我正在玩PHP / MySQL,并尝试在线自学,但无法解决这个问题。
我一直在 http://www.keithjbrown.co.uk/vworks/php/php_p5.php
上学习PHP教程此页面位于tasmanianracing.com/horses.php
我收到以下mysql错误:
您的SQL语法有错误; 检查对应的手册 您的MySQL服务器版本 正确的语法在'WHERE附近使用 (horses.horseID =)'在第1行
从我的函数update_horse()
中抛出我的代码如下 - 如果有人可以帮助我,我将永远感激不尽!
<html>
<head>
<title>Horses | Horse Database</title>
</head>
<body>
<?php
if (!$_REQUEST['Submit']) {
html_form();
} elseif ($_REQUEST['Submit'] == "View Horse") {
select_horse();
} elseif ($_REQUEST['Submit'] == "Edit") {
get_data();
} elseif ($_REQUEST['Submit'] == "Update") {
update_horse();
}
function my_conn() {
/* sets the variables for MySQL connection */
$server = "***"; // this is the server address and port
$username = "***"; // this is the mysql username
$password = "***"; // this is the mysql password
/* connects to the MySQL server */
$link = @mysql_connect ($server, $username, $password)
or die (mysql_error());
/* defines the active database for the connection */
if (!@mysql_select_db("tashorse_tasform", $link)) {
echo "<p>There has been an error. This is the error message:</p>";
echo "<p><strong>" . mysql_error() . "</strong></p>";
echo "Please contact your systems administrator with the details";
}
return $link;
}
function html_form() {
?>
<p>Please enter the search term for the horse</p>
<form name="horsesearch" method="post" action="<? echo $_SERVER['PHP_SELF']; ?>">
Name of horse: <input type="text" name="horse_name">
<input type="submit" name="Submit" value="View Horse" />
</form>
<?
}
function select_horse() {
?>
<h4>Horse Search</h4>
<?
$conn = my_conn();
/* Sets the SQL Query */
$sql = "SELECT * FROM horses";
$sql .= " WHERE (horses.horse_name = '{$_POST['horse_name']}')";
/* Passes a Query to the Active Database */
$result = mysql_query($sql, $conn);
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* starts the table and creates headings */
?>
<table>
<tr>
<td><strong>Horse Name</strong></td>
<td><strong>Year Foaled</strong></td>
<td><strong>Trainer</strong></td>
<td><strong>Owners</strong></td>
<td><strong>Silks</strong></td>
<td></td>
</tr>
<?
/* retrieves the rows from the query result set and puts them into
a HTML table row */
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo("<tr><td>" . $row["horse_name"] . "</td>");
echo("<td>" . $row["year_foaled"] . "</td>");
echo("<td>" . $row["trainer"] . "</td>");
echo("<td>" . $row["owners"] . "</td>");
echo("<td>" . $row["silks"] . "</td>");
echo("<td><a href=\"" . $_SERVER['PHP_SELF'] . "?horseID=" .$row['horseID'] . "&Submit=Edit\">Edit</a></td></tr>");
}
/* closes the table */
?>
</table>
<?
/* closes connection to the MySQL server */
mysql_close ($conn);
/* Displays HTML Form */
html_form();
}
function get_data() {
/* Calls our connection function */
$conn = my_conn();
/* Defines query */
$sql = "SELECT * FROM horses WHERE (horses.horseID = " . $_REQUEST['horseID'] . ")";
/* Passes query to database */
$result = mysql_query($sql, $conn);
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* creates our row array with an if statement to report errors */
if ($row = @mysql_fetch_array($result, MYSQL_ASSOC)) {
/* prints out the horse name */
print "<h4>$row[horse_name]</h4>";
/* prints out our HTML form '\"' */
print "<form name=\"horseupdate\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">";
/* prints out our HTML table and fields 'escaping' any double quotes '\"' */
print "<table width=\"600\">
<tr>
<td width=\"150\"><strong>Horse Name</strong></td>
<td width=\"350\"><input type=\"hidden\" name=\"horse_name\" value=\"$row[horse_name]\"></td>
<td rowspan=\"5\" valign=\"top\">
<input type=\"submit\" name=\"Submit\" value=\"Update\">
</td>
</tr>
<tr>
<td width=\"150\"><strong>Year Foaled</strong></td>
<td width=\"350\"><input type=\"text\" size =\"4\" name=\"year_foaled\" value=\"$row[year_foaled]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Trainer</strong></td>
<td width=\"350\"><input type=\"text\" size =\"40\" name=\"trainer\" value=\"$row[trainer]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Owners</strong></td>
<td width=\"350\"><input type=\"text\" size =\"40\" name=\"owners\" value=\"$row[owners]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Silks</strong></td>
<td width=\"350\"><input type=\"text\" size =\"40\" name=\"silks\" value=\"$row[silks]\"></td>
</tr>
</table>
</form>";
} else {
echo("There has been an error" . mysql_error());
}
/* closes connection */
mysql_close ($conn);
}
function update_horse() {
/* Calls our connection function */
$conn = my_conn();
/* Defines query */
$sql_update = "UPDATE horses SET ";
$sql_update .= "horses.year_foaled = '" . $_REQUEST['year_foaled'] . "', ";
$sql_update .= "horses.trainer = '" . $_REQUEST['trainer'] . "', ";
$sql_update .= "horses.owners = '" . $_REQUEST['owners'] . "', ";
$sql_update .= "horses.silks = '" . $_REQUEST['silks'] . "', ";
$sql_update .= "WHERE (horses.horseID = " . $_REQUEST['horseID'] . ")";
/* Passes query to database */
$result = mysql_query($sql_update, $conn);
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* Prints success message */
print "<p> Successfully Updated</p>";
/* closes connection */
mysql_close ($conn);
/* Calls get_data() function */
getdata();
}
?>
</body>
</html>
答案 0 :(得分:2)
您的更新表单没有name =“horseID”的元素,您的更新功能正在尝试使用该元素来指定要更新的马。你虽然有一个隐藏的名字字段!
答案 1 :(得分:1)
看起来horseID变量尚未在发布到更新脚本的表单中设置,如果输出SQL查询,您可以轻松地看到这一点。在使用mysql_real_escape_string并使用$_GET或$_POST优先于$_REQUEST的查询中使用变量之前,您还需要仔细检查变量。如果这是基于一个教程 - 你真的应该使用另一个教程,因为在你的代码中有太多不好的做法,它实际上非常可怕
答案 2 :(得分:1)
调试此类问题时要做的第一件事:确切地找出您要执行的SQL语句。在实际执行之前放置echo $sql_update并确保它正在执行您想要的操作。然后,您可以开始追踪问题所在。
'Bobby Tables'的评论是有人试图告诉你,你还需要逃避用户输入。使用mysql_real_escape_string确保用户输入不能用于攻击您的网站。
答案 3 :(得分:1)
替换
<input type=\"hidden\" name=\"horse_name\" value=\"$row[horse_name]\">
带
<input type=\"hidden\" name=\"horseID\" value=\"$row[horseID]\">
在您的更新中,您似乎不需要任何马名称。