PHP MySQL UPDATE导致错误

时间:2011-11-08 11:49:08

标签: php mysql

我正在环顾四周,但我似乎没有找到正确答案来解决这个问题。每当我运行这个UPDATE MySQL脚本时,它都会调用错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Email='contact@example.com', Phone='123456780', Address='16 Remote Street',' at line 1

以下是我用来获取此错误的代码。

<?php 
include ('cfg_prop.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$secondemail = $_POST['secondary'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$country = $_POST['country'];
$postcode = $_POST['postcode'];
$company = $_POST['company'];
$city = $_POST['city'];

$sql = "UPDATE users SET Firstname='$firstname', Lastname='$lastname', Email='$email', Secondary Email='$secondemail', Phone='$phone', Address='$address', Country='$country', Postcode='$postcode', Company='$company', City='$city' WHERE Username='$userss'";
mysql_query($sql) or die(mysql_error());
?>

如果有人能帮助我,我会非常高兴和感激,因为我似乎无法克服这一点。在此先感谢您的帮助。

  • Alter Arch

5 个答案:

答案 0 :(得分:6)

首先 - 由于轻松$_POST攻击,您必须从SQL Injection超全局转义数据。

$email = mysql_real_escape_string($_POST['email']);

接下来你不能使用Secondary Email因为有空格导致错误。

您必须将colmun的名称更改为Secondary_Email

或者只是使用

`Secondary Email`

代替(但不要这样做 - 列的名称中不应有空格。)

答案 1 :(得分:1)

Secondary Email

列中有一个空格;你应该使用反引号:

  

`

所以:

$sql = "UPDATE users SET Firstname='$firstname', Lastname='$lastname', Email='$email', `Secondary Email`='$secondemail', Phone='$phone', Address='$address', Country='$country', Postcode='$postcode', Company='$company', City='$city' WHERE Username='$userss'";

答案 2 :(得分:1)

试试这个:

UPDATE users SET 
    Firstname='$firstname', 
    Lastname='$lastname', 
    Email='$email', 
    `Secondary Email`='$secondemail', 
    Phone='$phone', 
    Address='$address', 
    Country='$country', 
    Postcode='$postcode', 
    Company='$company', 
    City='$city' 
WHERE Username='$userss'

Secondary Email必须用反引号括起来,因为它包含一个空格 请记住清理用户输入以避免SQL注入。

答案 3 :(得分:0)

逃离字段Secondary Email 

$sql = "UPDATE users SET Firstname='$firstname', Lastname='$lastname', Email='$email', `Secondary Email`='$secondemail', Phone='$phone', Address='$address', Country='$country', Postcode='$postcode', Company='$company', City='$city' WHERE Username='$userss'";

答案 4 :(得分:0)

试试这个:

$sql = "UPDATE `users` SET `Firstname`='$firstname', `Lastname`='$lastname', `Email`='$email', `Secondary Email`='$secondemail', `Phone`='$phone', `Address`='$address', `Country`='$country', `Postcode`='$postcode', `Company`='$company', `City`='$city' WHERE `Username`='$userss'";

但SQL注入强烈建议使用这种编写查询的方法!

相关问题
最新问题