我设法修复了我之前的帖子中编辑表单不显示的错误。现在编辑表单显示,但是当我尝试更新(提交)时,我得到错误:
你的SQL语法有错误;查看与MySQL服务器版本对应的手册,了解在"at line 1
"附近使用的正确语法。
FF是我使用的代码片段:
if (isset($_POST['submit'])) {
$query = "UPDATE $tbl SET message = mysql_real_escape_string(".$row['message'].") WHERE id = ".$row['id']." ";
$result = mysql_query($query) or die (mysql_error());
while ($row = mysql_fetch_array($result)) {
echo "Your post has been edited to:", "<br>";
echo $row['message'];
}
mysql_free_result($result);
mysql_close();
}
请帮助。谢谢!
根据@Fred-ii和@jeroen的请求,这里是完整的代码:
<?php ob_start(); ?>
<?php error_reporting(E_ALL); ini_set('display_errors', 1); ?>
<html>
<head>
<title>BQuotes</title>
<!-- <meta name="viewport" content="width=device-width, initial-scale=1"> -->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<link href="votingfiles/voting.css" rel="stylesheet" type="text/css" />
<script src="votingfiles/voting.js" type="text/javascript"></script>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" />
<link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css">
<script src="http://code.jquery.com/jquery-1.10.0.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script>
<style>
.head_text {
color: #ffffff;
}
a {
text-decoration: none;
}
</style>
<script type="text/javascript">
$('#g-login').bind('click', function (event) {
// event.preventDefault();
// $('#form-id').attr('action', 'google-login.php').trigger('submit');
alert("Clicked");
});
</script>
</head>
<body style="color:#d4ffaa">
<!-- BQ Edit Post Start -->
<div data-role="page" id="edit-post">
<div data-role="header" style="background-color:#5FBF00">
<h1 class="head_text">BQuotes</h1>
</div>
<div data-role="main" class="ui-content">
</div>
<?php
session_start();
if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){
echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'>
<br/><input type='submit' value='Logout'/>";
echo "</form>";
echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>";
define ('HOSTNAME', 'xxxx');
define ('USERNAME', 'xxxx');
define ('PASSWORD', 'xxxx');
define ('DATABASE_NAME', 'xxxx');
$db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.');
mysql_select_db(DATABASE_NAME);
$tbl='xxxx';
$id=$_GET['pid'];
$query="SELECT * from $tbl WHERE id = ".$_GET['pid']." ";
$result = mysql_query($query) or die (mysql_error());
while ($row = mysql_fetch_array($result)){
/*$id=$row['id'];
$username=$row['username'];
$message=$row['message'];
$tag=$row['tag'];*/
echo "<form name='edit-post' action='' method='post'>";
echo "<input type='hidden' name='id' value=".$row['id'].">";
echo "<input type='hidden' name='username' value=".$row['username'].">";
echo "Status: <textarea name='message'>".$row['message']."</textarea>";
//echo "Tag: <textarea rows='1' name='tag'>".$row['tag']."</textarea>";
echo "<input type='submit' name='submit' value='Submit'>";
echo "</form>";
if (isset($_POST['submit'])) {
echo $row['id'];
$tbl = 'xxxx';
$query = "UPDATE $tbl SET message = ".mysql_real_escape_string($row['message'])." WHERE id =".$row['id']." ";
$result = mysql_query($query) or die (mysql_error());
while ($row = mysql_fetch_array($result)) {
echo "Your post has been edited to:", "<br>";
echo $row['message'];
//echo $row['tag'];
}
mysql_free_result($result);
mysql_close();
}
}
}
else if($_SESSION['myusername'] == null){
echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";
echo "<span class='loginreq'>Login to Edit</span>";
echo "<br/><input type='submit' value='Login with Google'/>";
echo "</form>";
}
/*
<?php
$id2=$_POST['id'];
$username2=$_POST['username'];
$message2=$_POST['message'];
$tag2=$_POST['tag'];
*/
?>
<a href='mybq-index.php'>Home</a>
</div>
</body>
</html>
<?php ob_flush(); ?>
mysql_real_escape_string是php函数,不是mysql函数。
$query = "UPDATE $tbl SET message = '" . mysql_real_escape_string($row['message']) . "' WHERE id = ".$row['id']." ";
但是您应该真正切换到PDO与预处理语句或 mysqli_*与预处理语句,因为mysql_*函数已被弃用。
试一次
$query = "UPDATE $tbl SET
message = '".mysql_real_escape_string($row['message'])."'
WHERE id = ".$row['id']." ";
尽管你正在使用mysql_函数,人们喜欢为此唠叨你。
试着让自己的生活更简单一点,这样做:
$msg = mysql_real_escape_string($row['message'])
$query = "UPDATE $tbl SET message = '$msg' WHERE id = {$row['id']}";
Or ever this
$query = "UPDATE $tbl SET message = '" .
mysql_real_escape_string($row['message']) .
"' WHERE id = {$row['id']}";
那么您可能已经发现您错过了称为message的文本字段周围的单引号。
我认为你必须改成这个updateststatement:
$query = "UPDATE $tbl SET message = '".mysql_real_escape_string($row['message'])."' WHERE id = ".$row['id']." ";
修复!问题是有表单发送到自己,所以我创建了一个新的操作文件(edit-post-act.php)如下:
<html>
<head>
<title>BQuotes</title>
<!-- <meta name="viewport" content="width=device-width, initial-scale=1"> -->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<link href="votingfiles/voting.css" rel="stylesheet" type="text/css" />
<script src="votingfiles/voting.js" type="text/javascript"></script>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css" />
<link rel="stylesheet" type="text/css" href="http://bquotes.me/mystyle-a.css">
<script src="http://code.jquery.com/jquery-1.10.0.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script>
<style>
.head_text {
color: #ffffff;
}
a {
text-decoration: none;
}
</style>
<script type="text/javascript">
$('#g-login').bind('click', function (event) {
// event.preventDefault();
// $('#form-id').attr('action', 'google-login.php').trigger('submit');
alert("Clicked");
});
</script>
</head>
<body style="color:#d4ffaa">
<!-- BQ Edit Post Act Start -->
<div data-role="page" id="edit-post-act">
<div data-role="header" style="background-color:#5FBF00">
<h1 class="head_text">BQuotes</h1>
</div>
<div data-role="main" class="ui-content">
</div>
<?php
session_start();
if($_SESSION['myusername'] != null && isset($_SESSION['myusername'])){
echo "<form action='logout.php' method='post' id ='form-logout' data-ajax='false'>
<br/><input type='submit' value='Logout'/>";
echo "</form>";
echo "<div style='margin-left:1px;'>Logged In As: ".$_SESSION['myusername']."</div>";
$id2=$_POST['id'];
$username2=$_POST['username'];
$message2=$_POST['message'];
$tag2=$_POST['tag'];
define ('HOSTNAME', 'xxxx');
define ('USERNAME', 'xxxx');
define ('PASSWORD', 'xxxx');
define ('DATABASE_NAME', 'xxxx');
$db = mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ('I cannot connect to MySQL.');
mysql_select_db(DATABASE_NAME);
$tbl = 'xxxx';
$query = "UPDATE $tbl SET message = '$message2' WHERE id = '$id2' ";
$result = mysql_query($query) or die (mysql_error());
echo "Your post has been edited to:", "<br>";
echo $message2;
mysql_free_result($result);
mysql_close();
}
else if($_SESSION['myusername'] == null){
echo "<form action='google-login.php?login=true' method='post' id ='form-id' data-ajax='false'>";
echo "<span class='loginreq'>Login to Edit</span>";
echo "<br/><input type='submit' value='Login with Google'/>";
echo "</form>";
}
?>
<a href='mybq-index.php'>Home</a>
</div>
</body>
</html>
谢谢大家!转发:@Fred-ii, @jeroen