PHP / MYSQL编辑配置文件功能 - 查询语法错误?

时间:2016-07-01 12:34:57

标签: php mysql sql

我正在尝试允许用户在其个人资料上编辑他们的用户说明。我正在接受这个错误但无法理解为什么。至于我在堆栈溢出时查看了不同的答案,我使用了正确的查询语法,但它仍然返回false,它应该保存用户在表单中写的内容:

'use near WHERE user_id=1' at line 4'

我还没有足够的经验来理解每个sql语法错误。我正在尝试学习php和sql所以很多细节都非常受欢迎。

这是一个查询,可以节省您在代码中查找它的时间:

$id = $_SESSION['user_id'];
    $descrip =$_SESSION['user_description'];

    //Save changes

    $sql ='UPDATE users 
            SET user_description='.mysqli_real_escape_string($link,$descrip).'
            WHERE user_id='.mysqli_real_escape_string($link, $id);

这是editdetail.php文件。

<?php
include 'connect.php';
include 'header.php';

?>
<?php
// default Avatar picture if "avatar" column empty.
if(empty($_POST['user_avatar']) )
{
$avatar = 'Images/default.jpg';
}
else 
{
$avatar = $_POST['user_avatar'];
}
if(empty($_POST['user_description']) )
{
$description = 'Edit your description to let people know more about you!';
}
else 
{
$description = $_POST['user_description'];
}
// check if user is signed in
if(!isset($_SESSION['signed_in']))
{
//the user is not signed in.
echo '<a href="/Latest_try/signin.php">Sign in</a> to view your profile.'; 
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
echo   '<div id="LeftCol"><div id="Photo"> <img src="'.$avatar.'" width="205" height="205"></div>
    <div id="ProfileOptions"> Usersince: '.$_SESSION["user_date"].'<br/>
    <a href="editavatar.php">Edit avatar</a></div></div>
    <div id="rightpart"> <div id="Info">
    <span><a href="editdetails.php">Edit Details</a></span>
    <p><strong>Username: '.$_SESSION["user_name"].' </strong></p>
    <p><strong>Email: '.$_SESSION["user_email"].'   </strong></p>
    <p><strong><u>Description</u>:                  </strong></p>
    <p> '.$description.' </p>
    <form method="post" action="">
        <br /><u>Edit description</u>:<br /><br /><textarea name="user_description" /></textarea><br />
        <input type="submit" value="Update description" />
     </form>
    </form>
    </div>
    </div>
    </html>';
 }
 else
 {
    $id = $_SESSION['user_id'];
    $descrip =$_SESSION['user_description'];
    //Save changes
    $sql ='UPDATE
                users 
            SET user_description='.mysqli_real_escape_string($link,$descrip).'
            WHERE user_id='.mysqli_real_escape_string($link, $id);


    $result = mysqli_query($link,$sql);
    if(!$result)
    {
        //something went wrong, display the error
        echo 'Error' . mysqli_error($link);
    }
    else
    {
        echo 'Description updated.';
    }
}
}

2 个答案:

答案 0 :(得分:1)

将您的sql更改为

$sql ='UPDATE
                users 
            SET user_description="'.mysqli_real_escape_string($link,$descrip).'"
            WHERE user_id="'.mysqli_real_escape_string($link, $id).'"';

如果要更新或插入字符串,则应使用单引号或双引号

答案 1 :(得分:1)

你必须在mysql中使用单引号arround字符串:

 "UPDATE
            users 
        SET user_description='".mysqli_real_escape_string($link,$descrip)."'
        WHERE user_id=".$id;

但更好的是了解准备好的陈述。

相关问题
最新问题