我只是无法弄清楚,为什么我从这个查询MYSQL语法错误1064
//prep the data for database use
$manufacturer_id = $_GET['id'];
$manufacturer_display_name = mysql_prep($_POST['manufacturer_display_name']);
$manufacturer_name = mysql_prep($_POST['manufacturer_name']);
$query = "UPDATE IT_manufacturer SET
manufacturer_name = '{$manufacturer_name}',
manufacturer_display_name = '{$manufacturer_display_name}',
WHERE manufacturer_id = {$manufacturer_id}
";
$result = mysql_query($query, $connection);
confirm_query ($result);
收到错误1064如果我赞同变量$ MANUFACTURER_NAME,$ manufacturer_display_name,$ MANUFACTURER_ID他们都有价值,但我得到这个错误
无法执行查询您的SQL语法中有错误;检查对应于你的MySQL服务器版本正确的语法使用手动附近“WHERE MANUFACTURER_ID = 1”第4行的错误编号1064
任何帮助
的示例是不安全(尝试 “/ ID = 2或1 = 1?”)。 http://stackoverflow.com/questions/tagged/sql-injection – serbaut 2010-01-04 20:59:02