1. 首页
  2. 问答
  3. 编辑帖子提交MySQL错误

编辑帖子提交MySQL错误

2014-06-17 37 views
-1

我设法修复我以前的帖子wrt编辑表单中没有显示的错误。 现在编辑的形式显示,但是当我尝试更新(提交),我得到的错误:编辑帖子提交MySQL错误

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

FF是代码片段我用:

if (isset($_POST['submit'])) { 

    $query = "UPDATE $tbl SET message = mysql_real_escape_string(".$row['message'].") WHERE id = ".$row['id']." "; 

    $result = mysql_query($query) or die (mysql_error()); 

    while ($row = mysql_fetch_array($result)) { 

     echo "Your post has been edited to:", "<br>"; 
     echo $row['message']; 
    } 

    mysql_free_result($result); 
    mysql_close(); 

}

请帮助。谢谢!

按@弗雷德-II和@jeroen的要求,这里是全码:

<?php ob_start(); ?> 
<?php error_reporting(E_ALL); ini_set('display_errors', 1); ?> 
<html> 
    <head> 
    <title>BQuotes</title> 
    <!-- <meta name="viewport" content="width=device-width, initial-scale=1"> --> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> 
    <link href="votingfiles/voting.css" rel="stylesheet" type="text/css" /> 
    <script src="votingfiles/voting.js" type="text/javascript"></script> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" /> 
    <link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css"> 
    <script src="http://code.jquery.com/jquery-1.10.0.min.js"></script> 
    <script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script> 
    <style> 
     .head_text { 
     color: #ffffff; 
     } 
     a { 
     text-decoration: none; 
     } 
    </style> 

    <script type="text/javascript"> 
     $('#g-login').bind('click', function (event) { 
     // event.preventDefault(); 
     // $('#form-id').attr('action', 'google-login.php').trigger('submit'); 
     alert("Clicked"); 
     }); 
    </script> 
    </head> 
    <body style="color:#d4ffaa"> 


    <!-- BQ Edit Post Start --> 
    <div data-role="page" id="edit-post"> 
     <div data-role="header" style="background-color:#5FBF00"> 
     <h1 class="head_text">BQuotes</h1> 
     </div> 
     <div data-role="main" class="ui-content"> 




     </div> 



     <?php 




     session_start(); 

       if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){ 
       echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'> 
        <br/><input type='submit' value='Logout'/>"; 
       echo "</form>"; 
       echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>"; 



      define ('HOSTNAME', 'xxxx'); 
      define ('USERNAME', 'xxxx'); 
      define ('PASSWORD', 'xxxx'); 
      define ('DATABASE_NAME', 'xxxx'); 

      $db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.'); 

      mysql_select_db(DATABASE_NAME); 

      $tbl='xxxx'; 
      $id=$_GET['pid']; 


      $query="SELECT * from $tbl WHERE id = ".$_GET['pid']." "; 


      $result = mysql_query($query) or die (mysql_error()); 

      while ($row = mysql_fetch_array($result)){ 
      /*$id=$row['id']; 
      $username=$row['username']; 
      $message=$row['message']; 
      $tag=$row['tag'];*/ 



      echo "<form name='edit-post' action='' method='post'>"; 
      echo "<input type='hidden' name='id' value=".$row['id'].">"; 
      echo "<input type='hidden' name='username' value=".$row['username'].">"; 
      echo "Status: <textarea name='message'>".$row['message']."</textarea>"; 
      //echo "Tag: <textarea rows='1' name='tag'>".$row['tag']."</textarea>"; 
      echo "<input type='submit' name='submit' value='Submit'>"; 
      echo "</form>"; 


      if (isset($_POST['submit'])) {   

      echo $row['id']; 
      $tbl = 'xxxx';   
      $query = "UPDATE $tbl SET message = ".mysql_real_escape_string($row['message'])." WHERE id =".$row['id']." "; 

      $result = mysql_query($query) or die (mysql_error()); 


      while ($row = mysql_fetch_array($result)) { 

      echo "Your post has been edited to:", "<br>"; 
      echo $row['message']; 
      //echo $row['tag']; 
      } 

      mysql_free_result($result); 
      mysql_close(); 

      } 

       } 
       } 
      else if($_SESSION['myusername'] == null){ 
       echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";  
       echo "<span class='loginreq'>Login to Edit</span>";   
       echo "<br/><input type='submit' value='Login with Google'/>"; 
       echo "</form>"; 
      } 




      /* 
      <?php 
      $id2=$_POST['id']; 
      $username2=$_POST['username']; 
      $message2=$_POST['message']; 
      $tag2=$_POST['tag']; 
      */ 



     ?> 



     <a href='mybq-index.php'>Home</a> 


     </div> 


    </body> 
</html> 
<?php ob_flush(); ?>

来源

2014-06-17 adeoba

+0

也许mysql_real_escape_string应该在php中进行评估,而不是由MySQL后端进行评估,我对mysql_ *函数有任何疑问。 – Frazz

+0

将错误报告添加到文件顶部 'error_reporting(E_ALL); ini_set('display_errors',1);'向我们展示更多代码,包括HTML表单和DB连接代码,同时用'xxx'代替DB凭证。 –

+0

请阅读我的回答及其下方的评论。对于你没有在'UPDATE'语句中引用'message'的值。当你直接在sql语句中注入字符串时,需要引用字符串。 – jeroen

回答

0

定了! 问题是具有表单提交给自己,所以我创建了一个新的操作文件(编辑后act.php)这样的:

<html> 
    <head> 
    <title>BQuotes</title> 
    <!-- <meta name="viewport" content="width=device-width, initial-scale=1"> --> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> 
    <link href="votingfiles/voting.css" rel="stylesheet" type="text/css" /> 
    <script src="votingfiles/voting.js" type="text/javascript"></script> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" /> 
    <link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css"> 
    <script src="http://code.jquery.com/jquery-1.10.0.min.js"></script> 
    <script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script> 
    <style> 
     .head_text { 
     color: #ffffff; 
     } 
     a { 
     text-decoration: none; 
     } 
    </style> 

    <script type="text/javascript"> 
     $('#g-login').bind('click', function (event) { 
     // event.preventDefault(); 
     // $('#form-id').attr('action', 'google-login.php').trigger('submit'); 
     alert("Clicked"); 
     }); 
    </script> 
    </head> 
    <body style="color:#d4ffaa"> 


    <!-- BQ Edit Post Act Start --> 
    <div data-role="page" id="edit-post-act"> 
     <div data-role="header" style="background-color:#5FBF00"> 
     <h1 class="head_text">BQuotes</h1> 
     </div> 
     <div data-role="main" class="ui-content"> 




     </div> 



     <?php 




     session_start(); 

       if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){ 
       echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'> 
        <br/><input type='submit' value='Logout'/>"; 
       echo "</form>"; 
       echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>"; 


      $id2=$_POST['id']; 
      $username2=$_POST['username']; 
      $message2=$_POST['message']; 
      $tag2=$_POST['tag']; 

      define ('HOSTNAME', 'xxxx'); 
      define ('USERNAME', 'xxxx'); 
      define ('PASSWORD', 'xxxx'); 
      define ('DATABASE_NAME', 'xxxx'); 

      $db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.'); 

      mysql_select_db(DATABASE_NAME); 


      $tbl = 'xxxx';   
      $query = "UPDATE $tbl SET message = '$message2' WHERE id = '$id2' "; 

      $result = mysql_query($query) or die (mysql_error()); 




      echo "Your post has been edited to:", "<br>"; 
      echo $message2; 


      mysql_free_result($result); 
      mysql_close(); 

      } 
      else if($_SESSION['myusername'] == null){ 
       echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";  
       echo "<span class='loginreq'>Login to Edit</span>";   
       echo "<br/><input type='submit' value='Login with Google'/>"; 
       echo "</form>"; 
      } 

      ?> 

     <a href='mybq-index.php'>Home</a> 


     </div> 


    </body> 
</html>

谢谢大家!抄送:@ Fred-ii,@ jeroen

来源

2014-06-17 16:31:59 adeoba

2

mysql_real_escape_string是一个PHP函数,而不是一个MySQL的功能。

所以语法是:

$query = "UPDATE $tbl SET message = '" . mysql_real_escape_string($row['message']) . "' WHERE id = ".$row['id']." ";

但你真的应该切换到PDOprepared statementsmysqli_* with prepared statements,为mysql_*功能已被弃用。

来源

2014-06-17 13:30:07 jeroen

+0

对不起,但同样的错误! – adeoba

+0

@adeoba你已经做了生成的SQL语句的'var_dump()'?可能表名需要反引号或ID需要根据列的类型引用,还要注意'message'值的单引号 – jeroen

+0

@jeroen也许OP的'id'不是'int's,应该使用'WHERE id ='“ $ row ['id']。''“;'(?) –

0

一次尝试这样

$query = "UPDATE $tbl SET 
      message = '".mysql_real_escape_string($row['message'])."' 
      WHERE id = ".$row['id']." ";

来源

2014-06-17 13:31:35 Sach

+0

对不起,同样的错误! – adeoba

+0

请尝试充实您的答案。只是在没有任何解释或上下文的情况下发布代码块并不好。在目前的状态下,你的答案可能对将来寻找这个问题的答案的人没有任何用处。 –

0

没有顶住事实上,你使用的是mysql_功能和人爱你nagg有关。

尝试使生活变得简单一点为自己和这样做:

​​

或曾经这样

$query = "UPDATE $tbl SET message = '" . 
      mysql_real_escape_string($row['message']) . 
      "' WHERE id = {$row['id']}";

那么你或许会发现你错过叫到身边文本字段中的单引号message

来源

2014-06-17 13:31:39 RiggsFolly

+0

对不起,同样的错误! – adeoba

0

我认为你必须改变这种updatestatement:

$query = "UPDATE $tbl SET message = '".mysql_real_escape_string($row['message'])."' WHERE id = ".$row['id']." ";

来源

2014-06-17 13:32:35 Jens

+0

对不起,同样的错误! – adeoba

+0

@adeoba和'$ row ['id']'不是空的? – Jens

+0

<?php echo $ row ['id']; ?>不显示任何内容... – adeoba

相关问题

 相关问题