我被困在我的项目的一个非常关键的部分,并希望得到一些帮助-然而,我似乎被困在PHP/SQL语法,不能得到查询工作。
HTML代码:<form name="homepage" method="POST" action="" >
<p>Page Title</p>
<input id="pagetitle" type="text" name="home_title" value="<?php select_text("SELECT fieldcontent FROM content WHERE name='home_title'", "fieldcontent") ?>"/>
<p>Paragraph</p>
<textarea id="paragraph" name="home_text"><?php select_text("SELECT fieldcontent FROM content WHERE name='home_text'", "fieldcontent") ?> </textarea>
<h1>Images</h1>
<div id="image">
<?php select_image("SELECT * FROM `image` WHERE image_cat_id = 8"); ?>
</div>
<button name="homesavebtn" id="home-save-btn" type="submit">Save Updates</button>
</form>
PHP代码- Select data
function select_text($sql, $echo) {
include 'connect.php';
$result = $conn->query($sql);
if ($result->num_rows > 0);
while ($row = $result->fetch_assoc()) {
echo $row[$echo];
$conn->close();
}
}
PHP code - update
if ($_POST) {
if (isset($_POST['homesavebtn'])){
$home_title = (isset($_POST['home_title']) ? $_POST['home_title'] : null);
$home_text = (isset($_POST['home_text']) ? $_POST['home_text'] : null);
include 'connect.php';
$sql = "INSERT INTO content(name, fieldcontent) VALUES ('home_title', '$home_title') ON DUPLICATE KEY UPDATE fieldcontent = '$home_title'";
$sql .= "INSERT INTO content(name, fieldcontent) VALUES ('home_text', '$home_text') ON DUPLICATE KEY UPDATE fieldcontent = '$home_text'";
if (mysqli_query($conn, $sql)) {
echo "";
} else {
echo "" . $sql . "<br>" .mysqli_error($conn);
}
$conn->close();
}
}
出现以下错误:
INSERT INTO content(name, fieldcontent) VALUES ('home_title', 'Mosta Cycling Club') ON DUPLICATE KEY UPDATE fieldcontent = 'Mosta Cycling Club'INSERT INTO content(name, fieldcontent) VALUES ('home_text', ") ON DUPLICATE KEY UPDATE fieldcontent = "你有一个错误在你的SQL语法;检查与MySQL服务器版本对应的手册,以便在第1行'INSERT INTO content(name, fieldcontent) VALUES ('home_text', ") ON DUPLICATE KE'附近使用正确的语法
您可以使用VALUES
来获取您在更新部分中使用的新值。此外,如果您使用prepare
和bind_param
,您将防止SQL注入:
$mysqli = new mysqli('host', 'user', 'password', 'db');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s'n", mysqli_connect_error());
exit();
}
$stmt = $mysqli->prepare("INSERT INTO content(name, fieldcontent)
VALUES ('home_title', ?), ('home_text', ?)
ON DUPLICATE KEY UPDATE fieldcontent = VALUES(fieldcontent)");
$stmt->bind_param('ss', $home_title, $home_text);
$stmt->execute();
第二个SQL语句被添加到第一个SQL语句中,创建了一个没有意义的长语句。把它们分成两个不同的表述。