<form action="editauthor.php" method="post">
<label>Author Name:</label>
<input type="text" name="txtUser" value="<?=$name;?>" /><br /><br />
<label>Email:</label>
<input type="text" name="txtEmail" value="<?=$email;?>" /><br /><br />
<input type="hidden" name="id" value="<?=$id?>" /> <!-- use hidden to hide id for using, but not display, here id is not important -->
<input type="submit" value="Edit" name="submit" />
</form>
<?php
if(isset($_POST['submit'])) {
$con = @mysql_connect("localhost","root","");
mysql_select_db("jokes",$con);
$name = $_POST['txtUser'];
$email = $_POST['txtEmail'];
$sql = "UPDATE authors
SET name = '".$_POST['txtUser']."',
email = '".$_POST['txtEmail']."'
WHERE id = ".$_GET['id']"";
$result = @mysql_query($sql, $con) or die(mysql_error());
if($result) {
echo "New Author has been edited successfully!";
} else {
echo "Cannot update this kind of author into the database. ".mysql_error();
}
} ?>
...它产生以下错误:MySQL的语法错误
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
这个问题不在php代码中,而是在sql代码中。显示'$ sql'的转储,因为没有人知道你的变量的内容。 – KingCrunch 2011-06-01 14:35:58
你听说过SQL注入吗? – 2011-06-01 14:36:11