<form action="editauthor.php" method="post">
<label>Author Name:</label>
<input type="text" name="txtUser" value="<?=$name;?>" /><br /><br />
<label>Email:</label>
<input type="text" name="txtEmail" value="<?=$email;?>" /><br /><br />
<input type="hidden" name="id" value="<?=$id?>" /> <!-- use hidden to hide id for using, but not display, here id is not important -->
<input type="submit" value="Edit" name="submit" />
</form>
<?php
if(isset($_POST['submit'])) {
$con = @mysql_connect("localhost","root","");
mysql_select_db("jokes",$con);
$name = $_POST['txtUser'];
$email = $_POST['txtEmail'];
$sql = "UPDATE authors
SET name = '".$_POST['txtUser']."',
email = '".$_POST['txtEmail']."'
WHERE id = ".$_GET['id']"";
$result = @mysql_query($sql, $con) or die(mysql_error());
if($result) {
echo "New Author has been edited successfully!";
} else {
echo "Cannot update this kind of author into the database. ".mysql_error();
}
} ?>
...它產生以下錯誤:MySQL的語法錯誤
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
這個問題不在php代碼中,而是在sql代碼中。顯示'$ sql'的轉儲,因爲沒有人知道你的變量的內容。 – KingCrunch 2011-06-01 14:35:58
你聽說過SQL注入嗎? – 2011-06-01 14:36:11