-4
我收到此错误: 您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,以便在第1行'WHERE user_id = 1'附近使用正确的语法。使用PHP的MySQL更新:您的SQL语法中有错误
我已尝试过所有“或”,甚至是“。 “。和“'。'”。
我找不到任何问题。请帮忙!
它应该更新MySQL数据库,但它只输出该错误。
<?
ob_start();
$mid = $_GET['id'];
include 'connect.php';
if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 2)
{
header('Location: index.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Group 5 Waggle</title>
<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="font-awesome/css/font-awesome.min.css" />
<link rel="stylesheet" type="text/css" href="css/local.css" />
<script type="text/javascript" src="js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<div id="wrapper">
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.php">Waggle</a>
</div>
<div class="collapse navbar-collapse navbar-ex1-collapse">
<ul class="nav navbar-nav side-nav">
<? if($_SESSION['signed_in'] == true && $_SESSION['user_level'] == 2) { ?>
<li> </li>
<li><a href="add.php"><i class="fa fa-table"></i> Add User</a></li>
<li><a href="create.php"><i class="fa fa-tasks"></i> Cream Forums</a></li>
<? } ?>
</ul>
<?
if($_SESSION['signed_in'])
{ ?>
<ul class="nav navbar-nav navbar-right navbar-user">
<li class="dropdown user-dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> <?=htmlentities($_SESSION['user_name']); ?> <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="#"><i class="fa fa-user"></i> Profile</a></li>
<li><a href="#"><i class="fa fa-gear"></i> Edit Profile</a></li>
<li class="divider"></li>
<li><a href="logout.php"><i class="fa fa-power-off"></i> Logout</a></li>
</ul>
</li>
</ul>
<? } ?>
</div>
</nav>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h1>Update <small>User</small></h1>
</div>
</div>
<p> </p>
<div class="row">
<? if($_SERVER['REQUEST_METHOD'] != 'POST') {
$result1 = mysql_query("SELECT * FROM users WHERE user_id = '$mid'");
$row = mysql_fetch_array($result1);
?>
<form method="post" action="">
<div class="col-lg-12">
<div>
<label for="firstname" class="col-md-2">
Full Name:
</label>
<div class="col-md-9">
<input type="text" name="user_name" class="form-control" id="firstname" value="<?=$row[user_name];?>">
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="emailaddress" class="col-md-2">
Email address:
</label>
<div class="col-md-9">
<input type="text" name="user_email" class="form-control" id="emailaddress" value="<?=$row[user_email];?>">
<p class="help-block">
Example: [email protected]
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="password" class="col-md-2">
Password:
</label>
<div class="col-md-9">
<input type="password" name="user_pass" class="form-control" id="password" placeholder="Enter Password">
<p class="help-block">
Min: 6 characters (Alphanumeric only)
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="password" class="col-md-2">
Password (again):
</label>
<div class="col-md-9">
<input type="password" name="user_pass_check" class="form-control" id="password" placeholder="Enter Password">
<p class="help-block">
Min: 6 characters (Alphanumeric only)
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="website" class="col-md-2">
Website:
</label>
<div class="col-md-9">
<input type="text" name="user_web" class="form-control" id="website" value="<?=$row[user_web];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="twitter" class="col-md-2">
Twitter:
</label>
<div class="col-md-9">
<input type="text" name="user_twitter" class="form-control" id="twitter" value="<?=$row[user_twitter];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="facebook" class="col-md-2">
Facebook:
</label>
<div class="col-md-9">
<input type="text" name="user_facebook" class="form-control" id="facebook" value="<?=$row[user_facebook];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="github" class="col-md-2">
Github:
</label>
<div class="col-md-9">
<input type="text" name="user_github" class="form-control" id="github" value="<?=$row[user_github];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="uploadimage" class="col-md-2">
Profile Image:
</label>
<div class="col-md-10">
<input type="file" name="uploadimage" id="uploadimage">
<p class="help-block">
Allowed Formats: jpeg, jpg, gif, png
</p>
</div>
</div>
<div>
<div class="col-md-2">
</div>
<div class="col-md-10">
<br />
<br />
<button type="submit" class="btn btn-info">
Save Profile
</button>
</div>
</div>
</div>
</form>
<? }
else {
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] != $_POST['user_pass_check'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{ ?>
<div class="col-lg-4">
<div class="alert alert-dismissable alert-danger">
<button type="button" class="close" data-dismiss="alert">×</button>
<ul>
<?
foreach($errors as $key => $value) {
echo '<li>' . $value . '</li>';
}
?>
</ul>
</div>
</div>
<br />
<form method="post" action="">
<div class="col-lg-12">
<div>
<label for="firstname" class="col-md-2">
Full Name:
</label>
<div class="col-md-9">
<input type="text" name="user_name" class="form-control" id="firstname" value="<?=$_POST['user_name'];?>">
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="emailaddress" class="col-md-2">
Email address:
</label>
<div class="col-md-9">
<input type="text" name="user_email" class="form-control" id="emailaddress" value="<?=$_POST['user_email'];?>">
<p class="help-block">
Example: [email protected]
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="password" class="col-md-2">
Password:
</label>
<div class="col-md-9">
<input type="password" name="user_pass" class="form-control" id="password" placeholder="Enter Password">
<p class="help-block">
Min: 6 characters (Alphanumeric only)
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="password" class="col-md-2">
Password (again):
</label>
<div class="col-md-9">
<input type="password" name="user_pass_check" class="form-control" id="password" placeholder="Enter Password">
<p class="help-block">
Min: 6 characters (Alphanumeric only)
</p>
</div>
<div class="col-md-1">
<i class="fa fa-lock fa-2x"></i>
</div>
</div>
<div>
<label for="website" class="col-md-2">
Website:
</label>
<div class="col-md-9">
<input type="text" name="user_web" class="form-control" id="website" value="<?=$_POST['user_web'];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="twitter" class="col-md-2">
Twitter:
</label>
<div class="col-md-9">
<input type="text" name="user_twitter" class="form-control" id="twitter" value="<?=$_POST['user_twitter'];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="facebook" class="col-md-2">
Facebook:
</label>
<div class="col-md-9">
<input type="text" name="user_facebook" class="form-control" id="facebook" value="<?=$_POST['user_facebook'];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="github" class="col-md-2">
Github:
</label>
<div class="col-md-9">
<input type="text" name="user_github" class="form-control" id="github" value="<?=$_POST['user_github'];?>">
</div>
<div class="col-md-1">
</div>
</div>
<div>
<label for="uploadimage" class="col-md-2">
Profile Image:
</label>
<div class="col-md-10">
<input type="file" name="uploadimage" id="uploadimage">
<p class="help-block">
Allowed Formats: jpeg, jpg, gif, png
</p>
</div>
</div>
<div>
<div class="col-md-2">
</div>
<div class="col-md-10">
<br />
<br />
<button type="submit" class="btn btn-info">
Save Profile
</button>
</div>
</div>
</div>
</form>
<? }
else
{
$new_name = mysql_real_escape_string($_POST['user_name']);
$new_pass = sha1($_POST['user_pass']);
$new_email = mysql_real_escape_string($_POST['user_email']);
$new_web = mysql_real_escape_string($_POST['user_web']);
$new_twitter = mysql_real_escape_string($_POST['user_twitter']);
$new_facebook = mysql_real_escape_string($_POST['user_facebook']);
$new_github = mysql_real_escape_string($_POST['user_github']);
//the form has been posted without, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "UPDATE `users` SET `user_name` = '$new_name', `user_pass` = '$new_pass', `user_email` = '$new_email', `user_web` = '$new_web', `user_twitter` = '$new_twitter', `user_facebook` = '$new_facebook', `user_github` = '$new_github', `user_level` = '0', WHERE user_id = $mid";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo $mid;
echo '<div class="well well-lg">Something went wrong while registering. Please try again later.</div>';
echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
header('Location: index.php');
}
}
}
?>
</div>
</div>
</div>
</body>
</html>
删除'WHERE'子句前的逗号 –
安全警告:SQL注入和XSS可能 – MrTux
是的,它只是一个小型的学校项目。 @MrTux –