-1

得到这样的查询:

 UPDATE trails SET route = '$route', distance = '$distance', desc = '$description' WHERE route='$route'

它返回此错误:

 Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'Bla bla bla' WHERE route='London to Dublin'' at line 1

谢谢!。

4

4 回答 4

3

DESC是保留关键字。使用反引号引用它:

UPDATE trails SET route = '...', distance = '...', `desc` = '...' WHERE route = '...'

顺便说一句,您的代码中存在更严重的问题。以 SQL 注入为例。

于 2012-12-20T08:59:07.253 回答
2

[这不是正确的答案。] 您应该在将字符串传递给查询之前对其进行转义。

请参见此处: http: //php.net/manual/en/mysqli.real-escape-string.php或此处,如果您使用的是旧的已弃用函数http://php.net/manual/en/function.mysql-真正的转义字符串.php

于 2012-12-20T08:56:03.697 回答
1

第一的 :

像这样逃避你的变量

  $route = mysqli_real_escape_string ($route ) ; // if you are using mysqli
  $route = mysql_real_escape_string ($route ) ; // if you are using mysql

 and so on .. with other variables

试试这个:

   UPDATE trails SET route = '".$route."', distance = '".$distance."', `desc` = '".$description."' WHERE route='".$route."'

obs :desc是 mysql 的保留关键字,因此请使用其他单词或反引号。

于 2012-12-20T09:00:49.453 回答
0

试试这个

mysql_query("UPDATE trails SET `route` = '".mysql_real_escape_string($route)."', `distance` = '".mysql_real_escape_string($distance)."', `desc` = '".mysql_real_escape_string($description)."' WHERE route='".mysql_real_escape_string($route)."'");
于 2012-12-20T09:01:01.013 回答