PHP更新只接受数字如何输入文本和数字

时间:2018-09-09 08:22:36

标签: php

嗨,我使用此php脚本更新数据库中的某些值,但当我发送电子邮件时,它仅接受数字,它说:无法更新数据:SQL语法有错误;在第1行的“ @ hotmail.com”附近,查看与您的MySQL服务器版本相对应的手册以使用正确的语法

我想通过输入电子邮件和用户名来更新值

并增加值,因为我有5个以上的值需要更新

有什么解决办法吗? :)

<html>

   <head>
      <title>Update a Record in MySQL Database</title>
   </head>

   <body>
      <?php
         if(isset($_POST['update'])) {
            $dbhost = 'localhost';
            $dbuser = 'root';
            $dbpass = 'root';

            $conn = mysql_connect($dbhost, $dbuser, $dbpass);

            if(! $conn ) {
               die('Could not connect: ' . mysql_error());
            }

            $email = $_POST['email'];
            $gold = $_POST['gold'];

            $sql = "UPDATE userdata ". "SET gold = $gold ". 
               "WHERE email = $email" ;
            mysql_select_db('chickenstories');
            $retval = mysql_query( $sql, $conn );

            if(! $retval ) {
               die('Could not update data: ' . mysql_error());
            }
            echo "Updated data successfully\n";

            mysql_close($conn);
         }else {
            ?>
               <form method = "post" action = "<?php $_PHP_SELF ?>">
                  <table width = "400" border =" 0" cellspacing = "1" 
                     cellpadding = "2">

                     <tr>
                        <td width = "100">Email : </td>
                        <td><input name = "email" type = "text" 
                           id = "email"></td>
                     </tr>

                     <tr>
                        <td width = "100">Gold : </td>
                        <td><input name = "gold" type = "text" 
                           id = "gold"></td>
                     </tr>

                     <tr>
                        <td width = "100"> </td>
                        <td> </td>
                     </tr>

                     <tr>
                        <td width = "100"> </td>
                        <td>
                           <input name = "update" type = "submit" 
                              id = "update" value = "Update">
                        </td>
                     </tr>

                  </table>
               </form>
            <?php
         }
      ?>

   </body>
</html>

2 个答案:

答案 0 :(得分:1)

问题是您没有将电子邮件作为字符串,而是在不转义的情况下传递了电子邮件,请更新此行:

$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = $email" ;

成为:

$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = '$email'" ;

我还建议您在将所有变量放入数据库之前先对其进行转义,以避免SQL注入。

答案 1 :(得分:0)

现在它不再起作用了,我的查询中出现语法错误

无法更新数据:您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册以获取正确的语法,以在第1行的'email ='test@hotmail.com'和username ='TestName'附近使用

<html>

   <head>
      <title>Update a Record in MySQL Database</title>
   </head>

   <body>
      <?php
         if(isset($_POST['update'])) {
            $dbhost = 'localhost';
            $dbuser = 'root';
            $dbpass = 'root';

            $conn = mysql_connect($dbhost, $dbuser, $dbpass);

            if(! $conn ) {
               die('Could not connect: ' . mysql_error());
            }

            $email = $_POST['email'];
            $username = $_POST['username'];
            $gold = $_POST['gold'];
            $chickens = $_POST['chickens'];





            $sql = "UPDATE userdata ". "SET gold = $gold, chickens = $chickens". "WHERE email = '$email' and username = '$username'" ;
            mysql_select_db('chickenstories');
            $retval = mysql_query( $sql, $conn );

            if(! $retval ) {
               die('Could not update data: ' . mysql_error());
            }
            echo "Updated data successfully\n";

            mysql_close($conn);
         }else {
            ?>
               <form method = "post" action = "<?php $_PHP_SELF ?>">
                  <table width = "400" border =" 0" cellspacing = "1" 
                     cellpadding = "2">

                     <tr>
                        <td width = "100">Email : </td>
                        <td><input name = "email" type = "text" 
                           id = "email"></td>
                     </tr>

                     <tr>
                        <td width = "100">Username : </td>
                        <td><input name = "username" type = "text" 
                           id = "username"></td>
                     </tr>

                     <tr>
                        <td width = "100">Gold : </td>
                        <td><input name = "gold" type = "text" 
                           id = "gold"></td>
                     </tr>

                     <tr>
                        <td width = "100">Chickens : </td>
                        <td><input name = "chickens" type = "text" 
                           id = "chickens"></td>
                     </tr>

                     <tr>
                        <td width = "100"> </td>
                        <td> </td>
                     </tr>

                     <tr>
                        <td width = "100"> </td>
                        <td>
                           <input name = "update" type = "submit" 
                              id = "update" value = "Update">
                        </td>
                     </tr>

                  </table>
               </form>
            <?php
         }
      ?>

   </body>
</html>