错误:SQLSTATE [42000]当我尝试更新表

时间:2016-02-21 00:19:39

标签: php mysql pdo

  

致命错误:带有消息的未捕获异常'PDOException'   'SQLSTATE [42000]:语法错误或访问冲突:1064您有   SQL语法错误;查看与您的手册相对应的手册   MariaDB服务器版本,在''1235'='1235'附近使用正确的语法   WHERE username ='wafflezzz''在第1行'中   / home / wafflez3 / public_html / Project SA Theme / ipn / set.php:14 Stack   trace:#0 / home / wafflez3 / public_html / Project SA Theme / ipn / set.php(14):   抛出PDOStatement-> execute()#1 {main}   第14行/ home / wafflez3 / public_html / Project SA Theme / ipn / set.php

当我使用此代码将空值更改为值时,我收到了该错误。

    <?php session_start(); require "../pdo_connect.php"; $usrname = $_SESSION["username"]; ?>
<title>Loading...</title>
<?php
$checker = $conn->prepare("SELECT * FROM transactions WHERE payer_user=:username AND success='1'");
$checker->bindParam(":username", $usrname);
$checker->execute();

while ($row = $checker->fetch(PDO::FETCH_BOTH)) {

   $paidscript = $row["item_name"];
   $sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr");
   $sql->bindParam(":userr", $usrname);
   $sql->bindParam(":script", $paidscript);
   $sql->execute();
    echo "You can now view the script!";




}

2 个答案:

答案 0 :(得分:1)

$sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr");

应该是

$sql = $conn->prepare("UPDATE us SET script=:script WHERE username=:userr");

您根本不打算将字段名称绑定到参数。如果你这样做,它会给你一个这样的错误。

要拥有动态字段名称,您必须执行以下操作:

$paidscript = $row["item_name"];
$sql = $conn->prepare("UPDATE us SET {$paidscript}=:script WHERE username=:userr");

虽然如果它来自用户输入的值,您不应该动态输入字段。

答案 1 :(得分:0)

$sql = $conn->prepare("UPDATE us SET {$paidscript}=:script WHERE username=:userr");

而不是:

   $sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr");