Question

我正在为我的注册和登录系统编写代码，当我测试时我收到了一些错误，就有这个：

“您的SQL语法有错误;请查看手册对应于您的MariaDB服务器版本，以获得正确的语法在第1行“WHERE username ='''附近”

您能告诉我这意味着什么以及如何解决它。这是我的update-profile.php中的代码

<?php session_start();
ini_set("display_errors",1);
$temp=$_SESSION['username'];
if(isset($_POST)){
    require 'database1.php';
    $Destination = 'background-images';
    if(!isset($_FILES['BackgroundImageFile']) || !is_uploaded_file($_FILES['BackgroundImageFile']['tmp_name'])){
        $BackgroundNewImageName= 'background.jpg';
        move_uploaded_file($_FILES['BackgroundImageFile']['tmp_name'], "$Destination/$BackgroundNewImageName");
    }
    else{
        $RandomNum = rand(0, 9999999999);
        $ImageName = str_replace(' ','-',strtolower($_FILES['BackgroundImageFile']['name']));
        $ImageType = $_FILES['BackgroundImageFile']['type'];
        $ImageExt = substr($ImageName, strrpos($ImageName, '.'));
        $ImageExt = str_replace('.','',$ImageExt);
        $ImageName      = preg_replace("/\.[^.\s]{3,4}$/", "", $ImageName);
        $BackgroundNewImageName = $ImageName.'-'.$RandomNum.'.'.$ImageExt;
        move_uploaded_file($_FILES['BackgroundImageFile']['tmp_name'], "$Destination/$BackgroundNewImageName");
    }
    $sql1="UPDATE users SET backgroundpicture='$BackgroundNewImageName' WHERE username = '$temp'";
    $sql2="INSERT INTO users (backgroundpicture) VALUES ('$BackgroundNewImageName') WHERE username = '$temp'";
    $result = mysqli_query($database,"SELECT * FROM users WHERE username = '$temp'");
    if( mysqli_num_rows($result) > 0) {
        if(!empty($_FILES['BackgroundImageFile']['name'])){
            mysqli_query($database,$sql1)or die(mysqli_error($database));
            header("edit-profile.php?username=$temp");
        }
    } 
    else {
        mysqli_query($database,$sql2)or die(mysqli_error($database));
        header("edit-profile.php?username=$temp");
    }
    $Destination = 'avatars';
    if(!isset($_FILES['ImageFile']) || !is_uploaded_file($_FILES['ImageFile']['tmp_name'])){
        $NewImageName= 'default.png';
        move_uploaded_file($_FILES['ImageFile']['tmp_name'], "$Destination/$NewImageName");
    }
    else{
        $RandomNum   = rand(0, 9999999999);
        $ImageName = str_replace(' ','-',strtolower($_FILES['ImageFile']['name']));
        $ImageType = $_FILES['ImageFile']['type'];
        $ImageExt = substr($ImageName, strrpos($ImageName, '.'));
        $ImageExt = str_replace('.','',$ImageExt);
        $ImageName = preg_replace("/\.[^.\s]{3,4}$/", "", $ImageName);
        $NewImageName = $ImageName.'-'.$RandomNum.'.'.$ImageExt;
        move_uploaded_file($_FILES['ImageFile']['tmp_name'], "$Destination/$NewImageName");
    }
    $sql5="UPDATE users SET avatar='$NewImageName' WHERE username = '$temp'";
    $sql6="INSERT INTO users (avatar) VALUES ('$NewImageName') WHERE username = '$temp'";
    $result = mysqli_query($database,"SELECT * FROM users WHERE username = '$temp'");
    if( mysqli_num_rows($result) > 0) {
        if(!empty($_FILES['ImageFile']['name'])){
            mysqli_query($database,$sql5)or die(mysqli_error($database));
            header("location:edit-profile.php?username=$temp");
        }
    } 
    else {
        mysqli_query($database,$sql6)or die(mysqli_error($database));
        header("location:edit-profile.php?username=$temp");
    }  
    $user_firstname=$_REQUEST['firstname'];
    $user_lastname=$_REQUEST['lastname'];
    $user_email=$_REQUEST['email'];
    $user_password=$_REQUEST['password'];
    $user_shortbio=$_REQUEST['bio'];   
    $user_dob=$_REQUEST['dob'];
    $user_gender=$_REQUEST['gender'];
    $sql3="UPDATE user SETs firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender', WHERE username = '$temp'";
        mysqli_query($database,$sql3)or die(mysqli_error($database));
        header("edit-profile.php?username=$temp&request=profile-update&status=success");
}

Answer 1

在以下行中您有错误：

 $sql3="UPDATE user SETs firstname='$firstname',lastname='$lastname',  
         email='$email',password='$password',bio='$bio',dob='$dob',
          gender='$gender', WHERE username = '$temp'";
                         ^^^here you have extra comma

从查询中删除最后一个,。

您的查询应该是：

$sql3="UPDATE user SETs firstname='$firstname',lastname='$lastname',
     email='$email',password='$password',bio='$bio',dob='$dob',
       gender='$gender' WHERE username = '$temp'";

且where子句不与插入查询一起使用。

Answer 2

在插入语法中，您使用了

$sql6="INSERT INTO users (avatar) VALUES ('$NewImageName') WHERE username = '$temp'";

应该是

$sql6="INSERT INTO users (avatar) VALUES ('$NewImageName')";
$sql2="INSERT INTO users (backgroundpicture) VALUES ('$BackgroundNewImageName')";

还有

 $sql3="UPDATE user SETs firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender', WHERE username = '$temp'";

应如下所示，在,

之前删除WHERE

$sql3="UPDATE user SET firstname='$firstname',lastname='$lastname',email='$email',password='$password',bio='$bio',dob='$dob',gender='$gender' WHERE username = '$temp'";

我还建议阅读基本文件

我需要SQL语法错误

2 个答案: