执行更新语句时接收错误消息

时间:2010-09-02 07:15:48

标签: php sql sql-update

执行更新语句时收到错误消息,但正在更新数据库。

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1

函数update()的问题:

function update($pUInput) {

    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

整个PHP代码:

//Call function mainline
mainline();

// Declare the function mainline
function mainline() {

    $uInput = getUserInput();

    $connectDb = openConnect(); // Open Database Connection
    selectDb($connectDb); // Select Database
    doAction($uInput);
    //display();
    //closeConnect();

}

//Declare function getUserInput ------------------------------------------------------------------------------------
function getUserInput() {

    echo "In the function getUserInput()" . "<br/>";

    // Variables of User Input
    $idnum = $_POST["idnum"];              // id (NOTE: auto increments in database)
    $fname = $_POST["fname"];             // first name
    $lname = $_POST["lname"];            // last name
    $major = $_POST["major"];           // major
    $year = $_POST["year"];            // year
    $action = $_POST["action"];       // action (select, insert, update, delete)

    $userInput = array($idnum, $fname, $lname, $major, $year, $action);

    return $userInput;
}

// function doAction ----------------------------------------------------------------------------------------------
function doAction($pUserInput) {
    echo "In function doAction()" . "<br/>";

    if ($pUserInput[5] == "select") {
        //IDorLastName();   
        selectById();


    } elseif ($pUserInput[5] == "insert") {


        //checkStudentFields();
        insert($pUserInput);

        //echo "I need to insert!";
    } elseif ($pUserInput[5] == "update") {
        //IDorLastName();       
        update($pUserInput);    
        //echo "I need to insert!";


    } elseif ($pUserInput[5] == "delete") {
        //IDorLastName();       
        deleteById($pUserInput);    
        //echo "I need to insert!";
    }

}

/*
function IDorLastName() {
    if (!empty($pUserInput[0]) || !empty($pUserInput[2])) {
                checkId();
                } else {
            echo "Please enter ID field or Last Name field";
            }
        }
}
*/
// function checkId -----------------------------------------------------------------------------------------------
/*
function checkId() {
    if (!empty($pUserInput[0])) {
        selectById();
        } else {
        selectByLastName();
    }
}*/

/*
function checkStudentFields() {
 // check if first name, last name, major and year exists
}*/

// Create a database connection ------------------------------------------------------------------------------------
function openConnect() {
    $connection = mysql_connect("localhost", "root_user", "password");
        echo "Opened Connection!" . "<br/>";    
    if(!$connection) {
        die("Database connection failed: " . mysql_error());
    }
    return $connection;
}

// Select a database to ------------------------------------------------------------------------------------------- 
function selectDb($pConnectDb) {
    $dbSelect = mysql_select_db("School", $pConnectDb);
    if(!$dbSelect) {
        die("Database selection failed: " . mysql_error());
    } else {
    echo "You are in the School database! <br/>";   
    }

}

// Close database connection ------------------------------------------------------------------------------------
function closeConnect() {
    mysql_close($connection);
}

// function selectById ---------------------------------------------------------------------------------------------
function selectById($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE id='$pUInput[0]'");
    if (!$row = mysql_fetch_assoc($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        //echo $pUInput[0];

}

// function selectByLastName ---------------------------------------------------------------------------------------------
function selectByLastName($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE last_name='$pUInput[2]'");
    if (!$row = mysql_fetch_array($sql))
          {
          die('Error: ' . mysql_error());
          }       
        echo "selected" . "<br/>";
        echo $pUInput[2];

}

// function insert -------------------------------------------------------------------------------------------------
function insert($pUInput) {     
    $sql="INSERT INTO tblStudents (first_name, last_name, major, year)
          VALUES
         ('$pUInput[1]','$pUInput[2]','$pUInput[3]', '$pUInput[4]')";

        if (!mysql_query($sql))
          {
          die('Error: ' . mysql_error());
          }
        echo "1 record added";
}

// function update -------------------------------------------------------------------------------------------------
function update($pUInput) {
    // call select();
    $sql = mysql_query("UPDATE tblStudents 
                        SET first_name = '$pUInput[1]', last_name = '$pUInput[2]', 
                                  major = '$pUInput[3]', 
                                  year = '$pUInput[4]'
                        WHERE id = '$pUInput[0]'");

    if (!mysql_query($sql))
      {
      die('Error: ' . mysql_error());
      }
    echo "1 record update";

}

// function delete -------------------------------------------------------------------------------------------------
function deleteById($pUInput) {
        // call select();
        $sql="DELETE FROM tblStudents WHERE id='$pUInput[0]'";
        $result=mysql_query($sql);

        if($result){
            echo "Deleted Successfully";
        }else {
            echo "Error";
        }       
}

/*

function display() { 
}
*/



?> 

SQL语法:

CREATE TABLE `tblStudents` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `first_name` varchar(30) NOT NULL,
  `last_name` varchar(50) NOT NULL,
  `major` varchar(40) NOT NULL,
  `year` date NOT NULL,
  PRIMARY KEY (`id`)
)

2 个答案:

答案 0 :(得分:1)

试试这个:

$sql = "UPDATE tblStudents 
        SET first_name = '{$pUInput[1]}',
            last_name = '{$pUInput[2]}', 
            major = '{$pUInput[3]}', 
            year = '{$pUInput[4]}'
        WHERE id = '{$pUInput[0]}'";

if(!mysql_query($sql))
{
    die('Error: ' . mysql_error());
}
echo "1 record update";

并改变这一点:

// Variables of User Input
$idnum = $_POST["idnum"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$major = $_POST["major"];
$year = $_POST["year"];
$action = $_POST["action"];

要:

// Variables of User Input
$idnum = mysql_real_escape_string($_POST["idnum"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$lname = mysql_real_escape_string($_POST["lname"]);
$major = mysql_real_escape_string($_POST["major"]);
$year = mysql_real_escape_string($_POST["year"]);
$action = mysql_real_escape_string($_POST["action"]);

您可能想要阅读sql注入。

答案 1 :(得分:0)

您的id-column是一个数值,您将其与字符串值进行比较。电脑说没有。