錯誤：SQLSTATE [42000]當我嘗試更新表中的值時

Question

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1235'='1235' WHERE username='wafflezzz'' at line 1' in /home/wafflez3/public_html/Project SA Theme/ipn/set.php:14 Stack trace: #0 /home/wafflez3/public_html/Project SA Theme/ipn/set.php(14): PDOStatement->execute() #1 {main} thrown in /home/wafflez3/public_html/Project SA Theme/ipn/set.php on line 14

當我使用此代碼將空值更改爲值時，出現該錯誤。

<?php session_start(); require "../pdo_connect.php"; $usrname = $_SESSION["username"]; ?> 
<title>Loading...</title> 
<?php 
$checker = $conn->prepare("SELECT * FROM transactions WHERE payer_user=:username AND success='1'"); 
$checker->bindParam(":username", $usrname); 
$checker->execute(); 

while ($row = $checker->fetch(PDO::FETCH_BOTH)) { 

    $paidscript = $row["item_name"]; 
    $sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr"); 
    $sql->bindParam(":userr", $usrname); 
    $sql->bindParam(":script", $paidscript); 
    $sql->execute(); 
    echo "You can now view the script!"; 




} 

Answer 1

$sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr");

大概應該是

$sql = $conn->prepare("UPDATE us SET script=:script WHERE username=:userr");

你根本就不是意味着綁定字段名稱參數。如果你這樣做，它會給你這樣的錯誤。

爲了有一個動態的字段名，你就必須這樣做：

$paidscript = $row["item_name"]; 
$sql = $conn->prepare("UPDATE us SET {$paidscript}=:script WHERE username=:userr"); 

雖然你真不該動態進入一個領域，如果從用戶輸入值的。

Answer 2

這

$sql = $conn->prepare("UPDATE us SET {$paidscript}=:script WHERE username=:userr"); 

取而代之的是：

$sql = $conn->prepare("UPDATE us SET :script=:script WHERE username=:userr");