I connected to the database, and pulled down an array. 开发者_开发百科Now, I'm using input forms to change the prices on these phones.
Everything works great except this:
$query2 = 'UPDATE phone_models SET buyback_price=' . $data["key"] . ' WHERE id=' . $row["id"] ';';
mysql_query($query2) or die(mysql_error());
I've tried everything. I've searched the PHP manuals, I've googled for people having the same trouble. I've changed the syntax, used many different quote setups for this. And it just will not work.
I've even tried taking out the ; in the sql line. Nothing works.
Thanks!
EDIT: I've tried this too:
mysql_query("UPDATE phone_models SET buyback_price=" . $_POST . " WHERE id=" . $phone_id . ";") or die(mysql_error());
EDIT2: I had an error in the original code. I've fixed it to this:
$query2 = 'UPDATE phone_models SET buyback_price=' . $data["key"] . ' WHERE id=' . $row["id"] . ';';
mysql_query($query2) or die(mysql_error());
And now, my error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id=1' at line 1
You missed a concatenation operator (a dot) here:
$row["id"] ';';
Fix:
$row["id"] . ';';
Next, your SQL error is because you did not add single quotes to your string values:
$query2 = 'UPDATE phone_models SET buyback_price=\'' . $data["key"] . '\' WHERE id=\'' . $row["id"] . '\';';
With that mentioned, you should escape your query variables using mysql_real_escape_string()
prior to constructing your SQL query, so as to prevent SQL injection attacks.
$data["key"] = mysql_real_escape_string($data["key"]);
$data["key"] = mysql_real_escape_string($row["id"]);
$query2 = 'UPDATE phone_models SET buyback_price=\'' . $data["key"] . '\' WHERE id=\'' . $row["id"] . '\';';
Or you can use {} for array like this
echo "<input type='radio' name='rad' id='r{$row['num']}' value='{$row['num']}'/>"
. $row["id"] ';';
. $row["id"].';';
精彩评论