0

我知道 npi 列存在,所以我不确定为什么会出现此错误;我在这里阅读了其他一些主题,但没有任何东西对我有用。在我的 where 子句中,我尝试了反引号和单引号,但无济于事。任何帮助将不胜感激。谢谢你。

 <?php
    include('config.php');
    if (isset($_GET['insurance_id']) ) {
    $insurance_id = (string) $_GET['insurance_id'];
    if (isset($_POST['submitted'])) {
    foreach($_POST AS $key => $value) { $_POST[$key] = mysql_real_escape_string($value); }
    $sql = ("UPDATE `doctor_data` SET `dr_first_name` = '{$_POST['dr_first_name']}', `dr_last_name` = '{$_POST['dr_last_name']}' where npi='$npi'");

    mysql_query($sql) or die(mysql_error());
    echo (mysql_affected_rows()) ? "Edited Record.<br />" : "Nothing changed. <br />";
    echo "<a href='index.php?id=28&insurance_id=($REQUEST:insurance_id)'>Back To List</a>";
    }
    $row = mysql_fetch_array ( mysql_query("SELECT * from `doctor_data`"));
    ?>

    <form action='' method='POST'>
    <p><b>Doctor:</b><br /><input type='text' name='dr_first_name' value='<?= stripslashes($row['dr_first_name']) ?>' /> <input type='text' name='dr_last_name' value='<?= stripslashes($row['dr_last_name']) ?>' />
    <p><input class="btn btn-success" type='submit' value='Update Record' /><input type='hidden' value='1' name='submitted' />
    </form>
    <? } ?>

此外,数据在发布后保存在表单上,​​但未保存到数据库中,并且在按下发布按钮后,我收到标题中发布的错误消息。

-- phpMyAdmin SQL Dump
-- version 3.4.11.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Feb 15, 2013 at 05:50 PM
-- Server version: 5.5.23
-- PHP Version: 5.2.17

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `anag_demo`
--

-- --------------------------------------------------------

--
-- Table structure for table `doctor_data`
--

CREATE TABLE `doctor_data` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `npi` int(11) DEFAULT NULL,
  `dr_first_name` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
  `dr_last_name` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `npi` (`npi`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=17 ;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
4

1 回答 1

1

尝试这个:

$nameFirst = $_POST['dr_first_name'];
$nameLast = $_POST['dr_last_name'];

$sql = "UPDATE doctor_data SET dr_first_name = '$nameFirst', dr_last_name = '$nameLast' where npi = '$npi'";

该字符串格式错误 b/c 您有一系列单引号,其中一些表示传递给 mysql 的字符串,另一些表示关联数组引用的键。如评论中所述,您应该查看PDObindValue

--更新--

您的姓氏中可能有撇号,这会导致损坏。您应该始终清理传递给 mysql 的变量,以确保恶意用户不会尝试执行恶意命令。您使用已弃用的 mysql api,您至少应该转向mysqli或更好的 pdo,如上所述。无论如何,试试这个:

$nameFirst = mysql_real_escape_string($_POST['dr_first_name']);
$nameLast = mysql_real_escape_string($_POST['dr_last_name']);
于 2013-02-15T23:40:23.050 回答