想不通，为什么我一直得到一个MySQL错误

每次我尝试更新MySQL的一个创纪录的时间我不断收到这个错误，我昨天在另一篇文章中测试了我的形式从一个较小的版本在这里想不通，为什么我一直得到一个MySQL错误

How do I get the "ID" number from a mysql record and use it to update that record using php?

，我知道的代码更新在MySQL中记录的作品，但是当我尝试在实际的形式使用它，我需要用我不断收到此错误：

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''tickets' SET 'work_performed' = 'Test', 'item_qty1' = '1', ' at line 1

这里是我的代码处理更新：

<?php 
// database connection // 

include 'db_connect.php'; 

//This gets all the other information from the form 

// start of form inputs // 

$work_performed=$_POST['work_performed']; 
$item_qty1=$_POST['item_qty1']; 
$item_qty2=($_POST['item_qty2']); 
$item_qty3=$_POST['item_qty3']; 
$item_qty4=($_POST['item_qty4']); 
$item_qty5=$_POST['item_qty5']; 
$manuf_1=$_POST['manuf_1']; 
$manuf_2=$_POST['manuf_2']; 
$manuf_3=$_POST['manuf_3']; 
$manuf_4=$_POST['manuf_4']; 
$manuf_5=$_POST['manuf_5']; 
$part_number1=$_POST['part_number1']; 
$part_number2=$_POST['part_number2']; 
$part_number3=$_POST['part_number3']; 
$part_number4=$_POST['part_number4']; 
$part_number5=$_POST['part_number5']; 
$part_description1=$_POST['part_description1']; 
$part_description2=$_POST['part_description2']; 
$part_description3=$_POST['part_description3']; 
$part_description4=$_POST['part_description4']; 
$part_description5=$_POST['part_description5']; 
$part_price1=$_POST['part_price1']; 
$part_price2=$_POST['part_price2']; 
$part_price3=$_POST['part_price3']; 
$part_price4=$_POST['part_price4']; 
$part_price5=$_POST['part_price5']; 
$price_extension1=$_POST['price_extension1']; 
$price_extension2=$_POST['price_extension2']; 
$price_extension3=$_POST['price_extension3']; 
$price_extension4=$_POST['price_extension4']; 
$price_extension5=$_POST['price_extension5']; 
$material_total=$_POST['material_total']; 
$sales_tax=$_POST['sales_tax']; 
$shipping_cost=$_POST['shipping_cost']; 
$work_date1=$_POST['work_date1']; 
$work_date2=$_POST['work_date2']; 
$work_date3=$_POST['work_date3']; 
$work_date4=$_POST['work_date4']; 
$work_date5=$_POST['work_date5']; 
$tech_name1=$_POST['tech_name1']; 
$tech_name2=$_POST['tech_name2']; 
$tech_name3=$_POST['tech_name3']; 
$tech_name4=$_POST['tech_name4']; 
$tech_name5=$_POST['tech_name5']; 
$cost_code1=$_POST['cost_code1']; 
$cost_code2=$_POST['cost_code2']; 
$cost_code3=$_POST['cost_code3']; 
$cost_code4=$_POST['cost_code4']; 
$cost_code5=$_POST['cost_code5']; 
$pay_rate1=$_POST['pay_rate1']; 
$pay_rate2=$_POST['pay_rate2']; 
$pay_rate3=$_POST['pay_rate3']; 
$pay_rate4=$_POST['pay_rate4']; 
$pay_rate5=$_POST['pay_rate5']; 
$total_hours1=$_POST['total_hours1']; 
$total_hours2=$_POST['total_hours2']; 
$total_hours3=$_POST['total_hours3']; 
$total_hours4=$_POST['total_hours4']; 
$total_hours5=$_POST['total_hours5']; 
$hours_subtotal1=$_POST['hours_subtotal1']; 
$hours_subtotal2=$_POST['hours_subtotal2']; 
$hours_subtotal3=$_POST['hours_subtotal3']; 
$hours_subtotal4=$_POST['hours_subtotal4']; 
$hours_subtotal5=$_POST['hours_subtotal5']; 
$total_hours=$_POST['total_hours']; 
$material_total=$_POST['material_total']; 
$labor_cost=$_POST['labor_cost']; 
$grand_total=$_POST['grand_total']; 
$id=$_POST['id']; 

//below section is not ready // 
//$employee_number=$_POST['employee_number']; 
//$date_finished=$_POST['date_finished']; 
//$tech_signature=$_POST['tech_signature']; 
//$customer_signature=$_POST['customer_signature']; 
//$print_name=$_POST['print_name']; 


//Writes the information to the database 

    mysql_query("UPDATE 'tickets' SET 'work_performed' = '$work_performed', 
             'item_qty1' = '$item_qty1', 
             'item_qty2' = '$item_qty2', 
             'item_qty3' = '$item_qty3', 
             'item_qty4' = '$item_qty4', 
             'item_qty5' = '$item_qty5', 
             'manuf_1' = '$manuf_1', 
             'manuf_2' = '$manuf_2', 
             'manuf_3' = '$manuf_3', 
             'manuf_4' = '$manuf_4', 
             'manuf_5' = '$manuf_5', 
             'part_number1' = '$part_number1', 
             'part_number2' = '$part_number2', 
             'part_number3' = '$part_number3', 
             'part_number4' = '$part_number4', 
             'part_number5' = '$part_number5', 
             'part_description1' = '$part_description1', 
             'part_description2' = '$part_description2', 
             'part_description3' = '$part_description3', 
             'part_description4' = '$part_description4', 
             'part_description5' = '$part_description5', 
             'part_price1' = '$part_price1', 
             'part_price2' = '$part_price2', 
             'part_price3' = '$part_price3', 
             'part_price4' = '$part_price4', 
             'part_price5' = '$part_price5', 
             'price_extension1' = '$price_extension1', 
             'price_extension2' = '$price_extension2', 
             'price_extension3' = '$price_extension3', 
             'price_extension4' = '$price_extension4', 
             'price_extension5' = '$price_extension5', 
             'material_total' = '$material_total', 
             'sales_tax' = '$sales_tax', 
             'shipping_cost' = '$shipping_cost', 
             'work_date1' = '$work_date1', 
             'work_date2' = '$work_date2', 
             'work_date3' = '$work_date3', 
             'work_date4' = '$work_date4', 
             'work_date5' = '$work_date5', 
             'tech_name1' = '$tech_name1', 
             'tech_name2' = '$tech_name2', 
             'tech_name3' = '$tech_name3', 
             'tech_name4' = '$tech_name4', 
             'tech_name5' = '$tech_name5', 
             'cost_code1' = '$cost_code1', 
             'cost_code2' = '$cost_code2', 
             'cost_code3' = '$cost_code3', 
             'cost_code4' = '$cost_code4', 
             'cost_code5' = '$cost_code5', 
             'pay_rate1' = '$pay_rate1', 
             'pay_rate2' = '$pay_rate2', 
             'pay_rate3' = '$pay_rate3', 
             'pay_rate4' = '$pay_rate4', 
             'pay_rate5' = '$pay_rate5', 
             'total_hours1' = '$total_hours1', 
             'total_hours2' = '$total_hours2', 
             'total_hours3' = '$total_hours3', 
             'total_hours4' = '$total_hours4', 
             'total_hours5' = '$total_hours5', 
             'hours_subtotal1' = '$hours_subtotal1', 
             'hours_subtotal2' = '$hours_subtotal2', 
             'hours_subtotal3' = '$hours_subtotal3', 
             'hours_subtotal4' = '$hours_subtotal4', 
             'hours_subtotal5' = '$hours_subtotal5', 
             'total_hours' = '$total_hours', 
             'material_total' = '$material_total', 
             'labor_cost' = '$labor_cost', 
             'grand_total' = '$grand_total' WHERE 'id' = '$id'"); 




mysql_affected_rows(); 

echo mysql_error(); 

?> 
<html> 
<body> 
<center> 
<br><br><br> 
<form name="results" method="post" action="ticket_results.php" enctype="multipart/form-data" id="ticketresult"> 
<input type="submit" class="submit" id="ticketresult" style="width: 165px" value="Do Something"> 
</form> 
</center> 
</body> 
</html>

UPDATE质疑，

所以我尝试和已删除任何重复的值，如item_qty2，item_qty3，item_qty4和最小化自己的价值观到这一点，

mysql_query("UPDATE `tickets` SET `work_performed` = '$work_performed', 
             `item_qty1` = '$item_qty1', 
             `manuf_1` = '$manuf_1', 
             `part_number1` = '$part_number1', 
             `part_description1` = '$part_description1', 
             `part_price1` = '$part_price1', 
             `price_extension1` = '$price_extension1', 
             `material_total` = '$material_total', 
             `sales_tax` = '$sales_tax', 
             `shipping_cost` = '$shipping_cost', 
             `work_date1` = '$work_date1', 
             `tech_name1` = '$tech_name1', 
             `cost_code1` = '$cost_code1', 
             `pay_rate1` = '$pay_rate1', 
             `total_hours1` = '$total_hours1', 
             `hours_subtotal1` = '$hours_subtotal1', 
             `total_hours` = '$total_hours', 
             `material_total` = '$material_total', 
             `labor_cost` = '$labor_cost', 
             `grand_total` = '$grand_total' WHERE `id` = '$id'");

而每一次这样完美的作品，但只要我添加一个值，如item_qty2或part_number2等我得到的语法错误。这整个表单工作了一次，但要求我在每个字段中输入一个值，但我并不总是需要每个字段的值！

来源

2013-06-01 Jason

查询不起作用的原因是因为您正在用单引号包装列名和表名。它们是标识符而不是字符串文字，因此它们不应该用单引号包装。

UPDATE tickets SET work_performed = .....

如果碰巧所用的列名和/或表名是保留关键字，那么它们可以使用反引号而不是单引号进行转义。 ex，

UPDATE `tickets` SET `work_performed` = .....

在这种情况下，反引号是不需要的，因为它们都不是保留关键字。

其他链接：

一点题外话，查询与SQL Injection脆弱的，如果变量的值（小号）是从哪里来的外。请看下面的文章，了解如何防止它。通过使用PreparedStatements你可以摆脱使用单引号围绕值。

How to prevent SQL injection in PHP?

来源

2013-06-01 02:47:34

感谢JW的帮助，至少有人留下了话题！ – Jason

JW由于某种原因停止工作1次，因此我使用代码进行了游戏，并发布了新的实验代码，该代码似乎完美地工作，但我不得不删除我的代码的3/4。 – Jason

@Jason你更新的问题似乎与最初的问题不同。你应该为此开辟另一个。无论如何，你可以把查询放入一个变量并回显该变量吗？并在此发布，以便我们可以帮助您对其进行调试。 –

如果您输入值中的任何人都有一个撇号，它会破坏你的查询，因为你不是逃避它。

此外，列名应包含反引号`，而不是单引号。

来源

2013-06-01 02:47:46

感谢您的回复，我删除了所有的撇号和现在的形式工作正常。 – Jason

想不通，为什么我一直得到一个MySQL错误

回答

相关问题