1

每次尝试更新 MySQL 中的记录时,我都会收到此错误,我昨天在另一篇文章中测试了我的表单的较小版本

我知道在 MySQL 中更新记录的代码有效,但是当我尝试以实际需要使用的形式使用它时,我不断收到此错误:

您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 ''tickets' SET 'work_performed' = 'Test', 'item_qty1' = '1', ' 附近使用正确的语法

这是我处理更新的代码:

    <?php
// database connection //

include 'db_connect.php';

//This gets all the other information from the form

// start of form inputs //

$work_performed=$_POST['work_performed'];
$item_qty1=$_POST['item_qty1'];
$item_qty2=($_POST['item_qty2']);
$item_qty3=$_POST['item_qty3'];
$item_qty4=($_POST['item_qty4']);
$item_qty5=$_POST['item_qty5'];
$manuf_1=$_POST['manuf_1'];
$manuf_2=$_POST['manuf_2'];
$manuf_3=$_POST['manuf_3'];
$manuf_4=$_POST['manuf_4'];
$manuf_5=$_POST['manuf_5'];
$part_number1=$_POST['part_number1'];
$part_number2=$_POST['part_number2'];
$part_number3=$_POST['part_number3'];
$part_number4=$_POST['part_number4'];
$part_number5=$_POST['part_number5'];
$part_description1=$_POST['part_description1'];
$part_description2=$_POST['part_description2'];
$part_description3=$_POST['part_description3'];
$part_description4=$_POST['part_description4'];
$part_description5=$_POST['part_description5'];
$part_price1=$_POST['part_price1'];
$part_price2=$_POST['part_price2'];
$part_price3=$_POST['part_price3'];
$part_price4=$_POST['part_price4'];
$part_price5=$_POST['part_price5'];
$price_extension1=$_POST['price_extension1'];
$price_extension2=$_POST['price_extension2'];
$price_extension3=$_POST['price_extension3'];
$price_extension4=$_POST['price_extension4'];
$price_extension5=$_POST['price_extension5'];
$material_total=$_POST['material_total'];
$sales_tax=$_POST['sales_tax'];
$shipping_cost=$_POST['shipping_cost'];
$work_date1=$_POST['work_date1'];
$work_date2=$_POST['work_date2'];
$work_date3=$_POST['work_date3'];
$work_date4=$_POST['work_date4'];
$work_date5=$_POST['work_date5'];
$tech_name1=$_POST['tech_name1'];
$tech_name2=$_POST['tech_name2'];
$tech_name3=$_POST['tech_name3'];
$tech_name4=$_POST['tech_name4'];
$tech_name5=$_POST['tech_name5'];
$cost_code1=$_POST['cost_code1'];
$cost_code2=$_POST['cost_code2'];
$cost_code3=$_POST['cost_code3'];
$cost_code4=$_POST['cost_code4'];
$cost_code5=$_POST['cost_code5'];
$pay_rate1=$_POST['pay_rate1'];
$pay_rate2=$_POST['pay_rate2'];
$pay_rate3=$_POST['pay_rate3'];
$pay_rate4=$_POST['pay_rate4'];
$pay_rate5=$_POST['pay_rate5'];
$total_hours1=$_POST['total_hours1'];
$total_hours2=$_POST['total_hours2'];
$total_hours3=$_POST['total_hours3'];
$total_hours4=$_POST['total_hours4'];
$total_hours5=$_POST['total_hours5'];
$hours_subtotal1=$_POST['hours_subtotal1'];
$hours_subtotal2=$_POST['hours_subtotal2'];
$hours_subtotal3=$_POST['hours_subtotal3'];
$hours_subtotal4=$_POST['hours_subtotal4'];
$hours_subtotal5=$_POST['hours_subtotal5'];
$total_hours=$_POST['total_hours'];
$material_total=$_POST['material_total'];
$labor_cost=$_POST['labor_cost'];
$grand_total=$_POST['grand_total'];
$id=$_POST['id'];

//below section is not ready //
//$employee_number=$_POST['employee_number'];
//$date_finished=$_POST['date_finished'];
//$tech_signature=$_POST['tech_signature'];
//$customer_signature=$_POST['customer_signature'];
//$print_name=$_POST['print_name'];


//Writes the information to the database

    mysql_query("UPDATE 'tickets' SET   'work_performed' = '$work_performed',
                                        'item_qty1' = '$item_qty1',
                                        'item_qty2' = '$item_qty2',
                                        'item_qty3' = '$item_qty3',
                                        'item_qty4' = '$item_qty4',
                                        'item_qty5' = '$item_qty5',
                                        'manuf_1' = '$manuf_1', 
                                        'manuf_2' = '$manuf_2',  
                                        'manuf_3' = '$manuf_3', 
                                        'manuf_4' = '$manuf_4',
                                        'manuf_5' = '$manuf_5',
                                        'part_number1' = '$part_number1',
                                        'part_number2' = '$part_number2',
                                        'part_number3' = '$part_number3',
                                        'part_number4' = '$part_number4',
                                        'part_number5' = '$part_number5',
                                        'part_description1' = '$part_description1', 
                                        'part_description2' = '$part_description2', 
                                        'part_description3' = '$part_description3', 
                                        'part_description4' = '$part_description4',
                                        'part_description5' = '$part_description5', 
                                        'part_price1' = '$part_price1', 
                                        'part_price2' = '$part_price2', 
                                        'part_price3' = '$part_price3', 
                                        'part_price4' = '$part_price4', 
                                        'part_price5' = '$part_price5',
                                        'price_extension1' = '$price_extension1', 
                                        'price_extension2' = '$price_extension2', 
                                        'price_extension3' = '$price_extension3', 
                                        'price_extension4' = '$price_extension4', 
                                        'price_extension5' = '$price_extension5', 
                                        'material_total' = '$material_total', 
                                        'sales_tax' = '$sales_tax', 
                                        'shipping_cost' = '$shipping_cost', 
                                        'work_date1' = '$work_date1',
                                        'work_date2' = '$work_date2',   
                                        'work_date3' = '$work_date3', 
                                        'work_date4' = '$work_date4', 
                                        'work_date5' = '$work_date5', 
                                        'tech_name1' = '$tech_name1', 
                                        'tech_name2' = '$tech_name2', 
                                        'tech_name3' = '$tech_name3', 
                                        'tech_name4' = '$tech_name4', 
                                        'tech_name5' = '$tech_name5', 
                                        'cost_code1' = '$cost_code1', 
                                        'cost_code2' = '$cost_code2', 
                                        'cost_code3' = '$cost_code3', 
                                        'cost_code4' = '$cost_code4', 
                                        'cost_code5' = '$cost_code5', 
                                        'pay_rate1' = '$pay_rate1', 
                                        'pay_rate2' = '$pay_rate2', 
                                        'pay_rate3' = '$pay_rate3', 
                                        'pay_rate4' = '$pay_rate4',
                                        'pay_rate5' = '$pay_rate5', 
                                        'total_hours1' = '$total_hours1', 
                                        'total_hours2' = '$total_hours2', 
                                        'total_hours3' = '$total_hours3', 
                                        'total_hours4' = '$total_hours4', 
                                        'total_hours5' = '$total_hours5', 
                                        'hours_subtotal1' = '$hours_subtotal1', 
                                        'hours_subtotal2' = '$hours_subtotal2', 
                                        'hours_subtotal3' = '$hours_subtotal3', 
                                        'hours_subtotal4' = '$hours_subtotal4', 
                                        'hours_subtotal5' = '$hours_subtotal5', 
                                        'total_hours' = '$total_hours', 
                                        'material_total' = '$material_total', 
                                        'labor_cost' = '$labor_cost', 
                                        'grand_total' = '$grand_total'  WHERE 'id' = '$id'"); 




mysql_affected_rows();

echo mysql_error();

?>
<html>
<body>
<center>
<br><br><br>
<form name="results" method="post" action="ticket_results.php" enctype="multipart/form-data" id="ticketresult">
<input type="submit" class="submit" id="ticketresult" style="width: 165px" value="Do Something">
</form>
</center>
</body>
</html>

更新问题,

所以我尝试并删除了所有重复的值,例如 item_qty2、item_qty3、item_qty4,并将我的值最小化到这个,

mysql_query("UPDATE `tickets` SET   `work_performed` = '$work_performed',
                                        `item_qty1` = '$item_qty1',
                                        `manuf_1` = '$manuf_1', 
                                        `part_number1` = '$part_number1',
                                        `part_description1` = '$part_description1', 
                                        `part_price1` = '$part_price1', 
                                        `price_extension1` = '$price_extension1', 
                                        `material_total` = '$material_total', 
                                        `sales_tax` = '$sales_tax', 
                                        `shipping_cost` = '$shipping_cost', 
                                        `work_date1` = '$work_date1',
                                        `tech_name1` = '$tech_name1', 
                                        `cost_code1` = '$cost_code1', 
                                        `pay_rate1` = '$pay_rate1', 
                                        `total_hours1` = '$total_hours1', 
                                        `hours_subtotal1` = '$hours_subtotal1', 
                                        `total_hours` = '$total_hours', 
                                        `material_total` = '$material_total', 
                                        `labor_cost` = '$labor_cost', 
                                        `grand_total` = '$grand_total'  WHERE `id` = '$id'");

这每次都完美无缺,但是一旦我添加了 item_qty2 或 part_number2 等值,我就会收到语法错误。整个表单工作了 1 次,但要求我在每个字段中输入一个值,但我并不总是在每个字段中都需要一个值!

4

2 回答 2

4

您的查询不起作用的原因是因为您将列名和表名用单引号括起来。它们是标识符而不是字符串文字,因此不应用单引号括起来。

UPDATE tickets SET work_performed = .....

如果碰巧使用的列名和/或表名是保留关键字,则可以使用反引号而不是单引号对它们进行转义。前任,

UPDATE `tickets` SET `work_performed` = .....

在这种情况下,不需要反引号,因为它们都不是保留关键字。

其他链接:


作为旁注,SQL Injection如果变量的值(s)来自外部,则查询很容易受到攻击。请看下面的文章,了解如何预防。通过使用PreparedStatements,您可以摆脱在值周围使用单引号。

于 2013-06-01T02:47:34.340 回答
1

如果您输入的任何一个值都有撇号,它将破坏您的查询,因为您没有转义它。

此外,列名应该用反引号括起来`,而不是单引号。

于 2013-06-01T02:47:46.237 回答