$sql = "UPDATE tblprofile SET name = '$membername' ,
f_h_name = '$fathername',
maritalS = '$mstatus' ,
dob = '$dob' ,
occupation = '$occupation' ,
nominee = '$nominee' ,
address1 = '$address1' ,
address2 = '$address2',
city = '$city',
district = '$district',
state = '$state',
pin = '$areapin',
mobile = '$mobileno',
email = '$email',
PANno = '$panno',
bankname = '$bankname',
branch = '$branch',
accountno = '$accountno'
WHERE userId = '$_SESSION['UserId']' "; //line 212
if(mysql_query($sql))
{
echo "Updation Done.";
}
浏览器出现错误: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\303\saveEditProfile.php on line 212
答案 0 :(得分:2)
你的variable reference $_SESSION['UserId'] inside the double quoted string is not allowed。您需要编写$_SESSION[UserId](不引用密钥):
"… WHERE userId = '$_SESSION[UserId]' "
或者使用大括号语法{$_SESSION['UserId']}:
"… WHERE userId = '{$_SESSION['UserId']}' "
但我建议您使用参数化函数来构建查询(如sprintf)或Prepared Statements,以便您可以再次保护自己的SQL注入。
答案 1 :(得分:1)
试试这个:
$sql = "UPDATE tblprofile SET name = '$membername' ,
f_h_name = '$fathername',
maritalS = '$mstatus' ,
dob = '$dob' ,
occupation = '$occupation' ,
nominee = '$nominee' ,
address1 = '$address1' ,
address2 = '$address2',
city = '$city',
district = '$district',
state = '$state',
pin = '$areapin',
mobile = '$mobileno',
email = '$email',
PANno = '$panno',
bankname = '$bankname',
branch = '$branch',
accountno = '$accountno'
WHERE userId = '{$_SESSION['UserId']}' "; //line 212
我强烈建议您查看php.net/sprintf,例如:
$sql = sprintf("SELECT id FROM table WHERE name = '%s'", $name);
答案 2 :(得分:0)
快速破解确实可以删除上一条SQL查询行中的单引号,如下所示:
WHERE userId = '$_SESSION[UserId]' ";
答案 3 :(得分:0)
尝试更改为:
$_SESSION[UserId]