使用以下代码从html表单插入和更新数据库中的某些行。当我提交时,insert form没有做任何事情,既不插入也不显示任何错误,update form说:
Database access failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical, Locatie_eveniment=Bucu' at line 1即使我上面有删除查询,但效果很好。我怎样才能解决这个问题?
PS:正确建立了与数据库的连接:),谢谢!
HTML
<div class="update_row">
Update
<form method="post" action="">
*<input type="text" name="ID_even" Placeholder="Id eveniment"><br>
*<input type="text" name="nume" Placeholder="Nume eveniment"><br>
*<input type="text" name="perioada" Placeholder="Perioada eveniment"><br>
*<input type="text" name="tip" Placeholder="Tip eveniment"><br>
*<input type="text" name="locatie" Placeholder="Locatie eveniment"><br>
*<input type="text" name="id_organizator" Placeholder="ID Organizator"><br>
<input type="submit" name="submit" value="Modifica">
</form>
</div>
<div class="add_row">
Add
<form method="post" action="">
*<input type="text" name="id_add" Placeholder="Id eveniment"><br>
*<input type="text" name="nume_add" Placeholder="Nume eveniment"><br>
*<input type="text" name="perioada_add" Placeholder="Perioada eveniment"><br>
*<input type="text" name="tip_add" Placeholder="Tip eveniment"><br>
*<input type="text" name="locatie_add" Placeholder="Locatie eveniment"><br>
*<input type="text" name="id_org_add" Placeholder="ID Organizator"><br>
<input type="submit" name="submit_add" value="Adauga">
</form>
</div>
PHP
if (isset($_POST["id_add"]))
$id_add=$_POST["id_add"];
if (isset($_POST["nume_add"]))
$nume_add=$_POST["nume_add"];
if (isset($_POST["perioada_add"]))
$perioada_add=$_POST["perioada_add"];
if (isset($_POST["tip_add"]))
$tip_add=$_POST["tip_add"];
if (isset($_POST["locatie_add"]))
$locatie_add=$_POST["locatie_add"];
if (isset($_POST["id_org_add"]))
$id_org=$_POST["id_org_add"];
$submitcheck_add=isset($_POST["submit_add"]);
if($submitcheck_add && $nume_add !=0 && $perioada_add !=0 && $locatie_add !=0 && $id_org !==0){
$sql = "INSERT INTO evenimente (ID_even, Nume_eveniment, Perioada_eveniment, Tip_even, Locatie_eveniment, ID_Org)
VALUES ($id_add, $nume_add, $perioada_add, $tip_add, $locatie_add, $id_org )";
$result=query_mysql($sql);
}
if (isset($_POST["ID_even"]))
$id=$_POST["ID_even"];
if (isset($_POST["nume"]))
$nume=$_POST["nume"];
if (isset($_POST["perioada"]))
$perioada=$_POST["perioada"];
if (isset($_POST["tip"]))
$tip=$_POST["tip"];
if (isset($_POST["locatie"]))
$locatie=$_POST["locatie"];
if (isset($_POST["id_organizator"]))
$id_organizator=$_POST["id_organizator"];
$submitcheck=isset($_POST["submit"]);
if($submitcheck && $id !==0 && $nume !==0 && $perioada !==0 && $tip !==0 && $locatie !==0 && $id_organizator !==0 ){
$sql = "UPDATE evenimente SET Nume_eveniment=$nume, Perioada_eveniment=$perioada, Tip_even=$tip, Locatie_eveniment=$locatie, ID_org=$id_organizator WHERE ID_even=$id";
$result= query_mysql($sql);
}
LE
PDO示例:
if (isset($_POST["ID_even"]))
$id=$_POST["ID_even"];
if (isset($_POST["nume"]))
$nume=$_POST["nume"];
if (isset($_POST["perioada"]))
$perioada=$_POST["perioada"];
if (isset($_POST["tip"]))
$tip=$_POST["tip"];
if (isset($_POST["locatie"]))
$locatie=$_POST["locatie"];
if (isset($_POST["id_organizator"]))
$id_organizator=$_POST["id_organizator"];
$submitcheck=isset($_POST["submit"]);
if($submitcheck && $id !==0 && $nume !==0 && $perioada !==0 && $tip !==0 && $locatie !==0 && $id_organizator !==0 ){
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "organizator_evenimente";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "UPDATE evenimente SET Nume_eveniment=$nume, Perioada_eveniment=$perioada, Tip_even=$tip, Locatie_eveniment=$locatie, ID_Org=$id_organizator WHERE ID_even=$id";
// Prepare statement
$stmt = $conn->prepare($sql);
// execute the query
$stmt->execute();
// echo a message to say the UPDATE succeeded
echo $stmt->rowCount() . " records UPDATED successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
}
错误:
UPDATE evenimente SET Nume_eveniment=Concert Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical, Locatie_eveniment=Bucuresti, ID_Org=2 WHERE ID_even=2
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Craciun, Perioada_eveniment=2014-12-25, Tip_even=Muzical,
请我坚持到这一点!
答案 0 :(得分:3)
您的查询中的字符串值缺少引号:
$sql = "INSERT INTO evenimente (ID_even, Nume_eveniment, Perioada_eveniment, Tip_even, Locatie_eveniment, ID_Org)
VALUES ('$id_add', '$nume_add', '$perioada_add', '$tip_add', '$locatie_add', '$id_org' )";
答案 1 :(得分:0)
首先,您应该清理代码并保存输入。
我查看了你的代码和insert中的参数ID_Org,但是在更新中它是ID_org,确保你的列名是ID_org或ID_Org。最佳做法是不使用大写作为数据库表的名称。
顺便试试这样编写代码,它会更具可读性。
<?php
$id_add = filter_input(INPUT_POST,'id_add');
//at first check which method is called
$insert = filter_input(INPUT_POST,'submit_add');
if($insert){
//do insert
//try using PDO or mysqli for SQL Injection
}else{
$update = filter_input(INPUT_POST,'submit');
if($update){
//do update
}//else{
//here should be code to handle error or nothing if it is ok
//}
}