我正在环顾四周,但我似乎没有找到正确的答案来解决这个问题.每当我运行这个UPDATE MySQL脚本时,它都会调用错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Email='contact@example.com', Phone='123456780', Address='16 Remote Street',' at line 1
这是我用来获取此错误的代码.
<?php
include ('cfg_prop.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$secondemail = $_POST['secondary'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$country = $_POST['country'];
$postcode = $_POST['postcode'];
$company = $_POST['company'];
$city = $_POST['city'];
$sql = "UPDATE users SET Firstname='$firstname', Lastname='$lastname', Email='$email', Secondary Email='$secondemail', Phone='$phone', Address='$address', Country='$country', Postcode='$postcode', Company='$company', City='$city' WHERE Username='$userss'";
mysql_query($sql) or die(mysql_error());
?>
如果有人能帮助我,我会非常高兴和感激,因为我似乎无法克服这一点.在此先感谢您的帮助.
首先 - $_POST由于容易SQL Injection攻击,你必须从超全局转义数据.
$email = mysql_real_escape_string($_POST['email']);
接下来你不能使用,Secondary Email因为有空格会导致错误.
您必须将colmun的名称更改为Secondary_Email.
或者只是使用
`Secondary Email`
相反(但不要这样做 - 列的名称中不应有空格).