PHP SQL更新查询语法

Question

我正在处理我的第一个PHP/MySQL项目，并且我已经获得了基本的登录和INSERT查询工作，但没有更新。这是我的第一次更新，它只是一个状态和邮编的行。有什么问题吗？

$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

$state=$_POST['state']; 
$zip=$_POST['zip']; 

$custnum = 0; 
$sql="UPDATE $tbl_name SET state = '$state', zip = '$zip', WHERE custnum = '$custnum'"; 
$result = mysqli_query($dbc, $sql) 
or die('Error querying database.'); 

Answer 1

我想你需要摆脱在WHERE之前的逗号。

Answer 2

$dbc = mysql_connect($host, $username, $password)or die("cannot connect"); //don't need quotes 
    mysql_select_db($db_name,$dbc)or die("cannot select DB"); //added the $dbc (connection link) as a second parameter 

    $state=mysql_real_escape_string($_POST['state']); //Should make it safe! 
    $zip=mysql_real_escape_string($_POST['zip']); //Should make it safe! 

    $custnum = 0; 
    $sql="UPDATE $tbl_name SET state = '$state', zip = '$zip' WHERE custnum = '$custnum'"; 

//removed an extra comma 

    //Notice that $tbl_name isn't defined! 
    u 
    $result = mysql_query($sql) 
    or die('Error querying database.'); //from mysqli to mysql 

Answer 3

之前 “WHERE” 条款删除最后一个逗号。另外，如果刚开始时，在为字符串使用双引号时，将括号括在变量名称周围很合适。帮助您更好地区分变量。

Pekka在他的评论中也是正确的，你在混合mysql和mysqli函数。改用mysql_query（）。

Answer 4

看起来像SQL语法错误：删除之前WHERE

Answer 5

如果（isset（$ _ POST [ '更新']））{ $ 名称= $ _ POST [ '名称']逗号; // echo $ name;死; $ surname = $ _ POST ['surname'];

$upd="update table_name SET name='$name',surname='$surname' where id=$id"; 
mysql_query($upd); 

}

Answer 6

$suitno =mysqli_real_escape_string($ecms,$_POST['suitno']);//protecting sql injection 
$defendant=mysqli_real_escape_string($ecms,$_POST['defendant']);//protecting sql injection 
$casenature=mysqli_real_escape_string($ecms,$_POST['casenature']);//protecting sql injection 

$sql="UPDATE causelist SET suitno='{$suitno}', 
casenature='{$casenature}' WHERE suitno='{$suitno}'"; 
$result = mysqli_query($ecms, $sql) 
or die('Error querying database.');