我正在尝试执行以下更新查询:
$query = "UPDATE post SET title=$title, price=$price, description=$description, category=$category WHERE id=$id";
但是当我运行mysqli_error($db)时,我收到以下错误:
Error description: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a test post, price=100.00, description=This is an updated test description., catego' at line 1
当我使用echo var_dump($edquery);时,它会返回bool(false)。
我尝试使用以下内容编辑查询但没有任何运气:
$query = "UPDATE `post` SET title=$title, price=$price, description=$description, category=$category WHERE id=$id";
$query = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE id='$id'";
$query = "UPDATE post SET title="$title", price="$price", description="$description", category="$category" WHERE id="$id"";
$query = "UPDATE post SET title=$title, price=$price, description=$description, category=$category WHERE id=".$id."";
我不认为我在查询中使用任何关键字和保留字,但我可能会弄错。如果有人有任何建议,我将不胜感激。
这是帖子表:
CREATE TABLE `post` (
`post_id` int(11) NOT NULL,
`user_id` int(11) NOT NULL,
`title` varchar(255) NOT NULL,
`price` text NOT NULL,
`category_id` int(11) NOT NULL,
`description` text NOT NULL,
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
这是我的完整提交代码:
if(isset($_POST['submit'])){
$id = $_POST['id'];
$title = $_POST['title'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$title = $db->real_escape_string($title);
$price = $db->real_escape_string($price);
$description = $db->real_escape_string($description);
if($title && $price && $description && $category){
$query = "UPDATE post SET title=$title, price=$price, description=$description, category=$category WHERE id=$id";
$edquery = mysqli_query($db, $query);
if($edquery){
echo "product updated";
}else{
echo "error";
echo var_dump($edquery);
echo("Error description: " . mysqli_error($db));
}
}else{
echo "missing data";
}
$postid = $db->insert_id;
for($i=0; $i<count($_FILES["images"]["name"]); $i++)
{
$filetmp = $_FILES["images"]["tmp_name"][$i];
$filename = $_FILES["images"]["name"][$i];
$filetype = $_FILES["images"]["type"][$i];
$filepath = "images/".$filename;
move_uploaded_file($filetmp, $filepath);
$sql = "INSERT INTO images (img_name, img_path, img_type, post_id) VALUES ('$filename', '$filepath', '$filetype', '$postid')";
$result = mysqli_query($db, $sql);
}
}
修改
我能够通过使用绑定参数来更新数据库。
但是,我现在收到以下两个警告:
mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement on line 32
和
mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement on line 34
以下是正确更新的新代码:
if($title && $price && $description && $category){
if ($query = $db->prepare("UPDATE post SET title='$title', price='$price', description='$description', category_id=$category WHERE post_id=$id")) {
/*LINE 32*/ $query->bind_param("sssi", $title, $price, $description, $category);
$query->execute();
/* LINE 34 */ $query->bind_result($title, $price, $description, $category);
$query->fetch();
$query->close();
}
if($query){
echo "product updated";
}else{
echo "error";
}
}else{
echo "missing data";
}
答案 0 :(得分:0)
按如下方式更改您的查询,它将有效。
$query = "UPDATE post SET title='".$title."', price='".$price."', description='".$description."', category='".$category."' WHERE id='".$id."'";
答案 1 :(得分:0)
试试这个
$query = "UPDATE post SET title='$title', price='$price',
description='$description', category='$category' WHERE id='$id'";
答案 2 :(得分:-1)
$query = "UPDATE post SET title={$title}, price={$price}, description={$description}, category={$category} WHERE id= {$id}";