MYSQL语法错误1064

我只是无法弄清楚，为什么我从这个查询MYSQL语法错误1064

//prep the data for database use 
$manufacturer_id = $_GET['id']; 
$manufacturer_display_name = mysql_prep($_POST['manufacturer_display_name']); 
$manufacturer_name = mysql_prep($_POST['manufacturer_name']); 


$query = "UPDATE IT_manufacturer SET 
     manufacturer_name = '{$manufacturer_name}', 
     manufacturer_display_name = '{$manufacturer_display_name}', 
     WHERE manufacturer_id = {$manufacturer_id} 
     "; 

$result = mysql_query($query, $connection); 
confirm_query ($result);

收到错误1064如果我赞同变量$ MANUFACTURER_NAME，$ manufacturer_display_name，$ MANUFACTURER_ID他们都有价值，但我得到这个错误

无法执行查询您的SQL语法中有错误;检查对应于你的MySQL服务器版本正确的语法使用手动附近“WHERE MANUFACTURER_ID = 1”第4行的错误编号1064

任何帮助

来源

2010-01-04 Gatura

的示例是不安全（尝试 “/ ID = 2或1 = 1？”）。 http://stackoverflow.com/questions/tagged/sql-injection – serbaut 2010-01-04 20:59:02

删除逗号之前在哪里，应该是

$query = "UPDATE IT_manufacturer SET manufacturer_name = '{$manufacturer_name}', 
       manufacturer_display_name = '{$manufacturer_display_name}' 
       WHERE manufacturer_id = {$manufacturer_id} ";

逗号只是分开设置不同的变量，而不是来自哪里的集合。

来源

2010-01-04 20:16:50

很好用谢谢 – Gatura 2010-01-04 20:22:14

在其中前取出逗号：

'{$manufacturer_display_name}', WHERE manufacturer_id 
          ^^^

来源

2010-01-04 20:17:35 Andomar

MYSQL语法错误1064

回答

相关问题