[英]SQL syntax which sending me an Error
I have a Mysql Database named user. 我有一个名为用户的Mysql数据库。 Here is a picture:
这是一张图片:
I want to change the Username of the user "dodlo.rg" programmatically. 我想以编程方式更改用户“ dodlo.rg”的用户名。
Actually, I have the PHP-Version 7.1. 实际上,我有PHP版本7.1。 And this is a part of my PHPCode:
这是我的PHPCode的一部分:
EDITED CODE: 编辑代码:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1" 但是我收到错误消息:“您在SQL语法中输入了错误;请查看与您的MariaDB服务器版本相对应的手册,以找到在第1行的'SELECT * FROM user'附近使用正确的语法”
Thanks in advance. 提前致谢。
You have to convert this query into two parts 您必须将此查询转换为两部分
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
The problem lies in 2 parts. 问题在于两部分。 Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
首先,由于此列是varchar字段,因此必须在引号内,否则会产生sql错误。 Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
其次,紧随其后的SELECT语句无效,但我想这是复制/粘贴错误。
Therefore your working code should be: 因此,您的工作代码应为:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. 另外,请考虑在where语句而不是varchar字段上使用主键,因为当执行更复杂的查询时,它将提高速度。 (eg.
where user_id = 35 instead of where username = 'dodlo.rg'
). (例如,
where user_id = 35 instead of where username = 'dodlo.rg'
)。
Lastly, but quite important this code might be vulnerable to sql injections. 最后,但非常重要的是,此代码可能容易受到sql注入的攻击。 You need to use prepared statements.
您需要使用准备好的语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.