SQL语法错误:更新查询错误

时间:2015-01-21 15:17:27

标签: php mysql

我在登录表单中工作,1要求是更改密码。出于某种原因,我总是得到这个错误 - >您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,以便在''用户'附近使用正确的语法SET'密码'= SHA1('123')WHERE'电子邮件'='mac.pader@yahoo.com''在第1行。

<?php
$page_title = 'Change Your Password';
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
    die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('userdb');
if (!$select_db){
    die("Database Selection Failed" . mysql_error());
}
 //Start the Session
session_start();


if (isset($_POST['email']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.
$email = $_POST['email'];
$password = $_POST['password'];
// Check for a new password and match
// against the confirmed password:
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = 'Your new password did not match the confirmed password.';
} else {
$np = $_POST['pass1'];
}
//3.1.2 Checking the values are existing in the database or not
$query = "SELECT userid FROM `users` WHERE email='$email' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
if ($count == 1){
$_SESSION['email'] = $email;
$_SESSION['np'] = $np;
//$row = mysqli_fetch_array($result, MYSQLI_NUM);
// Make the UPDATE query:
$query = "UPDATE 'users' SET 'password'=SHA1('$np') WHERE 'email'='$email'";
$result = mysql_query($query) or die(mysql_error());
echo"$np and $email";
$count = mysql_num_rows($result);
if ($count == 1){

}else{

// Public message:
echo '<h1>System Error</h1>
<p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>';
// Debugging message:
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
}
// Include the footer and quit the script (to not show the form).
//include ('includes/footer.html');
exit();
} else { // Invalid email address/password combination.
echo '<h1>Error!</h1>
<p class="error">The email address and password do not match those on file.</p>';
echo"$num";
}
} 



//3.1.4 if the user is logged in Greets the user with message
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo'<h1>Thank you!</h1>
<p>Your password has been updated. You can now Log-In!</p><p><br /></p>';

}else{
echo'try again';
}

mysql_close($select_db);
exit();
//3.2 When the user visits the page first time, simple login form will be displayed.
?>

// Check for a new password and match
// against the confirmed password:
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = 'Your new password did not match the confirmed password.';
} else {
$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
}
} else {
$errors[] = 'You forgot to enter your new password.';
}

?>

1 个答案:

答案 0 :(得分:1)

你必须在表和字段名称周围使用反引号而不是单引号:

UPDATE `users` SET `Password`=SHA1('$np') WHERE `email`='$email'

此外,您不应使用mysql_ *函数,因为不推荐使用此API。