stackoom
  简体   繁体   中英

Syntax error at update query where clause mysql

 原文  2012-08-26 01:41:20       php/ mysql

Question

if(isset($_POST['Update'])) {
$placename = $_POST['placename'];
$description = trim(addslashes($_POST['description']));
$hotel = $_POST['hotel'];
$transport = $_POST['transport'];
$map = $_POST['map'];
$sqlp = "UPDATE places SET placename = $placename, description = $description, hotel = $hotel, transport = $transport, map = $map WHERE place_id = ". $sPlace['place_id'];
connection();
if(mysql_query($sqlp)) {
    echo "Successfully Updated";
} else {
    echo mysql_error();
}
}

Error Message is following-

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

map = map WHERE place_id = 54' at line 1

3 answers

solution1
 2  2012-08-26 01:49:53

You error in that code is that you don't add quotes around variables, it should be like this: 

$query = "UPDATE `table` SET `name`='".mysqli_real_escape_string($_POST['name'])."' WHERE `id`=1";

But please try to use PDO with transaction as you will be able to debug any errors and you don't have to worry about SQL Injection.

Try this: (you will see errors, and if it's not ok, it will rollback) 

$db = new PDO('mysql:host=localhost;dbname=databaseName', 'username', 'password', array(PDO::ATTR_EMULATE_PREPARES => false));

$placename = $_POST['placename'];
$description = trim(addslashes($_POST['description']));
$hotel = $_POST['hotel'];
$transport = $_POST['transport'];
$map = $_POST['map'];

try {

    $db->beginTransaction();

    $stmt = $db->prepare("UPDATE `places` SET `placename`=:placename, `description`=:description, `hotel`=:hotel, `transport`=:transport, `map`=:map WHERE `place_id`=:place_id");
    $stmt->execute(array(':placename' => $placename, ':description' => $description, ':hotel' => $hotel, ':transport' => $transport, ':map' => $map, ':place_id' => $sPlace['place_id']));

    $db->commit();

} catch(PDOException $ex) {
    $db->rollBack();
    echo $ex->getMessage();
}

solution2
 0  2012-08-26 01:44:53

You have an error in your SQL syntax ... ' WHERE place_id = 54' at line 1 WHERE place_id = 54'在第1行

map = map <-- is invalid. the right-side should be an sql value (quoted string, number, etc). Perhaps map = 'map' (quote the value) is the intended result?

solution3
 0  2012-08-26 01:51:52

The problem you are seeing has come about because none of your string literals have been quoted, so the comma in the value of $transport is being evaluated as a separator between SQL SET clauses and so gives rise to the syntax error that you witness.

You should quote your string literals—or better yet, use parameterised statements so that your variables do not get evaluated for SQL at all (which avoids all forms of SQL injection attack).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error in MySQL Syntax with WHERE clause mysql where clause syntax error prestashop MySQL Select…Where Clause Returns Syntax Error MySQL syntax error on using if condition in WHERE clause Syntax error for Where Clause on DB query MySql Update query without where clause vs with where clause MySQL Syntax for Where clause MySQL UPDATE Query Syntax Error? mysql update query (containing 'where' syntax) not working Laravel query builder: error in mysql where clause
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM