如何调试“解析错误:语法错误,意外T_ENCAPSED_AND_WHITESPACE,期待']'”

时间:2017-07-10 08:37:56

标签: php html mysql 

<?php
mysql_connect('localhost','root','admin');
mysql_select_db('test_emilian');

if(isset($_POST['update'])){
    //this is the line where I get the error
    $UpdateQuery = " UPDATE users SET ID='$_POST[id]',first name='$_POST[first_name]',Last Name='$_POST[last_name]',Email Address ='$_POST[email address]',Mobile Phone='$_POST[Mobile_Phone]',Date of Birth='$_POST[Date_of_Birth]',Gender='$_POST[Gender]',CNP='$_POST[CNP]' WHERE ID='$_POST[hidden]'"; 
    mysql_query($UpdateQuery, $con);
}

$sql="SELECT * FROM users";
$records = mysql_query($sql);
?>
<html>
<head>
    <title></title>
</head>
<body>
<div class="container">
    <div class="row">
        <div class="col-md-12">
        <h4>DataBase</h4>
        <div class="table-responsive">
<table id="mytable" class="table table-bordered table-striped" cellpadding="5" cellspacing="0" border="1">
            <thead>

<th><input type="checkbox" id="checkall" /></th>
<tr>

<th>ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Email Address</th>
<th>Mobile Phone</th>
<th>Date of Birth</th>
<th>Gender</th>
<th>CNP</th>
<th>Action</th>
</tr>
</thead>
<?php
while($user=mysql_fetch_assoc($records)) {

    echo "<form action=mydata3.php method=post>";
    echo "<tr>";
    echo "<td>" . "<input type= text name =ID value" . $user['id']."</br>"." </td>";
    echo "<td>" . "<input type=text name =first_name value". $user['first_name']." </td>";
    echo "<td>" . "<input type=text name =last_name value" .$user['last_name']." </td>";
    echo "<td>" . "<input type=text name =email address value".$user['email address']." </td>";
    echo "<td>" . "<input type=text name =Mobile_Phone value".$user['Mobile_Phone']." </td>";
    echo "<td>".  "<input type=text name =Date_of_Birth value".$user['Date_of_Birth']." </td>";
    echo "<td>".   "<input type=text name =Gender value".$user['Gender']." </td>";
    echo "<td>"."<input type=text name =CNP value".$user['CNP']." </td>";
    echo "<td>" . "<input type= hidden name =hidden value" . $user['id']."</br>"." </td>";
    echo"<td>" . "<input type = submit name = update value=update" . "<td>";
    echo "</tr>";
}
?>

2 个答案:

答案 0 :(得分:0)

请注意,您的SQL查询存在漏洞,因此您可以对此代码进行一些小的更改。这不适用于所有场景,但在某种程度上起作用。键应该在''

里面 
$id = mysqli_real_escape_string($_POST['id']);
$first_name = mysqli_real_escape_string($_POST['first_name']);
$last_name = mysqli_real_escape_string($_POST['last_name']);
$emailaddress = mysqli_real_escape_string($_POST['emailaddress']);
$Mobile_Phone = mysqli_real_escape_string($_POST['Mobile_Phone']);
$Date_of_Birth = mysqli_real_escape_string($_POST['Date_of_Birth']);
$Gender = mysqli_real_escape_string($_POST['Gender']);
$CNP = mysqli_real_escape_string($_POST['CNP']);
$hidden = mysqli_real_escape_string($_POST['hidden']);

$UpdateQuery = " UPDATE users SET ID='".$id."',first name='".$first_name."',Last Name='".$last_name."',Email Address ='".$emailaddress."',Mobile Phone='".$Mobile_Phone."',Date of Birth='".$Date_of_Birth."',Gender='".$Gender."',CNP='".$CNP."' WHERE ID='".$hidden."'"; mysql_query($UpdateQuery, $con);

只是一个建议,使用mysqli更好地推荐使用mysql。

答案 1 :(得分:0)

$UpdateQuery = " UPDATE users SET 
ID='".$_POST[id]."',first_name='".$_POST[first_name]."',Last Name='".$_POST[last_name]."',EmailAddress='".$_POST[email_address]."',MobilePhone='".$_POST[Mobile_Phone]."',DateofBirth='".$_POST[Date_of_Birth]."',Gender='".$_POST[Gender]."',CNP='".$_POST[CNP]."' WHERE ID=".$_POST[hidden];

还将[电子邮件地址]字段更改为[email_address]。也可以使用pdo或mysqli

相关问题
最新问题