<?php
session_start();
$con = mysqli_connect("localhost","root","12369","medical");
$data1 = $_SESSION["symp1"];
$data2 = $_SESSION["symp2"];
$data3 = $_SESSION["symp3"];
$data4 = $_SESSION["symp4"];
$finalData = implode(' ', array($data1, $data2, $data3, $data4));
$userinput = $_REQUEST["answerswer"];
$dname=$_SESSION["dname"];
$dname = str_replace(' ', '_', $dname);
echo $dname." <br>";
$sql = " UPDATE diseases SET UserInput = $finalData WHERE Name = $dname ";
if($userinput=='yes'){
if(mysqli_query($con,$sql)){
echo "Values inserted";
$_SESSION["info"] = "yes";
header('Location: http://localhost/medical/last.php');
}else{
echo mysqli_errno($con);
$_SESSION["info"] = "no";
//header('Location: http://localhost/medical/last.php');
}
}
?>
我得到错误1064?我已经阅读了类似问题的答案,但我的代码不起作用。我的表模式是:
CREATE TABLE IF NOT EXISTS `diseases` (
`ID` int(50) NOT NULL AUTO_INCREMENT,
`Name` varchar(255) NOT NULL,
`Symptoms` varchar(255) NOT NULL,
`Medicines` varchar(255) NOT NULL,
`Description` varchar(255) NOT NULL,
`Tags` varchar(255) NOT NULL,
`UserInput` varchar(255) NOT NULL,
PRIMARY KEY (`ID`)
)
我的代码有什么问题?由于
变化:
$sql = " UPDATE diseases SET UserInput = $finalData WHERE Name = $dname ";
:
$sql = "UPDATE `diseases` SET `UserInput` = '$finalData' WHERE `Name` = '$dname'";
在包含字符串的变量周围添加单引号。在列和表周围添加反引号以防止mysql保留字错误
使用mysqli_prepare做以下事情会更好:
$stmt = mysqli_prepare($con, "UPDATE `diseases` SET `UserInput` = ? WHERE `Name` = ?");
mysqli_stmt_bind_param($stmt, "ss", $finalData, $dname);
mysqli_stmt_execute($stmt);
正如错误消息所述,您的SQL语法中有错误:
MySQL Error 1064: You have a Error in your SQL syntax
用单引号括住你的数据,你就可以开始了。此外,Name在MySQL中是一个保留关键字。您仍然可以在查询中使用它,但是您应该考虑用反号转义表名:
$sql = " UPDATE diseases SET `UserInput` = '$finalData' WHERE `Name` = '$dname' ";
在数据周围添加单引号:
$sql = " UPDATE diseases SET UserInput = '$finalData' WHERE Name = '$dname' ";
或者最好使用预处理语句