
</body>
</html><?php


include ("connection_db.php");



                        if(isset($_POST['submit']))
                        {

                        if (is_numeric($_POST['UID']))
                        {
                            $UserID = $_POST['UserID'];
                            $UserName= mysql_real_escape_string(htmlspecialchars($_POST['UserName']));
                            $UnitNo = mysql_real_escape_string(htmlspecialchars($_POST['UnitNo']));
                            $Contact = mysql_real_escape_string(htmlspecialchars($_POST['Contact']));
                            $Password= mysql_real_escape_string(htmlspecialchars($_POST['Password']));
                            $UEmail = mysql_real_escape_string(htmlspecialchars($_POST['UserEmail']));
                            $UPayment = mysql_real_escape_string(htmlspecialchars($_POST['UPayment']));
                            $JoinDate= mysql_real_escape_string(htmlspecialchars($_POST['JoinDate']));
                            $PayDate = mysql_real_escape_string(htmlspecialchars($_POST['PayDate']));
                        }
                        else
                        {
                            $sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = $UserID";

                            mysql_query($sql) or die(mysql_error());
                            header("Location:user.php");
                        }
                        }
                        else
                        {
                        if(isset($_GET['UserID']) && is_numeric($_GET['UserID']) && $_GET['UserID']>0)
                        {
                        $uid = $_GET['UserID'];
                        $result = mysql_query("SELECT * FROM User Where UserID = $uid") or die (mysql_error());
                        $row = mysql_fetch_array($result);

                        if($row)
                        {
                        $UID = $row['UserID'];
                        $Username = $row['UserName'];
                        $Unitno = $row['UnitNo'];
                        $Cont = $row['Contact'];
                        $PW = $row['Password'];
                        $UEmail = $row['UserEmail'];
                        $UPay = $row['UPayment'];
                        $JD = $row['JoinDate'];
                        $PD = $row['PayDate'];

                        renderForm($UID, $Username, $Unitno, $Cont, $PW, $UEmail, $UPay, $JD, $PD, '');
                        }
                        else
                        {
                        echo "No result";
                        }
                        }
                        else
                        {
                        echo 'Error';
                        }
                        }?>

3 个答案:

答案 0 :(得分:1)

你应该打印出sql语句:

$sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = $UserID";

echo "MY QUERY: ".$sql;
mysql_query($sql) or die(mysql_error());
header("Location:user.php");

请发布您的结果,我想我们可以轻松检测到错误。

更新:确保$UserID已定义(非空)并添加分号:

$sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = '$UserID' ;";

答案 1 :(得分:1)

我看到两个错误。

  1. 您引用$_POST['UserID'],但您没有名为UserID的字段,只有UID。
  2. 您在UPDATE语句中使用名为$UserID的变量,但此变量仅由其他代码路径设置,因此当UPDATE运行时,它尚未初始化,因此可能是一个空字符串
  3. 我认为这是造成问题的第二个问题。您的UPDATE语句可能以where UserID =结尾。但是,正如其他人所说,唯一可以确定的方法是打印出你的查询,看看它有什么问题。

    通常,要调试SQL问题,您应该:

    1. 修改代码以打印出所有SQL查询。
    2. 检查查询,看看是否可以分辨出哪个问题以及错误在哪里
    3. 如果没有,请尝试手动运行它们以查看哪些工作
    4. 一旦在查询字符串中发现了错误,请查看创建该错误导致该错误的问题。
    5. 修复

答案 2 :(得分:0)

where UserID = $UserID"替换为where UserID = '$UserID';"不要忘记这些引号和分号