尝试使用PHP更新内容时出现SQL错误

时间:2018-03-30 03:26:30

标签: php sql

我一直在尝试用我的数据库中的表格用PHP编辑内容,并且我一直收到错误,“查询失败。您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册正确的语法。“我找不到这个错误来自哪里。任何建议都将不胜感激。

这是我的代码:

<?php
  if(isset($_GET['p_id'])) {
      $the_post_id = $_GET['p_id'];

  }

  $query = "SELECT * FROM posts WHERE post_id = $the_post_id";
  $select_posts_by_id = mysqli_query($connection,$query);

  while($row = mysqli_fetch_assoc($select_posts_by_id)) {
    $post_id = $row['post_id'];
    $post_author = $row['post_author'];
    $post_title = $row['post_title'];
    $post_category_id = $row['post_category_id'];
    $post_status = $row['post_status'];
    $post_image = $row['post_image'];
    $post_content = $row['post_content'];
    $post_tags = $row['post_tags'];
    $post_comment_count = $row['post_comment_count'];
    $post_date = $row['post_date'];
  }

  // update post data

  if(isset($_POST['update_post'])) {

    $post_author = $_POST['post_author'];
    $post_title = $_POST['post_title'];
    $post_category_id = $_POST['post_category'];
    $post_status = $_POST['post_status'];
    $post_image = $_FILES['image']['name'];
    $post_image_temp = $_FILES['image']['tmp_name'];
    $post_content = $_POST['post_content'];
    $post_tags = $_POST['post_tags'];

    move_uploaded_file($post_image_temp, "../images/$post_image");

    // update query
    $query = "UPDATE posts SET ";
    $query .= "post_title = '{$post_title}', ";
    $query .= "post_category_id = '{$post_category_id}', ";
    $query .= "post_date    = now(), ";
    $query .= "post_author  = '{$post_author}', ";
    $query .= "post_status  = '{$post_status}', ";    
    $query .= "post_tags    = '{$post_tags}', ";
    $query .= "post_content = '{$post_content}', ";
    $query .= "post_image   = '{$post_image}' ";
    $query .= "WHERE post_id = {$the_post_id} ";

    $update_post = mysqli_query($connection,$query);

    confirmQuery($update_post); 
  }

?>

    <form action="" method="post" enctype="multipart/form-data">

        <div class="form-group">
            <label for="title">Post Title</label>
            <br>
            <input value="<?php echo $post_title; ?>" type="text" class="form-control" name="post_title">
        </div>

        <div class="form-group">
            <select name="post_category" id="">

                <?php 
                  // select categories as dropdown

                  $query = "SELECT * FROM categories";
                  $select_categories = mysqli_query($connection,$query);    

                  confirmQuery($select_categories);

                  while($row = mysqli_fetch_assoc($select_categories )) {
                    $cat_id = $row['cat_id'];
                    $cat_title = $row['cat_title'];

                    echo "<option value=''>{$cat_title}</option>";
                  }

                ?>

            </select>

        </div>

        <div class="form-group">
            <label for="title">Post Author</label>
            <br>
            <input value="<?php echo $post_author; ?>" type="text" class="form-control" name="post_author">
        </div>

        <div class="form-group">
            <label for="post_status">Post Status</label>
            <br>
            <input value="<?php echo $post_status; ?>" type="text" class="form-control" name="post_status">
        </div>

        <div class="form-group">
            <img width="100" src="../images/<?php echo $post_image; ?>" alt="" />
            <input type="file" name="image">
        </div>

        <div class="form-group">
            <label for="post_tags">Post Tags</label>
            <br>
            <input value="<?php echo $post_tags; ?>" type="text" class="form-control" name="post_tags">
        </div>

        <div class="form-group">
            <label for="post_content">Post Content</label>
            <br>
            <textarea class="form-control" name="post_content" id="" cols="30" rows="10">
                <?php echo $post_content; ?>

            </textarea>
        </div>

        <div class="form-group">
            <input class="btn btn-primary" type="submit" name="update_post" value="Update Post">
        </div>

    </form>

谢谢!

3 个答案:

答案 0 :(得分:0)

根据您在此处发布的代码段,这可能与variable scope有关。由于您尚未在$the_post_id块之外声明if {},因此无法访问变量本身。生成的查询将是:

SELECT * FROM posts WHERE post_id = 

这是不正确的SQL语法。

不知何故,你需要做出声明才能正确使用它:

<?php
$the_post_id = "";
if(isset($_GET['p_id'])) {
    $the_post_id = $_GET['p_id'];
}
// rest of code...

作为旁注,你真的应该考虑使用prepared statements作为你的代码(现在看来)非常容易受到SQL注入。

答案 1 :(得分:0)

如果您没有以posts传递任何值,则无法从$_GET['p_id']表格中检索记录。如果该变量为空,它将抛出该错误。

如果该变量没有值,您的UPDATE查询也会失败。

答案 2 :(得分:0)

现在大写()。 NOW()函数区分大小写。

    $query .= "post_date    = now(), ";

应该是

    $query .= "post_date    = NOW(), ";