我每次尝试更新MySQL中的记录时都会收到此错误,我昨天在另一篇文章中测试了我的表单的较小版本
我知道在MySQL中更新记录的代码有效,但当我尝试在实际表单中使用它时我需要使用我不断收到此错误:
您的SQL语法有错误;检查手册 对应于您的MySQL服务器版本,以便使用正确的语法 靠近''门票'SET'work_performed'='测试','item_qty1'='1','at 第1行
这是我处理更新的代码:
<?php
// database connection //
include 'db_connect.php';
//This gets all the other information from the form
// start of form inputs //
$work_performed=$_POST['work_performed'];
$item_qty1=$_POST['item_qty1'];
$item_qty2=($_POST['item_qty2']);
$item_qty3=$_POST['item_qty3'];
$item_qty4=($_POST['item_qty4']);
$item_qty5=$_POST['item_qty5'];
$manuf_1=$_POST['manuf_1'];
$manuf_2=$_POST['manuf_2'];
$manuf_3=$_POST['manuf_3'];
$manuf_4=$_POST['manuf_4'];
$manuf_5=$_POST['manuf_5'];
$part_number1=$_POST['part_number1'];
$part_number2=$_POST['part_number2'];
$part_number3=$_POST['part_number3'];
$part_number4=$_POST['part_number4'];
$part_number5=$_POST['part_number5'];
$part_description1=$_POST['part_description1'];
$part_description2=$_POST['part_description2'];
$part_description3=$_POST['part_description3'];
$part_description4=$_POST['part_description4'];
$part_description5=$_POST['part_description5'];
$part_price1=$_POST['part_price1'];
$part_price2=$_POST['part_price2'];
$part_price3=$_POST['part_price3'];
$part_price4=$_POST['part_price4'];
$part_price5=$_POST['part_price5'];
$price_extension1=$_POST['price_extension1'];
$price_extension2=$_POST['price_extension2'];
$price_extension3=$_POST['price_extension3'];
$price_extension4=$_POST['price_extension4'];
$price_extension5=$_POST['price_extension5'];
$material_total=$_POST['material_total'];
$sales_tax=$_POST['sales_tax'];
$shipping_cost=$_POST['shipping_cost'];
$work_date1=$_POST['work_date1'];
$work_date2=$_POST['work_date2'];
$work_date3=$_POST['work_date3'];
$work_date4=$_POST['work_date4'];
$work_date5=$_POST['work_date5'];
$tech_name1=$_POST['tech_name1'];
$tech_name2=$_POST['tech_name2'];
$tech_name3=$_POST['tech_name3'];
$tech_name4=$_POST['tech_name4'];
$tech_name5=$_POST['tech_name5'];
$cost_code1=$_POST['cost_code1'];
$cost_code2=$_POST['cost_code2'];
$cost_code3=$_POST['cost_code3'];
$cost_code4=$_POST['cost_code4'];
$cost_code5=$_POST['cost_code5'];
$pay_rate1=$_POST['pay_rate1'];
$pay_rate2=$_POST['pay_rate2'];
$pay_rate3=$_POST['pay_rate3'];
$pay_rate4=$_POST['pay_rate4'];
$pay_rate5=$_POST['pay_rate5'];
$total_hours1=$_POST['total_hours1'];
$total_hours2=$_POST['total_hours2'];
$total_hours3=$_POST['total_hours3'];
$total_hours4=$_POST['total_hours4'];
$total_hours5=$_POST['total_hours5'];
$hours_subtotal1=$_POST['hours_subtotal1'];
$hours_subtotal2=$_POST['hours_subtotal2'];
$hours_subtotal3=$_POST['hours_subtotal3'];
$hours_subtotal4=$_POST['hours_subtotal4'];
$hours_subtotal5=$_POST['hours_subtotal5'];
$total_hours=$_POST['total_hours'];
$material_total=$_POST['material_total'];
$labor_cost=$_POST['labor_cost'];
$grand_total=$_POST['grand_total'];
$id=$_POST['id'];
//below section is not ready //
//$employee_number=$_POST['employee_number'];
//$date_finished=$_POST['date_finished'];
//$tech_signature=$_POST['tech_signature'];
//$customer_signature=$_POST['customer_signature'];
//$print_name=$_POST['print_name'];
//Writes the information to the database
mysql_query("UPDATE 'tickets' SET 'work_performed' = '$work_performed',
'item_qty1' = '$item_qty1',
'item_qty2' = '$item_qty2',
'item_qty3' = '$item_qty3',
'item_qty4' = '$item_qty4',
'item_qty5' = '$item_qty5',
'manuf_1' = '$manuf_1',
'manuf_2' = '$manuf_2',
'manuf_3' = '$manuf_3',
'manuf_4' = '$manuf_4',
'manuf_5' = '$manuf_5',
'part_number1' = '$part_number1',
'part_number2' = '$part_number2',
'part_number3' = '$part_number3',
'part_number4' = '$part_number4',
'part_number5' = '$part_number5',
'part_description1' = '$part_description1',
'part_description2' = '$part_description2',
'part_description3' = '$part_description3',
'part_description4' = '$part_description4',
'part_description5' = '$part_description5',
'part_price1' = '$part_price1',
'part_price2' = '$part_price2',
'part_price3' = '$part_price3',
'part_price4' = '$part_price4',
'part_price5' = '$part_price5',
'price_extension1' = '$price_extension1',
'price_extension2' = '$price_extension2',
'price_extension3' = '$price_extension3',
'price_extension4' = '$price_extension4',
'price_extension5' = '$price_extension5',
'material_total' = '$material_total',
'sales_tax' = '$sales_tax',
'shipping_cost' = '$shipping_cost',
'work_date1' = '$work_date1',
'work_date2' = '$work_date2',
'work_date3' = '$work_date3',
'work_date4' = '$work_date4',
'work_date5' = '$work_date5',
'tech_name1' = '$tech_name1',
'tech_name2' = '$tech_name2',
'tech_name3' = '$tech_name3',
'tech_name4' = '$tech_name4',
'tech_name5' = '$tech_name5',
'cost_code1' = '$cost_code1',
'cost_code2' = '$cost_code2',
'cost_code3' = '$cost_code3',
'cost_code4' = '$cost_code4',
'cost_code5' = '$cost_code5',
'pay_rate1' = '$pay_rate1',
'pay_rate2' = '$pay_rate2',
'pay_rate3' = '$pay_rate3',
'pay_rate4' = '$pay_rate4',
'pay_rate5' = '$pay_rate5',
'total_hours1' = '$total_hours1',
'total_hours2' = '$total_hours2',
'total_hours3' = '$total_hours3',
'total_hours4' = '$total_hours4',
'total_hours5' = '$total_hours5',
'hours_subtotal1' = '$hours_subtotal1',
'hours_subtotal2' = '$hours_subtotal2',
'hours_subtotal3' = '$hours_subtotal3',
'hours_subtotal4' = '$hours_subtotal4',
'hours_subtotal5' = '$hours_subtotal5',
'total_hours' = '$total_hours',
'material_total' = '$material_total',
'labor_cost' = '$labor_cost',
'grand_total' = '$grand_total' WHERE 'id' = '$id'");
mysql_affected_rows();
echo mysql_error();
?>
<html>
<body>
<center>
<br><br><br>
<form name="results" method="post" action="ticket_results.php" enctype="multipart/form-data" id="ticketresult">
<input type="submit" class="submit" id="ticketresult" style="width: 165px" value="Do Something">
</form>
</center>
</body>
</html>
更新问题,
所以我进行了实验并删除了任何重复的值,例如item_qty2,item_qty3,item_qty4,并将我的值最小化到此,
mysql_query("UPDATE `tickets` SET `work_performed` = '$work_performed',
`item_qty1` = '$item_qty1',
`manuf_1` = '$manuf_1',
`part_number1` = '$part_number1',
`part_description1` = '$part_description1',
`part_price1` = '$part_price1',
`price_extension1` = '$price_extension1',
`material_total` = '$material_total',
`sales_tax` = '$sales_tax',
`shipping_cost` = '$shipping_cost',
`work_date1` = '$work_date1',
`tech_name1` = '$tech_name1',
`cost_code1` = '$cost_code1',
`pay_rate1` = '$pay_rate1',
`total_hours1` = '$total_hours1',
`hours_subtotal1` = '$hours_subtotal1',
`total_hours` = '$total_hours',
`material_total` = '$material_total',
`labor_cost` = '$labor_cost',
`grand_total` = '$grand_total' WHERE `id` = '$id'");
每次都能完美运行,但只要我添加了item_qty2或part_number2等值,我就会收到语法错误。整个表格工作了一次,但要求我在每个领域输入一个值,但我并不总是需要在每个领域都有一个值!
答案 0 :(得分:4)
您的查询无效的原因是您使用单引号包装列名称和表名称。它们是标识符而不是字符串文字,所以它们不应该用单引号换行。
UPDATE tickets SET work_performed = .....
如果发生使用的列名和/或表名是保留关键字,则可以使用反引号转义,而不是使用单引号。前,
UPDATE `tickets` SET `work_performed` = .....
在这种情况下,不需要反引号,因为它们都不是保留关键字。
其他链接:
作为旁注,如果变量的值( s )来自外部,则查询易受SQL Injection
攻击。请查看下面的文章,了解如何防止它。通过使用PreparedStatements
,您可以摆脱在值周围使用单引号。
答案 1 :(得分:1)
如果您输入的任何一个值都有撇号,它将会破坏您的查询,因为您没有转义它。
此外,列名应包含在反引号`
中,而不是单引号。