我收到此错误消息,我试图通过此链接更新我的条目但是出现了此消息:
SQLSTATE [42000]:语法错误或访问冲突:1064 SQL语法中有错误;检查与您的MySQL服务器版本相对应的手册,以便在#< WHERE ID =' 8'''''''在第1行
<?php
$validform = true;
$ID = $_GET['ID'];
if ($ID=="") {
echo "They didn't use GET. Are they POSTing anything? </br>";
$rid = $_POST['ID'];
if ($ID==''){
$validform = false;
} else {
echo "The user submitted a POST. Update Category ID: ". $ID . "<br />";
if (is_numeric($ID)) {
if ($ID<=0 or $ID > 2147482647) {
$validform = false;
$riderrormessage = 'The Category ID must be greater than zero and less than 2147482647.';
} else {
//it's okay
}
} else {
$validform = false;
$IDerrormessage = 'The Category ID must be an integer.';
}
//****************************************************
//Category
$Cat = htmlentities($_POST['Cat']);
if($Cat=='') {
$validform = false;
$Caterrormessage = 'Category is a required field.';
} else {
$emptyform = false;
if (strlen($Cat)>100) {
$validform = false;
$Caterrormessage = 'The Category must be less than 100 characters long.';
}
}
//*******************************************************
//Description
$Description = htmlentities($_POST['Description']);
if($Description=='') {
$validform = false;
$Descriptionerrormessage = 'Description is a required field.';
} else {
$emptyform = false;
if (strlen($Description)>900) {
$validform = false;
$Descriptionerrormessage = 'Your Description must be less than 900 characters long.';
}
}
//validation finished
if ($validform) {
echo "Going to update Category ID: ". $ID . "<br />";
echo "All data was valid.<br />";
echo "Connecting to database server.<br />";
try {
//variable stores the connection -> $conn
//PDO is a php data object -> helps prevent SQL injection
//host = Database server host name
//username = name of read/write user
//password = that user's password
$conn = new PDO("mysql:host=Database info);
} catch(PDOException $e) { //this should tell us if there was a connection problem
echo "Error connecting to server: " . $e->getMessage();
die;
}
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connection to server succeeded.<br />";
echo "Connecting to database Category...<br />";
try {
//if executing a query, NO USER ENTERED fields should be in query string!
$conn->query("USE Database Table;");
} catch (PDOException $e) {
echo "Error connecting to database: " . $e->getMessage();
die;
}
echo "Connection to Category database succeeded.<br />";
echo "Preparing SQL statement.<br />";
//NO VARIABLES ALLOWED IN SQL
//ALL USER ENTERED VALUES are going to be parameters -> variable
names that start with a colon
$SQL = "UPDATE Category SET ID=:ID, Cat=:Cat,
Description=:Description";
$SQL .= " WHERE ID=:ID";
echo "This is the SQL statement: " . $SQL . "<br />";
echo "Preparing to update Category record. <br />";
try {
$sth = $conn->prepare($SQL);
$sth->bindParam(":ID", $ID);
$sth->bindParam(":Cat", $Cat);
$sth->bindParam(":Description", $Description);
$sth->execute();
} catch (PDOException $e) {
echo "Error adding Category record: " . $e->getMessage();
die;
}
echo "Record updated in database. <br />";
Header("Location: Header.php");
die;
}
}
} else if (!is_numeric($ID)) {
$validform = false;
}
echo "The user entered Category ID: ". $ID . "<br />";
echo "Connecting to database server.<br />";
try {
//variable stores the connection -> $conn
//PDO is a php data object -> helps prevent SQL injection
//host = Database server host name
//username = name of READ ONLY user
//password = that user's password
$conn = new PDO("mysql:host=Database Info);
} catch(PDOException $e) { //this should tell us if there was a connection problem
echo "Error connecting to server: " . $e->getMessage();
die;
}
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connection to server succeeded.<br />";
echo "Connecting to database Category...<br />";
try {
//if executing a query, NO USER ENTERED fields should be in query string!
$conn->query("USE Database Table;");
} catch (PDOException $e) {
echo "Error connecting to database: " . $e->getMessage();
die;
}
echo "Connection to Category database succeeded.<br />";
//SQL statement will have user-entered data, so BIND needed
$SQL = "SELECT ID, Cat, Description";
$SQL .= "FROM Category WHERE ID=:ID;";
try {
$sth = $conn->prepare($SQL);
$sth->bindParam(":ID", $ID);
$sth->execute();
} catch (PDOException $e) {
echo "Error selecting Category records: " . $e->getMessage();
die;
}
echo "Query executed successfully. <br />";
//is there one record in the set?
if($sth->rowCount()!=1) {
echo "Error. No records were returned or more than one record was returned.<br />";
$validform = false;
} else {
echo $sth->rowCount() . " records returned.<br />";
$result = $sth->fetch();
$ID = $result['ID'];
$Cat = $result['Cat'];
$Description = $result['Description'];
}
//$result is an array that holds the dataset
if ($validform==false) {
echo "Data was invalid. Please contact technical support.";
} else {
echo "User wants to update Category with Category ID=". $ID ."<br />";
}
?>
更新类别表格
<form action="Update.php" method="post">
Category ID: <?php echo $ID; ?><input type="hidden" name="ID" value="<?php echo $ID; ?>">
<span style="color: red;"><?php echo $IDerrormessage; ?></span><br />
Category Name: <input type="text" name="title" value="<?php echo $Cat; ?>">
<span style="color: red;"><?php echo $Caterrormessage; ?></span><br />
Description: <textarea name="Description" style="width: 300px; height: 80px;">
<?php echo $Description; ?></textarea><br />
<span style="color: red;"><?php echo $Descriptionerrormessage; ?></span>
<input type="submit">
</form>
</body>
</html>
答案 0 :(得分:2)
您在代码的这一部分FROM之前错过了一个空格:
$SQL = "SELECT ID, Cat, Description";
$SQL .= "FROM Category WHERE ID=:ID;";
代码将查询解释为:
SELECT ID, Cat, DescriptionFROM Category WHERE ID=:ID;
这就是选择名为DescriptionFROM的列并将其别名为Category的说法。由于没有FROM子句,因此WHERE语句会将其抛弃,这就是您收到该错误的原因。
在之后和Description之前添加FROM将正确呈现查询:
$SQL = "SELECT ID, Cat, Description ";
$SQL .= "FROM Category WHERE ID=:ID;";
答案 1 :(得分:0)
$SQL = "SELECT ID, Cat, Description";
$SQL .= "FROM Category WHERE ID=:ID;";
这里有一个空间!因此,未检测到FROM且WHERE似乎不合适。
这就是为什么我强烈建议不要做这种划线! 当您在字符串中断行时,您将经常遇到此类错误。我建议你使用一个具有该功能的编辑器在特定位置可视地打破线条。