SQL 创建代码以编辑用户时出现异常
[英]SQL Exception When Creating Code To Edit User
问题描述
Can't figure out why I'm being thrown an exception for the following code.
无法弄清楚为什么我被以下代码抛出异常。 I'm trying to edit a user based on their email address, not their id.我正在尝试根据他们的 email 地址而不是他们的 ID 来编辑用户。
<?php
if(isset($_POST['edit_user'])) {
$user_email = $_POST['Email'];
$query = "SELECT * FROM users WHERE user_email = '{$user_email}' ";
$select_users_query = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($select_users_query)) {
$user_firstname = $row ['user_firstname'];
$user_lastname = $row ['user_lastname'];
$user_email = $row ['user_email'];
$user_password = $row ['user_password'];
$user_role = $row ['user_role'];
}
}
if(isset($_POST['edit_user'])) {
$user_firstname = $_POST['FirstName'];
$user_lastname = $_POST['LastName'];
$user_email = $_POST['Email'];
$user_password = $_POST['Password'];
$user_role = $_POST['UserRole'];
$query = "UPDATE users SET ";
$query .="user_firstname = '{$user_firstname}', ";
$query .="user_lastname = '{$user_lastname}', ";
$query .="user_email = '{$user_email}', ";
$query .="user_password = password_hash('{$user_password}', PASSWORD_BCRYPT, array('cost'=> 12)) ";
$query .="user_role = '{$user_role}' ";
$query .= "WHERE 'user_email' = '{$user_email}' ";
$edit_user_query = mysqli_query($connection, $query);
confirmQuery($edit_user_query);
}
?>
Exception: Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax;异常:致命错误:未捕获的 mysqli_sql_exception:您的 SQL 语法有错误; check the manual that corresponds to your MariaDB server version for the right syntax to use near '> 12)) user_role = 'Student' WHERE 'user_email' = ''' at line 1 in Stack trace: #0 mysqli_query(Object(mysqli), 'UPDATE users SE...') #1 {main} thrown in on line 203.检查与您的 MariaDB 服务器版本相对应的手册,以获取在 '> 12)) 附近使用的正确语法) user_role = 'Student' WHERE 'user_email' = ''' at line 1 in Stack trace: #0 mysqli_query(Object(mysqli) , 'UPDATE users SE...') #1 {main} 在第 203 行抛出。
1 个解决方案
解决方案1
0 2022-07-25 21:34:28
You can't call PHP functions inside the SQL query.您不能在 SQL 查询中调用 PHP 函数。 You need to call the function from PHP, then use the result in the query.您需要从 PHP 调用 function,然后在查询中使用结果。
You also should use a prepared statement instead of substituting variables directly into the SQL.您还应该使用准备好的语句,而不是将变量直接替换到 SQL 中。
And you shouldn't have quotes around the column name in WHERE user_email = .而且您不应该在WHERE user_email =的列名周围加上引号。 See When to use single quotes, double quotes, and backticks in MySQL请参阅何时在 MySQL 中使用单引号、双引号和反引号
There's no need to set user_email , since you're setting it to the same value that it already has.无需设置user_email ,因为您将其设置为与它已有的值相同的值。
$password_hash = password_hash($user_password, PASSWORD_BCRYPT, array('cost'=> 12));
$query = "UPDATE users SET
user_firstname = ?,
user_lastname = ?,
user_password = ?
user_role = ?
WHERE user_email = ?";
$stmt = mysqli_prepare($connection, $query);
mysqli_stmt_bind_param($stmt, "sssss", $user_firstname, $user_lastname, $password_hash, $user_role, $user_email);
mysqli_stmt_execute($stmt);
$edit_user_query = mysqli_stmt_get_result($stmt);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.