-2

它在第 17 行显示解析错误我已经彻底检查过但找不到错误。那么我该如何解决这个错误。它是 insert_city_query.php

<?php
    include('../../Connections/autodealers.php');
    //error_reporting(0);
    $cityname=$_POST['cityname'];
    $cityorder=$_POST['cityorder'];
    $status=$_POST['status'];
    if($status="Enabled")
    $status=1;
    else
    $status=0;

    $query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values
    (
    '" . addslashes($cityname) . "' ,
    '" . addslashes($cityorder) . "' ,
    '" . addslashes($status) . " '  
    WHERE LCASE='strtolower($_REQUEST['cityname'])')";
    echo $query;
    $result=mysql_query($query);

    if(!$result)
    {
    die ('ERROR: '.mysql_error());
    header("Location: " .$base_url. "admin/city_insert.php" );//if query fails
    }
    else
    {
    header("Location: " .$base_url. "admin/cities.php" );//if query suceeds
    }
    mysql_close($autodealers);



    ?>
4

2 回答 2

1

将您的查询更改为,

$query = "INSERT INTO ".$db_prefix."city (cityname,cityorder,status) values
('" . addslashes($cityname) . "' ,
'" . addslashes($cityorder) . "' ,
'" . addslashes($status) . " '  
WHERE LCASE='" . strtolower($_REQUEST['cityname']) . "')";

注意: 请不要mysql_*在新代码中使用函数。它们不再被维护并被正式弃用。看到红框了吗?改为了解准备好的语句,并使用PDOMySQLi -本文将帮助您决定使用哪个。如果您选择 PDO,这里有一个很好的教程

警告SQL Injection:如果变量的值 ( s ) 来自外部,则查询很容易受到攻击。请看下面的文章,了解如何预防。

于 2013-05-16T16:00:45.957 回答
0

您不用strtolower()作函数。

你应该改变这一行:

WHERE LCASE='strtolower($_REQUEST['cityname'])')";


WHERE LCASE='".strtolower($_REQUEST['cityname'])."')";
于 2013-05-16T16:02:51.930 回答