表单提交错误

时间:2014-09-25 06:39:03

标签: php codeigniter

单击表单提交时出现语法错误。我一直试图修复它,但不确定是什么问题

错误

Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_group_id = 1' at line 1
UPDATE user_group SET name = Administration, permission = WHERE user_group_id = 1
Filename: C:\Xampp\htdocs\codeigniter\codeigniter-blog\system\database\DB_driver.php
Line Number: 330

我一直试图解决这个问题,但我不确定是什么遗漏或需要改变。

模型功能

public function editUserGroup($user_group_id, $data) {
  $this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET 
  name = " . $data['name'] . ", 
  permission = " . (isset($data['permission']) ? serialize($data['permission']) : '') . " 
  WHERE 
  user_group_id = " . (int)$user_group_id . " 
  ");
}

更新了帖子

public function edit($user_group_id = 0) {
        $data['title'] = "User Group Edit";
        $data['base'] = config_item('HTTP_SERVER');
        $data['isLogged'] = $this->user->isLogged();

        if ($this->request->server['REQUEST_METHOD'] == 'POST') {

            $data = array(
                'name' => $name,
                'permission' => $permission,
            );

            $this->model_user_group->editUserGroup($this->uri->segment(4), $this->request->post);

            redirect('users/users_permission');
        }

        $this->getForm();
    }

    function getForm() {

        $data['title'] = "User Group Edit";
        $data['base'] = config_item('HTTP_SERVER');
        $data['isLogged'] = $this->user->isLogged();

        $data['text_select_all'] = $this->lang->line('text_select_all');
        $data['text_unselect_all'] = $this->lang->line('text_unselect_all');

        $data['entry_name'] = $this->lang->line('entry_name');
        $data['entry_access'] = $this->lang->line('entry_access');
        $data['entry_modify'] = $this->lang->line('entry_modify');

        $data['button_save'] = $this->lang->line('button_save');
        $data['button_cancel'] = $this->lang->line('button_cancel');

        $data['action'] = site_url('users/users_permission/edit/' . $this->uri->segment(4));

        $user_group_info = $this->model_user_group->getUserGroup($this->uri->segment(4));

        $data = array(
            'name' => $name,
            'permissions' => $permission,
        );

        if (isset($this->request->post['name'])) {
            $data['name'] = $this->request->post['name'];
        } elseif (!empty($user_group_info)) {
            $data['name'] = $user_group_info['name'];
        } else {
            $data['name'] = '';
        }

        $ignore = array(
            'common/dashboard',
            'common/startup',
            'common/login',
            'common/logout',
            'common/forgotten',
            'common/reset',
            'error/not_found',
            'error/permission',
            'common/footer',
            'common/header'
        );

        $data['permissions'] = array();

        $files = glob(APPPATH . 'controllers/*/*.php');

        foreach ($files as $file) {
            $part = explode('/', dirname($file));

            $permission = end($part) . '/' . basename($file, '.php');

            if (!in_array($permission, $ignore)) {
                $data['permissions'][] = $permission;
            }
        }

        if (isset($this->request->post['permission']['access'])) {
            $data['access'] = $this->request->post['permission']['access'];
        } elseif (isset($user_group_info['permission']['access'])) {
            $data['access'] = $user_group_info['permission']['access'];
        } else {
            $data['access'] = array();
        }

        if (isset($this->request->post['permission']['modify'])) {
            $data['modify'] = $this->request->post['permission']['modify'];
        } elseif (isset($user_group_info['permission']['modify'])) {
            $data['modify'] = $user_group_info['permission']['modify'];
        } else {
            $data['modify'] = array();
        }

        $data['header'] = $this->load->view('template/common/header', $data, TRUE);
        $data['footer'] = $this->load->view('template/common/footer', NULL, TRUE);

        return $this->load->view('template/users/users_group_form', $data);
    }

2 个答案:

答案 0 :(得分:0)

围绕值的单引号'

public function editUserGroup($user_group_id, $data) {
  $this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET 
  name = '" . $data['name'] . "', 
  permission = '" . (isset($data['permission']) ? serialize($data['permission']) : '') . "' 
  WHERE 
  user_group_id = '" . (int)$user_group_id . "' 
  ");
}

答案 1 :(得分:-1)

我现在需要在某些区域使用这个db-escape

public function editUserGroup($user_group_id, $data) {
        $this->db->query("UPDATE " . $this->db->dbprefix . "user_group SET 
        name = " . $this->db->escape($data['name']) . ", 
        permission = " . (isset($data['permission']) ? $this->db->escape(serialize($data['permission'])) : '') . "
        WHERE 
        user_group_id = '" . (int)$user_group_id . "' 
      ");
    }