-1 
if($_POST['submit'])
{
    $Day1 = $_POST['day1'];
    $Day2 = $_POST['day2'];
    $Day3 = $_POST['day3'];
    $Day4 = $_POST['day4'];
    $Day5 = $_POST['day5'];
    $Day6 = $_POST['day6'];
    $Day7 = $_POST['day7'];
    $Day8 = $_POST['day8'];
    $Day9 = $_POST['day9'];
    $Day10 = $_POST['day10'];
    $Day11 = $_POST['day11'];
    $Day12 = $_POST['day12'];
    $Day13 = $_POST['day13'];
    $Day14 = $_POST['day14'];

    $query_update = ("UPDATE user_glucose SET (Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14') WHERE username='$username'");

    $result_update = mysql_query($query_update);
    echo "Data Successfully Updated !";
    echo"<p>";
    echo mysql_error();
    echo"</p>";


}

我正在尝试将表单中的值更新为名为“user_glucose”的表。但是每当我点击提交时,就会弹出这个错误:

您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以了解在 '(Day1='10',Day2='10',Day3='0',Day4='0',Day5='0',Day6 附近使用的正确语法='0',Day7='0',Day8='0',Day9=' 在第 1 行

我对 PHP 和 MySQL 编程非常陌生,我不知道问题出在哪里。请帮忙。谢谢你。

4

3 回答 3

1

删除值周围的括号SET

UPDATE user_glucose SET Day1='$Day1', ...

你的代码很容易被注入。您应该对 PDO 或 mysqli 使用正确的参数化查询。

于 2013-05-14T18:39:17.940 回答
1

您不需要在UPDATE查询中使用括号,只需更改为

    $query_update = ("UPDATE user_glucose SET Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14' WHERE username='$username'");

然后我想让你知道你有风险sql injection,看看这里如何防止 PHP 中的 SQL 注入?. 您应该使用准备好的陈述来避免任何风险

于 2013-05-14T18:40:14.033 回答
1

尝试:

$query_update = "UPDATE user_glucose SET Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14' WHERE username='$username'";
于 2013-05-14T18:40:50.743 回答