php - 按提交显示错误后编辑用户

Question

我的编辑用户有问题。单击提交按钮后，它将显示错误“您的 SQL 语法有错误；请检查与您的 MySQL 服务器版本相对应的手册，以在第 1 行的 '' 附近使用正确的语法”这是错误代码它。我不知道我的代码发生了什么。我确实尝试调试它很多次。

<?php
//set session start
session_start();

function renderForm($UID,$Username,$Unitno,$Cont,$PW,$UEmail,$UPay,$JD,$PD)
    {?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link href="styles/style1.css" media="screen" rel="stylesheet" title="CSS" type="text/css" /></head><body><!-- Begin Container -->
    <div id="container">
        <!-- Begin Masthead -->
        <div id="masthead">

        </div>
        <!-- End Masthead -->

        <!-- Begin Navigation -->
        <div id="navigation">
            <ul>
                <li><a href="homepage.php">Home Page</a></li>
                <li><a href="notice.php">Notice</a></li>
                <li><a href="feedback.php">Feedback</a></li>
                <li><a href="user.php">User</a></li>
                <li><a href="logout.php">Logout</a></li>
            </ul>
        </div>
        <!-- End Navigation -->

        <!-- Begin Content -->
        <div id="content">
            <!-- #BeginEditable "content" -->
            <h1>Edit User</h1>

            <hr/>

            You are on: 
                <a href="user.php">User</a>

            <br/>

            <form action="" method="post">
                <table align="center">
                <tr>
                <p align = "center"><strong>User ID: </strong> <?php echo $UID?></p><br/>
                    <td align = "right">

                    <strong>User Name: </strong> <input type="text" name="UserName" value = "<?php echo $Username; ?>" /><br/>
                    <strong>Unit No: </strong> <input type="text" name="UnitNo" value = "<?php echo $Unitno; ?>" /><br/>
                    <strong>Contact: </strong> <input type="text" name="Contact" value = "<?php echo $Cont; ?>" /><br/>
                    <strong>Password: </strong> <input type="text" name="Password" value = "<?php echo $PW; ?>" /><br/>
                    <strong>Email: </strong> <input type="text" name="UserEmail" value = "<?php echo $UEmail; ?>" /><br/>
                    <strong>User Pay: </strong> <input type="text" name="UPayment" value = "<?php echo $UPay; ?>" /><br/>
                    <strong>Join Date: </strong> <input type="text" name="JoinDate" value = "<?php echo $JD; ?>" /><br/>
                    <strong>Pay Date: </strong> <input type="text" name="PayDate" value = "<?php echo $PD; ?>" /><br/>

                    <input type="submit" name="submit" value="Submit">

                    </td>
                    </tr></table>
            <br/>

            <hr/>
        </div>
        <!-- End Content -->

        <!-- Begin Footer -->
        <div id="footer">
            <p>
                Copyright &copy; 2012 Condominium Management. All Rights Reserved.
            </p>
        </div>
        <!-- End Footer -->
    </div>
    <!-- End Container -->
</body>
</html><?php


include ("connection_db.php");



                        if(isset($_POST['submit']))
                        {

                        if (is_numeric($_POST['UID']))
                        {
                            $UserID = $_POST['UserID'];
                            $UserName= mysql_real_escape_string(htmlspecialchars($_POST['UserName']));
                            $UnitNo = mysql_real_escape_string(htmlspecialchars($_POST['UnitNo']));
                            $Contact = mysql_real_escape_string(htmlspecialchars($_POST['Contact']));
                            $Password= mysql_real_escape_string(htmlspecialchars($_POST['Password']));
                            $UEmail = mysql_real_escape_string(htmlspecialchars($_POST['UserEmail']));
                            $UPayment = mysql_real_escape_string(htmlspecialchars($_POST['UPayment']));
                            $JoinDate= mysql_real_escape_string(htmlspecialchars($_POST['JoinDate']));
                            $PayDate = mysql_real_escape_string(htmlspecialchars($_POST['PayDate']));
                        }
                        else
                        {
                            $sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = $UserID";

                            mysql_query($sql) or die(mysql_error());
                            header("Location:user.php");
                        }
                        }
                        else
                        {
                        if(isset($_GET['UserID']) && is_numeric($_GET['UserID']) && $_GET['UserID']>0)
                        {
                        $uid = $_GET['UserID'];
                        $result = mysql_query("SELECT * FROM User Where UserID = $uid") or die (mysql_error());
                        $row = mysql_fetch_array($result);

                        if($row)
                        {
                        $UID = $row['UserID'];
                        $Username = $row['UserName'];
                        $Unitno = $row['UnitNo'];
                        $Cont = $row['Contact'];
                        $PW = $row['Password'];
                        $UEmail = $row['UserEmail'];
                        $UPay = $row['UPayment'];
                        $JD = $row['JoinDate'];
                        $PD = $row['PayDate'];

                        renderForm($UID, $Username, $Unitno, $Cont, $PW, $UEmail, $UPay, $JD, $PD, '');
                        }
                        else
                        {
                        echo "No result";
                        }
                        }
                        else
                        {
                        echo 'Error';
                        }
                        }?>

score 1 · Accepted Answer

您确实应该打印出 sql 语句：

$sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = $UserID";

echo "MY QUERY: ".$sql;
mysql_query($sql) or die(mysql_error());
header("Location:user.php");

请发布您的结果，我想我们可以轻松检测到错误。

更新：确保$UserID已定义（非空）并添加分号：

$sql = "UPDATE User SET UserName='$UserName', UnitNo='$UnitNo', Contact='$Contact', Password='$Password', UserEmail='$UEmail', UPayment='$UPayment', JoinDate='$JoinDate', PayDate='$PayDate' where UserID = '$UserID' ;";

score 1 · Accepted Answer

我看到两个错误。

您引用了$_POST['UserID']，但没有名为 UserID 的字段，只有 UID。
您使用在 UPDATE 语句中调用的变量$UserID，但该变量仅由其他代码路径设置，因此当 UPDATE 运行时，它尚未初始化，因此可能是一个空字符串。

我认为这是导致您的问题的第二个问题。您的 UPDATE 语句可能以where UserID =. 但是，正如其他人所说，唯一可以确定的方法是打印出您的查询，看看它有什么问题。

一般来说，要调试您的 SQL 问题，您应该：

修改您的代码以打印出所有 SQL 查询。
检查查询，看看您是否可以分辨出哪个有问题以及错误在哪里
如果没有，请尝试手动运行它们以查看哪些有效，哪些无效
在查询字符串中找到错误后，请查看创建它导致该错误的问题所在。
修理它

score 0 · Accepted Answer

0

替换where UserID = $UserID"为where UserID = '$UserID';"不要忘记那些引号和分号

于 2014-11-25T16:52:42.070 回答

php - 按提交显示错误后编辑用户

3 回答 3

Related

Reference