单击表单提交时出现语法错误。我一直试图修复它,但不确定是什么问题
错误
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_group_id = 1' at line 1
UPDATE user_group SET name = Administration, permission = WHERE user_group_id = 1
Filename: C:\Xampp\htdocs\codeigniter\codeigniter-blog\system\database\DB_driver.php
Line Number: 330
我一直试图解决这个问题,但我不确定是什么遗漏或需要改变。
模型功能
public function editUserGroup($user_group_id, $data) {
$this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET
name = " . $data['name'] . ",
permission = " . (isset($data['permission']) ? serialize($data['permission']) : '') . "
WHERE
user_group_id = " . (int)$user_group_id . "
");
}
更新了帖子
public function edit($user_group_id = 0) {
$data['title'] = "User Group Edit";
$data['base'] = config_item('HTTP_SERVER');
$data['isLogged'] = $this->user->isLogged();
if ($this->request->server['REQUEST_METHOD'] == 'POST') {
$data = array(
'name' => $name,
'permission' => $permission,
);
$this->model_user_group->editUserGroup($this->uri->segment(4), $this->request->post);
redirect('users/users_permission');
}
$this->getForm();
}
function getForm() {
$data['title'] = "User Group Edit";
$data['base'] = config_item('HTTP_SERVER');
$data['isLogged'] = $this->user->isLogged();
$data['text_select_all'] = $this->lang->line('text_select_all');
$data['text_unselect_all'] = $this->lang->line('text_unselect_all');
$data['entry_name'] = $this->lang->line('entry_name');
$data['entry_access'] = $this->lang->line('entry_access');
$data['entry_modify'] = $this->lang->line('entry_modify');
$data['button_save'] = $this->lang->line('button_save');
$data['button_cancel'] = $this->lang->line('button_cancel');
$data['action'] = site_url('users/users_permission/edit/' . $this->uri->segment(4));
$user_group_info = $this->model_user_group->getUserGroup($this->uri->segment(4));
$data = array(
'name' => $name,
'permissions' => $permission,
);
if (isset($this->request->post['name'])) {
$data['name'] = $this->request->post['name'];
} elseif (!empty($user_group_info)) {
$data['name'] = $user_group_info['name'];
} else {
$data['name'] = '';
}
$ignore = array(
'common/dashboard',
'common/startup',
'common/login',
'common/logout',
'common/forgotten',
'common/reset',
'error/not_found',
'error/permission',
'common/footer',
'common/header'
);
$data['permissions'] = array();
$files = glob(APPPATH . 'controllers/*/*.php');
foreach ($files as $file) {
$part = explode('/', dirname($file));
$permission = end($part) . '/' . basename($file, '.php');
if (!in_array($permission, $ignore)) {
$data['permissions'][] = $permission;
}
}
if (isset($this->request->post['permission']['access'])) {
$data['access'] = $this->request->post['permission']['access'];
} elseif (isset($user_group_info['permission']['access'])) {
$data['access'] = $user_group_info['permission']['access'];
} else {
$data['access'] = array();
}
if (isset($this->request->post['permission']['modify'])) {
$data['modify'] = $this->request->post['permission']['modify'];
} elseif (isset($user_group_info['permission']['modify'])) {
$data['modify'] = $user_group_info['permission']['modify'];
} else {
$data['modify'] = array();
}
$data['header'] = $this->load->view('template/common/header', $data, TRUE);
$data['footer'] = $this->load->view('template/common/footer', NULL, TRUE);
return $this->load->view('template/users/users_group_form', $data);
}
答案 0 :(得分:0)
围绕值的单引号':
public function editUserGroup($user_group_id, $data) {
$this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET
name = '" . $data['name'] . "',
permission = '" . (isset($data['permission']) ? serialize($data['permission']) : '') . "'
WHERE
user_group_id = '" . (int)$user_group_id . "'
");
}
答案 1 :(得分:-1)
我现在需要在某些区域使用这个db-escape
public function editUserGroup($user_group_id, $data) {
$this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET
name = " . $this->db->escape($data['name']) . ",
permission = " . (isset($data['permission']) ? $this->db->escape(serialize($data['permission'])) : '') . "
WHERE
user_group_id = '" . (int)$user_group_id . "'
");
}