$query = "UPDATE $abc_tbl ".
"SET nationality={$_SESSION['Nationality']},".
"gender={$_SESSION['gender']} ,".
"dob={$_SESSION['DoB']},".
"contact={$_SESSION['contact']},".
"address='{$_SESSION['address']},".
"level={$_SESSION['Level']},".
"course={$_SESSION['Course']},".
"mode_study={$_SESSION['ModeStudy']},".
"semester={$_SESSION['Semester']},".
"degree={$_SESSION['Degree']},".
"major={$_SESSION['Major']},".
"gpa={$_SESSION['GPA']},".
"inst={$_SESSION['Institution']},".
"docs=$target_file)".
"WHERE (uname=$uname)";
$result=mysql_query($query) or die ("this stuffedup");
if ($result) {
$_SESSION['success'] = "Done";
header("location: Application_Success.php"); // Redirecting to success page
}
我尝试了几种语法,但查询仍无法正常工作
请知道为什么信息没有存储在我的表格中
谢谢
答案 0 :(得分:0)
您需要在引号内包装文本值。例如
$query = "UPDATE $abc_tbl ".
"SET nationality='{$_SESSION['Nationality']}',".
"gender='{$_SESSION['gender']}',".
.....
.....
但你应该使用@ {3}}或mysqli之类的更好的选项作为@Niet the Dark Absol的推荐
使用像mysqli / PDO等PDO服务可以帮助您保护数据库免受prepared statements and parameterized queries等漏洞攻击。
答案 1 :(得分:0)
只需将会话变量初始化为普通的php变量,然后将它们传递给sql查询。
$gender=$_SESSION['gender'];
$DoB=$_SESSION['DoB'];
$Nationality=$_SESSION['Nationality'];
query = "UPDATE $abc_tbl ".
"SET nationality=' $Nationality',".
"gender= '$gender' ,".
"dob=$DoB,".
" .......
".
"docs='$target_file' ".
"WHERE (uname='$uname')";
// ....... means finish up your query in a given order
这应该有效