开发者

PHP+mySQL trouble. unexpected T_CONSTANT_ENCAPSED_STRING in /home/ [closed]

开发者 https://www.devze.com 2023-01-28 23:15 出处:网络
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time,or an extraordinarily narrow situation that is not generally applic
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 9 years ago.

I connected to the database, and pulled down an array. 开发者_开发百科Now, I'm using input forms to change the prices on these phones.

Everything works great except this:

$query2 = 'UPDATE phone_models SET buyback_price=' . $data["key"] . ' WHERE id=' . $row["id"] ';';
mysql_query($query2) or die(mysql_error());

I've tried everything. I've searched the PHP manuals, I've googled for people having the same trouble. I've changed the syntax, used many different quote setups for this. And it just will not work.

I've even tried taking out the ; in the sql line. Nothing works.

Thanks!

EDIT: I've tried this too:

mysql_query("UPDATE phone_models SET buyback_price=" . $_POST . " WHERE id=" . $phone_id . ";") or die(mysql_error());

EDIT2: I had an error in the original code. I've fixed it to this:

$query2 = 'UPDATE phone_models SET buyback_price=' . $data["key"] . ' WHERE id=' . $row["id"] . ';';
mysql_query($query2) or die(mysql_error());

And now, my error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id=1' at line 1


You missed a concatenation operator (a dot) here:

$row["id"] ';';

Fix:

$row["id"] . ';';

Next, your SQL error is because you did not add single quotes to your string values:

$query2 = 'UPDATE phone_models SET buyback_price=\'' . $data["key"] . '\' WHERE id=\'' . $row["id"] . '\';';

With that mentioned, you should escape your query variables using mysql_real_escape_string() prior to constructing your SQL query, so as to prevent SQL injection attacks.

$data["key"] = mysql_real_escape_string($data["key"]);
$data["key"] = mysql_real_escape_string($row["id"]);
$query2 = 'UPDATE phone_models SET buyback_price=\'' . $data["key"] . '\' WHERE id=\'' . $row["id"] . '\';';


Or you can use {} for array like this

echo "<input type='radio' name='rad' id='r{$row['num']}' value='{$row['num']}'/>"


. $row["id"] ';';    
. $row["id"].';';    
0

精彩评论

暂无评论...
验证码 换一张
取 消