Receiving Error message when performing Update Statement, but database is being updated.
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Issue with function update()
:
function update($pUInput) {
$sql = mysql_query("UPDATE tblStudents
SET first_name = '$pUInput[1]', last_name = '$pUInput[2]',
major = '$pUInput[3]',
year = '$pUInput[4]'
WHERE id = '$pUInput[0]'");
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record update";
}
Entire PHP Code:
//Call function mainline
mainline();
// Declare the function mainline
function mainline() {
$uInput = getUserInput();
$connectDb = openConnect(); // Open Database Connection
selectDb($connectDb); // Select Database
doAction($uInput);
//display();
//closeConnect();
}
//Declare function getUserInput ------------------------------------------------------------------------------------
function getUserInput() {
echo "In the function getUserInput()" . "<br/>";
// Variables of User Input
$idnum = $_POST["idnum"]; // id (NOTE: auto increments in database)
$fname = $_POST["fname"]; // first name
$lname = $_POST["lname"]; // last name
$major = $_POST["major"]; // major
$year = $_POST["year"]; // year
$action = $_POST["action"]; // action (select, insert, update, delete)
$userInput = array($idnum, $fname, $lname, $major, $year, $action);
return $userInput;
}
// function doAction ----------------------------------------------------------------------------------------------
function doAction($pUserInput) {
echo "In function doAction()" . "<br/>";
if ($pUserInput[5] == "select") {
//IDorL开发者_如何学CastName();
selectById();
} elseif ($pUserInput[5] == "insert") {
//checkStudentFields();
insert($pUserInput);
//echo "I need to insert!";
} elseif ($pUserInput[5] == "update") {
//IDorLastName();
update($pUserInput);
//echo "I need to insert!";
} elseif ($pUserInput[5] == "delete") {
//IDorLastName();
deleteById($pUserInput);
//echo "I need to insert!";
}
}
/*
function IDorLastName() {
if (!empty($pUserInput[0]) || !empty($pUserInput[2])) {
checkId();
} else {
echo "Please enter ID field or Last Name field";
}
}
}
*/
// function checkId -----------------------------------------------------------------------------------------------
/*
function checkId() {
if (!empty($pUserInput[0])) {
selectById();
} else {
selectByLastName();
}
}*/
/*
function checkStudentFields() {
// check if first name, last name, major and year exists
}*/
// Create a database connection ------------------------------------------------------------------------------------
function openConnect() {
$connection = mysql_connect("localhost", "root_user", "password");
echo "Opened Connection!" . "<br/>";
if(!$connection) {
die("Database connection failed: " . mysql_error());
}
return $connection;
}
// Select a database to -------------------------------------------------------------------------------------------
function selectDb($pConnectDb) {
$dbSelect = mysql_select_db("School", $pConnectDb);
if(!$dbSelect) {
die("Database selection failed: " . mysql_error());
} else {
echo "You are in the School database! <br/>";
}
}
// Close database connection ------------------------------------------------------------------------------------
function closeConnect() {
mysql_close($connection);
}
// function selectById ---------------------------------------------------------------------------------------------
function selectById($pUInput) {
$sql = mysql_query("SELECT * FROM tblStudents
WHERE id='$pUInput[0]'");
if (!$row = mysql_fetch_assoc($sql))
{
die('Error: ' . mysql_error());
}
echo "selected" . "<br/>";
//echo $pUInput[0];
}
// function selectByLastName ---------------------------------------------------------------------------------------------
function selectByLastName($pUInput) {
$sql = mysql_query("SELECT * FROM tblStudents
WHERE last_name='$pUInput[2]'");
if (!$row = mysql_fetch_array($sql))
{
die('Error: ' . mysql_error());
}
echo "selected" . "<br/>";
echo $pUInput[2];
}
// function insert -------------------------------------------------------------------------------------------------
function insert($pUInput) {
$sql="INSERT INTO tblStudents (first_name, last_name, major, year)
VALUES
('$pUInput[1]','$pUInput[2]','$pUInput[3]', '$pUInput[4]')";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
}
// function update -------------------------------------------------------------------------------------------------
function update($pUInput) {
// call select();
$sql = mysql_query("UPDATE tblStudents
SET first_name = '$pUInput[1]', last_name = '$pUInput[2]',
major = '$pUInput[3]',
year = '$pUInput[4]'
WHERE id = '$pUInput[0]'");
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record update";
}
// function delete -------------------------------------------------------------------------------------------------
function deleteById($pUInput) {
// call select();
$sql="DELETE FROM tblStudents WHERE id='$pUInput[0]'";
$result=mysql_query($sql);
if($result){
echo "Deleted Successfully";
}else {
echo "Error";
}
}
/*
function display() {
}
*/
?>
SQL Syntax:
CREATE TABLE `tblStudents` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`first_name` varchar(30) NOT NULL,
`last_name` varchar(50) NOT NULL,
`major` varchar(40) NOT NULL,
`year` date NOT NULL,
PRIMARY KEY (`id`)
)
Try this:
$sql = "UPDATE tblStudents
SET first_name = '{$pUInput[1]}',
last_name = '{$pUInput[2]}',
major = '{$pUInput[3]}',
year = '{$pUInput[4]}'
WHERE id = '{$pUInput[0]}'";
if(!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record update";
And change this:
// Variables of User Input
$idnum = $_POST["idnum"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$major = $_POST["major"];
$year = $_POST["year"];
$action = $_POST["action"];
To:
// Variables of User Input
$idnum = mysql_real_escape_string($_POST["idnum"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$lname = mysql_real_escape_string($_POST["lname"]);
$major = mysql_real_escape_string($_POST["major"]);
$year = mysql_real_escape_string($_POST["year"]);
$action = mysql_real_escape_string($_POST["action"]);
You might want to read up on sql injection.
Your id-column is of a numeric value and you're comparing it to a string-value. Computer says no.
精彩评论