使用PHP错误更新SQL查询

时间:2017-10-25 17:36:39

标签: php mysql

以下是我提交更新后的表单时出现的错误:您的SQL语法出错;检查与您的MySQL服务器版本相对应的手册,以获得正确的语法,以便在附近使用' WHERE id =' 19'限制1'第1行

以下是编辑(更新)页面的PHP和HTML。

    <?php

require_once('../../../private/initialize.php');

if(!isset($_GET['id'])) {
  redirect_to(url_for('/staff/subjects/index.php'));
}
$id = $_GET['id'];

if(is_post_request()) {

  // Handle form values sent by new.php

  $subject = [];
  $subject['id'] = $id;
  $subject['menu_name'] = $_POST['menu_name'] ?? '';
  $subject['description'] = $_POST['description'] ?? '';




  $result = update_subject($subject);
  if($result === true) {
    redirect_to(url_for('/staff/subjects/show.php?id=' . $id));
  } else {
    $errors = $result;
  }

} else {

  $subject = find_subject_by_id($id);

}

$subject_set = find_all_subjects();
$subject_count = mysqli_num_rows($subject_set);
mysqli_free_result($subject_set);

?>

<?php $page_title = 'Edit Subject'; ?>
<?php include(SHARED_PATH . '/staff_header.php'); ?>

  <a class="back-link" href="<?php echo url_for('/staff/subjects/index.php'); ?>">&laquo; Back to List</a>

  <div class="subject edit">
    <h1>Edit Subject</h1>

    <?php echo display_errors($errors); ?>

    <form action="<?php echo url_for('/staff/subjects/edit.php?id=' . h(u($id))); ?>" method="post">
      <dl>
        <dt>Subject name</dt>
        <dd><input type="text" name="menu_name" value="<?php echo h($subject['menu_name']); ?>"</dd>
      </dl>
      <dl>
        <dt>Description</dt>
        <dd>
          <textarea name="description" cols="60" rows="10"><?php echo h($subject['description']); ?></textarea>
        </dd>
      </dl>
      <div id="operations">
        <input type="submit" value="Edit Subject" />
      </div>
    </form>

  </div>


<?php include(SHARED_PATH . '/staff_footer.php'); ?>

这是我更新记录的PHP更新。

//UPDATE SUBJECTS
function update_subject($subject) {
global $db;

$errors = validate_subject($subject);
if(!empty($errors)) {
  return $errors;
}

$sql = "UPDATE subjects SET ";
$sql .= "menu_name='" . db_escape($db, $subject['menu_name']) . "', ";
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";
$sql .= "LIMIT 1";

$result = mysqli_query($db, $sql);
// For UPDATE statements, $result is true/false
if($result) {
  return true;
} else {
  // UPDATE failed
  echo mysqli_error($db);
  db_disconnect($db);
  exit;
}}

2 个答案:

答案 0 :(得分:1)

您在WHERE

之前有一个逗号(,) 
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";

将其更改为:

$sql .= "description='" . db_escape($db, $subject['description']) . "' ";

答案 1 :(得分:0)

从此行删除最后的use Illuminate\Database\Eloquent\Relations\Pivot; class Product_Category extends Pivot { // } 

,

使用此:

$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
相关问题
最新问题