我写了一个非常简单的函数:
function editCategory() {
$ID = urlencode($_GET['id']);
$cname = mysql_fix_string($_POST['cname']);
$kabst = mysql_fix_string($_POST['kabst']);
$kselect = $_POST['kselect'];
$subsl = $_POST['subsl'];
$kradio = $_POST['kradio'];
$ksubmit = $_POST['ksubmit'];
if (isset($ksubmit)) {
$query = "UPDATE category SET name = '$cname', description = '$kabst', published = '$kselect', home = '$kradio', subcat = '$subsl' WHERE id = $ID ";
$result = mysql_query($query);
if (mysql_affected_rows () == 1) {
echo "ok";
}
else{
echo mysql_error();
}
}
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc())
$string = stripslashes(($string));
return mysql_real_escape_string($string);
}
错误:
您的SQL语法有错误; 检查与MySQL服务器版本对应的手册,以便在第1行的''附近使用正确的语法
怎么了?
$ID = intval($_GET['id']); //using urlencode here is weird
$cname = mysql_real_escape_string($_POST['cname']);
//and the same for the rest ALL.
$kradio = mysql_real_escape_string($_POST['kradio']);
也,
$ksubmit = $_POST['ksubmit'];
if (isset($ksubmit)) {
没有意义.$ ksubmit将始终设置它应该是
if (isset($_POST['ksubmit'])) {
为确保您拥有所有变量,请在脚本顶部添加以下行:
ini_set('display_errors',1);
error_reporting(E_ALL);
| 归档时间: |
|
| 查看次数: |
3173 次 |
| 最近记录: |