我一直在努力解决这个问题。我无法添加像奥布莱恩这样的名字。使用撇号时,我收到错误“更新团队详细信息时出错:您的SQL语法中有错误;”当我从表单中取出撇号时,它运行正常。我在哪里失败?
if (isset($_POST['submit'])):
$TeamName = mysql_real_escape_string($_POST['TeamName']);
$sql = "UPDATE Team SET TeamName = 'TeamName' WHERE id ='$id'";
else:
$id = $_GET['id'];
$EditTeam=@mysql_query("SELECT *
FROM Team
WHERE ID='$id'");
if (!$EditTeam) {
die('<p>Error fetching Team details: ' .
mysql_error() . '</p>');
}
$Team = mysql_fetch_array($EditTeam);
$TeamName = stripslashes($Team['TeamName']);
这是整个代码!
<head>
<title>Update Contact Info</title>
<script type="text/javascript">
var newWindow = null;
function closeWin(){
if (newWindow != null){
if(!newWindow.closed)
newWindow.close();
}
}
function popUpWin(url, type, strWidth, strHeight){
closeWin();
if (type == "fullScreen"){
strWidth = screen.availWidth - 10;
strHeight = screen.availHeight - 160;
}
var tools="";
if (type == "standard" || type == "fullScreen") tools = "resizable,toolbar=yes,location=yes,scrollbars=yes,menubar=yes,width="+strWidth+",height="+str Height+",top=0,left=0";
if (type == "console") tools = "resizable,toolbar=no,location=no,scrollbars=yes,width="+strWidth+",height="+strHeight+",left= 0,top=0";
newWindow = window.open(url, 'newWin', tools);
newWindow.focus();
}
</script>
</head>
<body alink="#0033FF" link="#0033FF" vlink="#0033FF">
<center>
<?php include 'memberheader_b_ball.php';?>
</center>
<?php
$ID = mysql_real_escape_string($_GET['id']);
if (isset($_POST['submit'])):
// The team's details have
// been updated.
$TeamName = mysql_real_escape_string($_POST['TeamName']);
$ID = $_POST['id'];
$teamage = $_POST['teamage'];
$teamcity = $_POST['teamcity'];
$teamstate = $_POST['teamstate'];
$division = $_POST['division'];
$contactname = $_POST['contactname'];
$contactlname = $_POST['contactlname'];
$contactaddressmore = $_POST['contactaddressmore'];
$contactaddress = $_POST['contactaddress'];
$contactcity = $_POST['contactcity'];
$contactstate = $_POST['contactstate'];
$contactcountry = $_POST['contactcountry'];
$contactzip = $_POST['contactzip'];
$contactphone = $_POST['contactphone'];
$contactcphone = $_POST['contactcphone'];
$contactfax = $_POST['contactfax'];
$contactemail = $_POST['contactemail'];
$coachname = $_POST['coachname'];
$coachlname = $_POST['coachlname'];
$coachaddress = $_POST['coachaddress'];
$coachcity = $_POST['coachcity'];
$coachstate = $_POST['coachstate'];
$coachzip = $_POST['coachzip'];
$coachsphone = $_POST['coachphone'];
$coachfax = $_POST['coachfax'];
$coachemail = $_POST['coachemail'];
$sql = "UPDATE Team SET
TeamName = 'TeamName',
teamage='$teamage',
teamcity='$teamcity',
teamstate='$teamstate',
division='$division',
contactname='$contactname',
contactlname='$contactlname',
contactaddress='$contactaddress',
contactaddressmore='$contactaddressmore',
contactcity='$contactcity',
contactcountry='$contactcountry',
contactstate='$contactstate',
contactzip='$contactzip',
contactphone='$contactphone',
contactcphone='$contactcphone',
contactfax='$contactfax',
coachname='$coachname',
coachlname='$coachlname',
coachaddress='$coachaddress',
coachcity='$coachcity',
coachstate='$coachstate',
coachzip='$coachzip',
coachphone='$coachphone',
coachfax='$coachfax',
coachemail='$coachemail'
WHERE id ='$ID'";
if (mysql_query($sql)) {
echo("<div align='center'>
<p> </p>
<p> </p>
<p> </p>
<p><font size='6' face='Arial, Helvetica, sans-serif'><ul><strong>Processing your request, one moment.</strong></font><br>
<img src=\"images/animated_timer_bar.gif\" width=\"220\" height=\"18\"></p></div>
<meta http-equiv=\"refresh\" content=\"1;URL=editcontact.php?id=$id\">");
} else {
die('<p>Error updating Team details: ' . mysql_error() . '</p>');
}
?>
<p>
<?php
else: // Allow the user to edit the Team
// with ID=$id
//$ID = mysql_real_escape_string($_GET['id']);
$EditTeam=@mysql_query("SELECT *
FROM Team
WHERE ID='$id'");
if (!$EditTeam) {
die('<p>Error fetching Team details: ' .
mysql_error() . '</p>');
}
$Team = mysql_fetch_array($EditTeam);
$TeamName = stripslashes($Team['TeamName']);
$id = $Team['ID'];
$teamage = $Team['teamage'];
$teamcity = $Team['teamcity'];
$teamstate = $Team['teamstate'];
$division = $Team['division'];
$contactname = $Team['contactname'];
$contactlname = $Team['contactlname'];
$contactaddress = $Team['contactaddress'];
$contactaddressmore = $Team['contactaddressmore'];
$contactcountry = $Team['contactcountry'];
$contactcity = $Team['contactcity'];
$contactstate = $Team['contactstate'];
$contactzip = $Team['contactzip'];
$contactphone = $Team['contactphone'];
$contactcphone = $Team['contactcphone'];
$contactfax = $Team['contactfax'];
$contactemail = $Team['contactemail'];
$coachname = $Team['coachname'];
$coachlname = $Team['coachlname'];
$coachaddress = $Team['coachaddress'];
$coachcity = $Team['coachcity'];
$coachstate = $Team['coachstate'];
$coachzip = $Team['coachzip'];
$coachphone = $Team['coachphone'];
$coachfax = $Team['coachfax'];
$coachemail = $Team['coachemail'];
$notes = $Team['notes'];
$wait1 = $Team['wait1'];
$wait2 = $Team['wait2'];
$wait3 = $Team['wait3'];
$wait4 = $Team['wait4'];
$wait5 = $Team['wait5'];
// Convert HTML special characters
// in database value for use in
// an HTML document.
$contactemail = htmlspecialchars($contactemail);
$coachemail = htmlspecialchars($coachemail);
$EditGames=@mysql_query("SELECT *
FROM Games
WHERE GID='1'"); //GID = Games ID
if (!$EditGames) {
die('<p>Error fetching Team details: ' .
mysql_error() . '</p>');
}
$Games = mysql_fetch_array($EditGames);
$tourney1date = $Games['tourney1date'];
$tourney2date = $Games['tourney2date'];
$tourney3date = $Games['tourney3date'];
$tourney4date = $Games['tourney4date'];
$tourney5date = $Games['tourney5date'];
$tourney1name = $Games['tourney1name'];
$tourney2name = $Games['tourney2name'];
$tourney3name = $Games['tourney3name'];
$tourney4name = $Games['tourney4name'];
$tourney5name = $Games['tourney5name'];
$tourney1city = $Games['tourney1city'];
$tourney2city = $Games['tourney2city'];
$tourney3city = $Games['tourney3city'];
$tourney4city = $Games['tourney4city'];
$tourney5city = $Games['tourney5city'];
if ($notes == '') {
$message = '';
} else {
$message = 'You have a message! Click to read it';
}
if ($wait1 == 'yes') {
$pay1 = 'Print a personal <a href="paymentform1.php?id=';
$id1 = $Team['ID'];
$end1 = '">'. $tourney1name .'</a> payment form.<br>';}
if ($wait2 == 'yes') {
$pay2 = 'Print a personal <a href="paymentform2.php?id=';
$id2 = $Team['ID'];
$end2 = '">'. $tourney2name .'</a> payment form.<br>';}
if ($wait3 == 'yes') {
$pay3 = 'Print a personal <a href="paymentform3.php?id=';
$id3 = $Team['ID'];
$end3 = '">'. $tourney3name .'</a> payment form.<br>';}
if ($wait4 == 'yes') {
$pay4 = 'Print a personal <a href="paymentform4.php?id=';
$id4 = $Team['ID'];
$end4 = '">'. $tourney4name .'</a> payment form.<br>';}
if ($wait5 == 'yes') {
$pay5 = 'Print a personal <a href="paymentform5.php?id=';
$id5 = $Team['ID'];
$end5 = '">'. $tourney5name .'</a> payment form.<br>';}
?>
<font face="Arial, Helvetica, sans-serif">
<?
$var = mysql_real_escape_string("O'Brian");
echo $var;
$var = stripslashes($var);
echo $var;
?> </font>
<form action= "editcontact.php?id=<?=$ID?>" method="post">
<font face="Arial, Helvetica, sans-serif">
<input type="hidden" name="id" value="<?=$ID?>" />
<div align="center">
<table width="80%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="15%"><div align="left"><font face="Arial, Helvetica, sans-serif">
<input type="submit" name="submit" value="Save Changes" />
</font> </div></td>
<td width="85%"><div align="right">
<table width="387">
<tr>
<td width="379"> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</div>
</font> <font face="Arial, Helvetica, sans-serif">
<hr align="center" width="80%" />
</font>
<center>
<table width="80%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><font face="Arial, Helvetica, sans-serif"><strong>Select division
for team.</strong> <br />
</font> <table width="98%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="11%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>8U</strong>
<input type="radio" name="division" value="8U"<?php if ($division == "8U") echo ("checked");?> />
</font></div></td>
<td width="11%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>10U</strong>
<input type="radio" name="division" value="10U"<?php if ($division == "10U") echo ("checked");?> />
</font></div></td>
<td width="11%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>12U</strong>
<input type="radio" name="division" value="12U"<?php if ($division == "12U") echo ("checked");?> />
</font></div></td>
<td width="12%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>14U</strong><br />
<input type="radio" name="division" value="14U"<?php if ($division == "14U") echo ("checked");?> />
</font></div></td>
<td width="12%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>16U<br />
</strong>
<input type="radio" name="division" value="16U"<?php if ($division == "16U") echo ("checked");?> />
</font></div></td>
<td width="17%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong>18U<br />
</strong>
<input type="radio" name="division" value="18U"<?php if ($division == "18U") echo ("checked");?> />
</font></div></td>
</tr>
</table>
<center>
</center></td>
<td width="33%"><div align="center"><font face="Arial, Helvetica, sans-serif"><strong> <a href="notes.php?id=<?=$ID?>" onclick="popUpWin(this.href,'console',400,350);return false;" onkeypress="popUpWin(this.href,'console',400,350);return false;" title="Link open's in a new window">
<?php if ($notes == '') { $message = '';} else { $message = 'You have a message!
<br /> Click to read it';}
print $message ?>
</a></strong></font></div></td>
</tr>
</table>
<font face="Arial, Helvetica, sans-serif">
<hr align="center" width="80%">
</font>
<table width="91%" border="0">
<tr>
<td height="27" colspan="3"><font face="Arial, Helvetica, sans-serif"><strong>Team
Name, Contact and Head Coach info</strong></font> </td>
<td> <div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Team
Age </font> </div>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<select name="teamage" size="1">
<option value= "">Pick Age</option>
<option value='10U'<?php if ($teamage == "10U") echo ("selected");?>>10U</option>
<option value='12U'<?php if ($teamage == "12U") echo ("selected");?>>12U</option>
<option value='14U'<?php if ($teamage == "14U") echo ("selected");?>>14U</option>
<option value='16U'<?php if ($teamage == "16U") echo ("selected");?>>16U</option>
<option value='18U'<?php if ($teamage == "18U") echo ("selected");?>>18U</option>
<option value='18Gold'<?php if ($teamage == "18Gold") echo ("selected");?>>18Gold</option>
</select>
</font></td>
</tr>
<tr>
<td width="12%" height="29"><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Team
Name</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="TeamName" type="text" value="<?=$TeamName?>" size="30">
</font></td>
<td width="10%"> <div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Team
Location </font> </div>
<td colspan="2"> <font face="Arial, Helvetica, sans-serif">
<input name="teamcity" type="text" value="<?=$teamcity?>" size="15" />
<font size="-1">State</font>
<input name="teamstate" type="text" value="<?=$teamstate?>" size="2" />
</font></td>
</tr>
<tr>
<td><div align="right"><font size="-1"><font size="-1"></font></font></div></td>
<td width="18%"><div align="left"><font size="-2" face="Arial, Helvetica, sans-serif">First
Name </font></div></td>
<td width="22%"><font size="-2" face="Arial, Helvetica, sans-serif">Last
Name </font></td>
<td><div align="right"><font size="-1"><font size="-1"></font></font></div></td>
<td width="17%"><div align="left"><font size="-2" face="Arial, Helvetica, sans-serif">First
Name </font></div></td>
<td width="25%"><font size="-2" face="Arial, Helvetica, sans-serif">Last
Name </font></td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Contact
</font></div></td>
<td colspan="2"><input name="contactname" type="text" value="<?=$contactname?>" size="20" />
<input name="contactlname" type="text" id="contactlname" value="<?=$contactlname?>" size="20" /></td>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Head
Coach</font></div></td>
<td colspan="2"><input name="coachname" type="text" value="<?=$coachname?>" size="20" />
<input name="coachlname" type="text" id="coachlname" value="<?=$coachlname?>" size="20" />
</td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Address
</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactaddress" type="text" value="<?=$contactaddress?>" size="30">
</font></td>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Address</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="coachaddress" type="text" value="<?=$coachaddress?>" size="30">
</font></td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">More
add. </font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactaddressmore" type="text" value="<?=$contactaddressmore?>" size="15" />
</font></td>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">City</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="coachcity" type="text" value="<?=$coachcity?>" size="15">
<font size="-1">State</font>
<input name="coachstate" type="text" value="<?=$coachstate?>" size="2">
<font size="-1">Zip</font>
<input name="coachzip" type="text" value="<?=$coachzip?>" size="4">
</font></td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Country</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactcountry" type="text" id="contactcountry" value="<?=$contactcountry?>" size="15" />
</font></td>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Phone</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="coachphone" type="text" value="<?=$coachphone?>" size="12" />
<font size="-1">Fax</font>
<input name="coachfax" type="text" value="<?=$coachfax?>" size="12" />
</font></td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">City</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactcity" type="text" value="<?=$contactcity?>" size="15">
<font size="-1">State</font>
<input name="contactstate" type="text" value="<?=$contactstate?>" size="2">
<font size="-1">Zip</font>
<input name="contactzip" type="text" value="<?=$contactzip?>" size="4">
</font></td>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Email</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="coachemail" type="text" value="<?=$coachemail?>" size="30" />
</font></td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Phone</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactphone" type="text" value="<?=$contactphone?>" size="12">
<font size="-1">Fax</font>
<input name="contactfax" type="text" value="<?=$contactfax?>" size="12">
</font></td>
<td> </td>
<td colspan="2"> </td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Cell
Phone</font></div></td>
<td colspan="2"><font face="Arial, Helvetica, sans-serif">
<input name="contactcphone" type="text" value="<?=$contactcphone?>" size="12">
</font></td>
<td><font size="-1"> </font></td>
<td colspan="2"> </td>
</tr>
<tr>
<td><div align="right"><font size="-1" face="Arial, Helvetica, sans-serif">Email</font></div></td>
<td colspan="2"><div align="center"><font size="-2" face="Arial, Helvetica, sans-serif">This
is your registered email address.</font><br />
<font face="Arial, Helvetica, sans-serif"><? echo $contactemail; ?>
</font><font size="-2" face="Arial, Helvetica, sans-serif"><br />
If this is no longer a valid email, contact system admin.</font></div></td>
<td> </td>
<td colspan="2"> </td>
</tr>
</table>
</center>
<hr align="center" width="80%">
<font face="Arial, Helvetica, sans-serif"><br>
</font>
<p></p>
</form>
<?php endif;?>
</font>
</body>
</html>
答案 0 :(得分:1)
在mysql_real_escape_string
值上使用$id
,然后在查询中使用它。
更好的是,停止使用ext/mysql
并切换到PDO
/ mysqli
并使用参数化查询,这也会正确地转义您的数据。
答案 1 :(得分:0)
而不是
$sql = "UPDATE Team SET TeamName = '$TeamName' WHERE id ='$id'";
尝试
$sql = "UPDATE Team SET TeamName = \"$TeamName\" WHERE id ='$id'";