![](/img/trans.png)
[英]SQL error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax
[英]Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax
無法運行查詢:SQLSTATE [42000]:語法錯誤或訪問沖突:1064您的SQL語法有錯誤;您可能無法使用它。 檢查與您的MySQL服務器版本對應的手冊以獲取正確的語法,以便在第4行的'telephone ='952 123 123'mobiletelephone ='655 000 000''附近使用
有人可以幫忙嗎?
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// This if statement checks to determine whether the edit form has been submitted
// If it has, then the account updating code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Make sure the user entered a valid E-Mail address
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
// If the user is changing their E-Mail address, we need to make sure that
// the new value does not conflict with a value that is already in the system.
// If the user is not changing their E-Mail address this check is not needed.
if($_POST['email'] != $_SESSION['user']['email'])
{
// Define our SQL query
$query = "
SELECT
1
FROM users
WHERE
email = :email AND
telephone = :telephone AND
mobiletelephone = :mobiletelephone
";
// Define our query parameter values
$query_params = array(
':email' => $_POST['email']
);
try
{
// Execute the query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Retrieve results (if any)
$row = $stmt->fetch();
if($row)
{
die("This E-Mail address is already in use");
}
}
// If the user entered a new password, we need to hash it and generate a fresh salt
// for good measure.
if(!empty($_POST['password']))
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
}
else
{
// If the user did not enter a new password we will not update their old one.
$password = null;
$salt = null;
}
// Initial query parameter values
$query_params = array(
':email' => $_POST['email'],
':telephone' => $_POST['telephone'],
':mobiletelephone' => $_POST['mobiletelephone'],
':user_id' => $_SESSION['user']['id'],
);
// If the user is changing their password, then we need parameter values
// for the new password hash and salt too.
if($password !== null)
{
$query_params[':password'] = $password;
$query_params[':salt'] = $salt;
}
// Note how this is only first half of the necessary update query. We will dynamically
// construct the rest of it depending on whether or not the user is changing
// their password.
$query = "
UPDATE users
SET
email = :email,
telephone = :telephone,
mobiletelephone = :mobiletelephone
";
// If the user is changing their password, then we extend the SQL query
// to include the password and salt columns and parameter tokens too.
if($password !== null)
{
$query .= "
, password = :password
, salt = :salt
";
}
// Finally we finish the update query by specifying that we only wish
// to update the one record with for the current user.
$query .= "
WHERE
id = :user_id
";
try
{
// Execute the query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Now that the user's E-Mail address has changed, the data stored in the $_SESSION
// array is stale; we need to update it so that it is accurate.
$_SESSION['user']['email'] = $_POST['email'];
$_SESSION['user']['telephone'] = $_POST['telephone'];
$_SESSION['user']['mobiletelephone'] = $_POST['mobiletelephone'];
// This redirects the user back to the members-only page after they register
header("Location: members.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to members.php");
}
?>
如錯誤消息所述,您的SQL查詢中存在語法錯誤:
SELECT
1
FROM users
WHERE
email = :email
telephone = :telephone
mobiletelephone = :mobiletelephone
您需要將WHERE
子句與一些邏輯運算符結合在一起。 例如,如果查詢中所有這三個子句都必須為真,則可以使用AND
運算符:
SELECT
1
FROM users
WHERE
email = :email AND
telephone = :telephone AND
mobiletelephone = :mobiletelephone
同樣,您的UPDATE
查詢需要用逗號分隔要更新的字段:
UPDATE users
SET
email = :email,
telephone = :telephone,
mobiletelephone = :mobiletelephone
(注意:在執行該查詢之后,您看起來像是將更多字段附加到SET
子句。您需要確保在構造整個查詢時,每個查詢都由逗號分隔。)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.