堆栈内存溢出
  简体   繁体   English

向我发送错误的SQL语法

[英]SQL syntax which sending me an Error

 原文  2017-06-09 08:50:18       php/ mysql/ mariadb/ server-error

问题描述

I have a Mysql Database named user. 我有一个名为用户的Mysql数据库。 Here is a picture: 这是一张图片: 在此处输入图片说明

I want to change the Username of the user "dodlo.rg" programmatically. 我想以编程方式更改用户“ dodlo.rg”的用户名。

Actually, I have the PHP-Version 7.1. 实际上,我有PHP版本7.1。 And this is a part of my PHPCode: 这是我的PHPCode的一部分:

EDITED CODE: 编辑代码: 

$newName= $_POST["changeT"];  
$userId = $_POST["userId"];

      $db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
      $sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
      $query = mysqli_query($db, $sql);
      $response["successU"] = true;

But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1" 但是我收到错误消息:“您在SQL语法中输入了错误;请查看与您的MariaDB服务器版本相对应的手册,以找到在第1行的'SELECT * FROM user'附近使用正确的语法”

Thanks in advance. 提前致谢。

2 个解决方案

解决方案1
 1  2017-06-09 08:52:25

You have to convert this query into two parts 您必须将此查询转换为两部分 

$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";

解决方案2
 1 已采纳  2017-06-09 08:53:36

The problem lies in 2 parts. 问题在于两部分。 Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error. 首先,由于此列是varchar字段,因此必须在引号内,否则会产生sql错误。 Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error. 其次,紧随其后的SELECT语句无效,但我想这是复制/粘贴错误。

Therefore your working code should be: 因此,您的工作代码应为: 

$newName= $_POST["changeT"];  

  $db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
  $sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
  $query = mysqli_query($db, $sql);
  $response["successU"] = true;

Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. 另外,请考虑在where语句而不是varchar字段上使用主键,因为当执行更复杂的查询时,它将提高速度。 (eg. where user_id = 35 instead of where username = 'dodlo.rg' ). (例如, where user_id = 35 instead of where username = 'dodlo.rg' )。

Lastly, but quite important this code might be vulnerable to sql injections. 最后,但非常重要的是,此代码可能容易受到sql注入的攻击。 You need to use prepared statements. 您需要使用准备好的语句。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么给我一个SQL语法错误? - Why is is giving me an SQL syntax error? 在PHP代码上发送HTML电子邮件会给我一个语法错误 - Sending an HTML email on a PHP code gives me a Syntax Error SQL语法错误,有人可以帮我申请表格吗? - Error in SQL syntax, can anyone help me with my signup form? SQL 语法错误。 让我查看 MariaDB 服务器的手册 - SQL syntax error. Asking me to check the manual for MariaDB server 语法错误让我发疯 - Syntax error is driving me crazy 语法错误发送数据到数据库 - Syntax error sending data to a database SQL错误:SQL语法错误 - SQL Error: SQL Syntax Error SQL语法问题(同一段代码,给我一个错误!我不明白。) - SQL syntax issue (Same piece of code, giving me an error! I do not understand.) SQL 语法错误 - An error in SQL syntax 导入时出现SQL语法错误 - Sql syntax error on import
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM