[英]update a field in a table showing error
I've a customer table i that table in one i need to store data of customer as a text a declare that in db that varchar(1500) while am trying to update that field i getting following erro 我有一个客户表,该表位于一个表中,我需要将客户数据存储为文本,并在试图更新该字段的数据库中声明varchar(1500)的声明,但随后却收到错误提示
You have an error in your SQL syntax; 您的SQL语法有误; check the manual that corresponds to your MySQL server version for the right syntax to use near 's standard dummy text ever since the 1500s, when an unknown printer took a galle' at line 1"
请检查与您的MySQL服务器版本相对应的手册,以获取正确的语法,以便在1500年代(第1行出现未知打印机加油时)附近在'标准虚拟文本附近使用”
field name is "comments1 varchar(1500);"
My query is 我的查询是
$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";
how to solve it... 如何解决...
before your query add this code 在查询之前添加此代码
$comments1=mysql_real_escape_string($comments1);
<----your query goes here---> <----您的查询在这里->
According to the error message: 根据错误信息:
...or the right syntax to use near 's standard dummy text ever since
...或自那时以来使用在标准虚拟文本附近的正确语法
error starts here ^错误从这里开始^
Probably you are inserting a value that has single quote ( which breaks the sql statement causing syntax error ) on it. 可能您要在其上插入具有单引号的值( 这会破坏导致语法错误的sql语句 )。 This is an indicator that you have not sanitized the values before inserting it on the database.
这表明在将值插入数据库之前尚未清除值。 There are several ways to avoid from sql injection:
有几种方法可以避免sql注入:
PDO
PDO
MySQLi
. MySQLi
。 For more details, please browse on this link. 有关更多详细信息,请浏览此链接。
you can also use mysql_real_escape_string ( but will soon be deprecated ) 您还可以使用mysql_real_escape_string ( 但很快就会弃用 )
$var = mysql_real_escape_string($comments1);
$sql="UPDATE customer SET comments1='$var' WHERE sno='$sno'";
Your comment variable contains single quotes you need to escape them with addslashes function. 您的注释变量包含单引号,您需要使用addslashes函数对其进行转义。
Try this 尝试这个
$sql="UPDATE customer SET comments1='".addslashes($comments1)."' WHERE sno='$sno'";
It seems your column name is comments
not comments1
. 看来您的列名称是
comments
而不是comments1
。 field name is "comments varchar(1500);"
so change 所以改变
$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";
to 至
$sql="UPDATE customer SET comments='".$comments1."' WHERE sno='$sno'";
最好尝试使用此函数mysql_real_escape_string()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.