[英]Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax
Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;
无法运行查询:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法有错误;您可能无法使用它。 check the manual that corresponds to your MySQL server version for the right syntax to use near 'telephone = '952 123 123' mobiletelephone = '655 000 000' ' at line 4
检查与您的MySQL服务器版本对应的手册以获取正确的语法,以便在第4行的'telephone ='952 123 123'mobiletelephone ='655 000 000''附近使用
Can anyone help ? 有人可以帮忙吗?
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// This if statement checks to determine whether the edit form has been submitted
// If it has, then the account updating code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Make sure the user entered a valid E-Mail address
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
// If the user is changing their E-Mail address, we need to make sure that
// the new value does not conflict with a value that is already in the system.
// If the user is not changing their E-Mail address this check is not needed.
if($_POST['email'] != $_SESSION['user']['email'])
{
// Define our SQL query
$query = "
SELECT
1
FROM users
WHERE
email = :email AND
telephone = :telephone AND
mobiletelephone = :mobiletelephone
";
// Define our query parameter values
$query_params = array(
':email' => $_POST['email']
);
try
{
// Execute the query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Retrieve results (if any)
$row = $stmt->fetch();
if($row)
{
die("This E-Mail address is already in use");
}
}
// If the user entered a new password, we need to hash it and generate a fresh salt
// for good measure.
if(!empty($_POST['password']))
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
}
else
{
// If the user did not enter a new password we will not update their old one.
$password = null;
$salt = null;
}
// Initial query parameter values
$query_params = array(
':email' => $_POST['email'],
':telephone' => $_POST['telephone'],
':mobiletelephone' => $_POST['mobiletelephone'],
':user_id' => $_SESSION['user']['id'],
);
// If the user is changing their password, then we need parameter values
// for the new password hash and salt too.
if($password !== null)
{
$query_params[':password'] = $password;
$query_params[':salt'] = $salt;
}
// Note how this is only first half of the necessary update query. We will dynamically
// construct the rest of it depending on whether or not the user is changing
// their password.
$query = "
UPDATE users
SET
email = :email,
telephone = :telephone,
mobiletelephone = :mobiletelephone
";
// If the user is changing their password, then we extend the SQL query
// to include the password and salt columns and parameter tokens too.
if($password !== null)
{
$query .= "
, password = :password
, salt = :salt
";
}
// Finally we finish the update query by specifying that we only wish
// to update the one record with for the current user.
$query .= "
WHERE
id = :user_id
";
try
{
// Execute the query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Now that the user's E-Mail address has changed, the data stored in the $_SESSION
// array is stale; we need to update it so that it is accurate.
$_SESSION['user']['email'] = $_POST['email'];
$_SESSION['user']['telephone'] = $_POST['telephone'];
$_SESSION['user']['mobiletelephone'] = $_POST['mobiletelephone'];
// This redirects the user back to the members-only page after they register
header("Location: members.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to members.php");
}
?>
As stated by the error message, you have a syntax error in your SQL query: 如错误消息所述,您的SQL查询中存在语法错误:
SELECT
1
FROM users
WHERE
email = :email
telephone = :telephone
mobiletelephone = :mobiletelephone
You need to combine your WHERE
clauses with some logical operator. 您需要将
WHERE
子句与一些逻辑运算符结合在一起。 For example, if all three of these clauses must be true in the query then you would use the AND
operator: 例如,如果查询中所有这三个子句都必须为真,则可以使用
AND
运算符:
SELECT
1
FROM users
WHERE
email = :email AND
telephone = :telephone AND
mobiletelephone = :mobiletelephone
Similarly, your UPDATE
query needs to separate fields being updated with a comma: 同样,您的
UPDATE
查询需要用逗号分隔要更新的字段:
UPDATE users
SET
email = :email,
telephone = :telephone,
mobiletelephone = :mobiletelephone
(Note: Following that query, it looks like you then append more fields to the SET
clause. You'll want to make sure by the time the whole query is constructed that each one is separated by a comma.) (注意:在执行该查询之后,您看起来像是将更多字段附加到
SET
子句。您需要确保在构造整个查询时,每个查询都由逗号分隔。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.