更新查询问题

时间:2014-10-07 06:20:14

标签: php mysql

我已经在我的网站上定义了一个用户设置页面,该页面上显示了几个表单,我点击了这些字段的查询,点击后会更新"提交& #34;按钮,但有些我最终会在下面出现此错误;

  

用户无法更新因为:您的SQL中有错误   句法;查看与MySQL服务器版本对应的手册   使用附近的正确语法   ' SHA1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)',' WHERE id ='在   第1行

这是表单的配置文件设置页面代码:

    <?php

    $uid = $_SESSION['user_id'];
    $query = mysqli_query($dbc, "SELECT * FROM users WHERE id = $uid ")or die(mysql_error());

    $arr = mysqli_fetch_assoc($query);

     ?> 

    <form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form">

            <label for="first">First Name</label>
            <input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="First Name" autocomplete="off">

        </div>

        <div class="from-group">

            <label for="last">Last Name</label>
            <input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="Last Name" autocomplete="off">

        </div>

        <br>

        <div class="from-group">

            <label for="email">Email Address</label>
            <input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="Email Address" autocomplete="off">

        </div>

        <div class="from-group">

            <label for="password">Password</label>
            <input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="Password" autocomplete="off">

        </div>

        <button id="profile-btn-change" type="submit" class="btn">Submit Changes</button>
        <input type="hidden" name="submitted" value="1">

    </form>

这是更新此表单的查询; 

                if(isset($_POST['submitted']) == 1){

                $first = mysqli_real_escape_string($dbc, $_POST['first']);
                $last = mysqli_real_escape_string($dbc, $_POST['last']);
                 $password = SHA1($_POST['password']);

                $action = 'Updated';
                $q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";

                $r = mysqli_query($dbc, $q);

                if($r){

                    $message = '<p class="alert alert-success">User Was '.$action.'!</p>';

                        } else {

                    $message = '<p class="alert alert-danger">User Could Not Be '.$action.' Because:'.mysqli_error($dbc);

                        }

            }

任何考虑都表示赞赏

1 个答案:

答案 0 :(得分:1)

您正在重复UPDATE查询中的password =部分。

$password = sha1($_POST[password]);

而不是

$password = " password = 'SHA1($_POST[password])', ";

更新

确保您尝试更新查询,如

$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";

并尝试在使用它们时清理变量。

相关问题
最新问题