[英]Whenever I add an 'AND' to my sql statement, the statement gives an error
這是我第二次來這里...我可能會輸入錯誤,但我希望不會,我遇到了 php 問題,每當我在 sql 查詢中放入 AND 語句時,它都會給我一個關於 sql 語句不正確的錯誤。 我想為 mysqli 更新數據庫查詢執行兩個 SET 語句,但似乎無法成功。
我嘗試更改變量,但沒有用。
<?php session_start();
if(!isset($_SESSION["admin"]) || $_SESSION["admin"] !== true){
header("location: https://howcoolitis.net/home");
exit;
}
require_once "config.php";
$banname = "";
$banmotive = "";
$deletename = "";
$deletemotive = "";
$ban_err = "";
$delete_err = "";
$unbanname = "";
$unban_err = "";
$adminname = "";
$admin_err = "";
$moderatorname = "";
$moderator_err = "";
$ban_success = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(isset($_POST['ban'])){
$username = $_POST['ban'];
$usernamesql = "SELECT * FROM users WHERE username = ? AND Admin = '0'";
if($stmt = mysqli_prepare($link, $usernamesql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) != 1){
$ban_err = "That user does not exist or is an admin!";
}
mysqli_stmt_close($stmt);
if(empty($ban_err)){
// Prepare an update statement
$username = $_POST['ban'];
$banname = $_POST['ban'];
$banmotive = $_POST['ban-motive'];
$sql = "UPDATE users SET Banned = '1' and SET BannedMotive = ? and SET WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_bannedmotive, $param_username);
$param_username = $username;
$param_bannedmotive = $banmotive;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$ban_success = "You have successfully banned ".$username."!";
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
}
}
else if (isset($_POST['delete'])) {
$username = $_POST['delete'];
$usernamesql = "SELECT * FROM users WHERE username = ? AND Admin = '0'";
if($stmt = mysqli_prepare($link, $usernamesql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) != 1){
$delete_err = "That user does not exist or is an admin!";
}
mysqli_stmt_close($stmt);
if(empty($delete_err)){
// Prepare an update statement
$username = $_POST['delete'];
$deletename = $_POST['delete'];
$deletemotive = $_POST['delete-motive'];
$bansql = "UPDATE users SET Banned = '1' and SET DeletedMotive = ? WHERE username = ?";
if($stmt = mysqli_prepare($link, $bansql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_deletedmotive, $param_username);
$param_username = $username;
$param_deletedmotive = $deletemotive;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$bio_success = "You have successfully deleted ".$username."!";
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
}
}
else if (isset($_POST['unban'])){
$username = $_POST['unban'];
$usernamesql = "SELECT * FROM users WHERE username = ? AND banned = '1'";
if($stmt = mysqli_prepare($link, $usernamesql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) != 1){
$admin_err = "That user does not exist or has not been banned!";
}
mysqli_stmt_close($stmt);
if(empty($admin_err)){
// Prepare an update statement
$username = $_POST['unban'];
$unbanname = $_POST['unban'];
$bansql = "UPDATE users SET Banned = '0' WHERE username = ?";
if($stmt = mysqli_prepare($link, $bansql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$bio_success = "You have successfully unbanned ".$username."!";
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
}
}
else if (isset($_POST['admin'])){
$username = $_POST['admin'];
$usernamesql = "SELECT * FROM users WHERE username = ? AND Admin = '0' AND Moderator = '0'";
if($stmt = mysqli_prepare($link, $usernamesql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) != 1){
$unban_err = "That user does not exist, is not a moderator or already is an admin";
}
mysqli_stmt_close($stmt);
if(empty($unban_err)){
// Prepare an update statement
$username = $_POST['admin'];
$adminname = $_POST['admin'];
$bansql = "UPDATE users SET Admin = '1' WHERE username = ?";
if($stmt = mysqli_prepare($link, $bansql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$bio_success = "You have successfully admined ".$username."!";
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
}
}
else if (isset($_POST['moderator'])){
$username = $_POST['moderator'];
$usernamesql = "SELECT * FROM users WHERE username = ? AND Moderator = '0'";
if($stmt = mysqli_prepare($link, $usernamesql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) != 1){
$unban_err = "That user does not exist or is a moderator already!";
}
mysqli_stmt_close($stmt);
if(empty($unban_err)){
// Prepare an update statement
$username = $_POST['admin'];
$adminname = $_POST['admin'];
$bansql = "UPDATE users SET Moderator = '1' WHERE username = ?";
if($stmt = mysqli_prepare($link, $bansql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$bio_success = "You have successfully made ".$username." a moderator!";
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>HCII - Admin Panel</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<link rel="stylesheet" href="https://howcoolitis.net/style.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 400px; padding: 20px; }
</style>
</head>
<body id = "particles-js">
<div class="wrapper">
<h2>Welcome to the admin panel, <?php echo htmlspecialchars($_SESSION["username"]); ?> </h2>
<form action="" method = "post">
<label>Ban User</label>
<input type="text" name="ban" class="form-control" value="<?php echo $banname ?>" required><br>
<label>Ban Motive</label>
<input type="text" name="ban-motive" class="form-control" value="<?php echo $banmotive ?>" required><br>
<?php echo $ban_err; ?><br><br> <?php echo $ban_success; ?>
<br><br>
<input type="submit" class="btn btn-primary" value="Ban">
</form>
<br><br>
<form action="" method = "post">
<label>Delete User</label>
<input type="text" name="delete" class="form-control" value="<?php echo $deletename ?>" required><br>
<label>Delete Motive</label>
<input type="text" name="delete-motive" class="form-control" value="<?php echo $deletemotive ?>" required><br>
<?php echo $delete_err ?><br><br>
<input type="submit" class="btn btn-primary" value="Delete">
</form>
<br>
<div class="form-group">
<a class="btn btn-link" href="https://howcoolitis.net/home"> Go Back To Main Page?</a><br><br>
</div>
</div>
<div class = "unban">
<form action="" method = "post">
<label>Unban User</label>
<input type="text" name="unban" class="form-control" value="<?php echo $unbanname ?>" required><br>
<?php echo $unban_err; ?><br>
<input type="submit" class="btn btn-primary" value="Unban">
</form>
</div>
<div class = "role">
<form action="" method = "post">
<label>Admin A User</label>
<input type="text" name="admin" class="form-control" value="<?php echo $adminname ?>" required><br>
<?php echo $admin_err; ?><br>
<input type="submit" class="btn btn-primary" value="Admin"><br>
</form>
<br><br>
<form action = "" method = "post">
<label>Make A Userr A Moderator</label>
<input type="text" name="moderator" class="form-control" value="<?php echo $moderatorname ?>" required><br>
<?php echo $moderator_err; ?><br>
<input type="submit" class="btn btn-primary" value="Moderator">
</form>
</div>
<script src = "https://howcoolitis.net/script.js"></script>
<script src = "https://howcoolitis.net/app.js"></script>
<style>
body {
margin: 0;
padding: 0;
}
.unban{
background-color: #fff;
position: absolute;
margin-left: 10%;
margin-top: 18%;
padding: 50px;
background-color: #fff;
border-radius: 1em;
width: 20%;
height: 16%;
border-radius: 0;
border-radius: 8px;
}
.role{
background-color: #fff;
position: absolute;
margin-left: 10%;
margin-top: 28%;
padding: 50px;
background-color: #fff;
border-radius: 1em;
width: 20%;
height: 25%;
border-radius: 0;
border-radius: 8px;
}
.wrapper
{
background-color: #fff;
position: absolute;
margin-left: 40%;
margin-top: 16.45%;
padding: 50px;
background-color: #fff;
border-radius: 1em;
width: 20%;
height: 47%;
border-radius: 0;
border-radius: 8px;
} </style>
</body>
</html>
我以為它只會用設置的參數更新兩者,但它不會
請幫我解決一下這個。
而不是這個查詢:
$sql = "UPDATE users SET Banned = '1' and SET BannedMotive = ? and SET WHERE username = ?";
您的查詢應該是:
$sql = "UPDATE users SET Banned = '1',BannedMotive = ? WHERE username = ?";
您應該在查詢中使用逗號,
而不是AND
像這樣:
$bansql = "UPDATE users SET Banned = '1' , DeletedMotive = ? WHERE username = ?";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.