<?php
session_start();
$con = mysqli_connect("localhost","root","12369","medical");
$data1 = $_SESSION["symp1"];
$data2 = $_SESSION["symp2"];
$data3 = $_SESSION["symp3"];
$data4 = $_SESSION["symp4"];
$finalData = implode(' ', array($data1, $data2, $data3, $data4));
$userinput = $_REQUEST["answer"];
$dname=$_SESSION["dname"];
$dname = str_replace(' ', '_', $dname);
echo $dname." <br>";
$sql = " UPDATE diseases SET UserInput = $finalData WHERE Name = $dname ";
if($userinput=='yes'){
if(mysqli_query($con,$sql)){
echo "Values inserted";
$_SESSION["info"] = "yes";
header('Location: http://localhost/medical/last.php');
}else{
echo mysqli_errno($con);
$_SESSION["info"] = "no";
//header('Location: http://localhost/medical/last.php');
}
}
?>
I'm getting error 1064? I already read answers to similar question, but my code doesn't work. My table schema is:
我得到错误1064 ?我已经读过类似问题的答案,但是我的代码不起作用。我的表模式是:
CREATE TABLE IF NOT EXISTS `diseases` (
`ID` int(50) NOT NULL AUTO_INCREMENT,
`Name` varchar(255) NOT NULL,
`Symptoms` varchar(255) NOT NULL,
`Medicines` varchar(255) NOT NULL,
`Description` varchar(255) NOT NULL,
`Tags` varchar(255) NOT NULL,
`UserInput` varchar(255) NOT NULL,
PRIMARY KEY (`ID`)
)
What's wrong in my code? Thanks
我的代码有什么问题?谢谢
3 个解决方案
#1
3
Change:
变化:
$sql = " UPDATE diseases SET UserInput = $finalData WHERE Name = $dname ";
to:
:
$sql = "UPDATE `diseases` SET `UserInput` = '$finalData' WHERE `Name` = '$dname'";
Add single quotes around variables that contain a string. Add backticks around columns and table to prevent mysql reserved words error
在包含字符串的变量周围添加单引号。在列和表周围添加回勾以防止mysql保留字错误
It would be even better to use mysqli_prepare do the following:
最好使用mysqli_prepare执行以下操作:
$stmt = mysqli_prepare($con, "UPDATE `diseases` SET `UserInput` = ? WHERE `Name` = ?");
mysqli_stmt_bind_param($stmt, "ss", $finalData, $dname);
mysqli_stmt_execute($stmt);
#2
1
As the error message should state, you have an error in your SQL syntax:
由于错误消息应该说明,您的SQL语法中有一个错误:
MySQL Error 1064: You have an error in your SQL syntax
MySQL错误1064:在SQL语法中有一个错误。
Surround your data by single quotes and you are good to go. Furthermore, Name is a reserved keyword in MySQL. You can still use it in your query, though, but you should consider escaping table names with backticks:
用单引号括住你的数据,你就可以开始了。此外,Name是MySQL中的保留关键字。不过,您仍然可以在查询中使用它,但您应该考虑使用带反勾号的转义表名:
$sql = " UPDATE diseases SET `UserInput` = '$finalData' WHERE `Name` = '$dname' ";
#3
0
Add single qoutes around your data:
在你的数据周围增加单独的qoutes:
$sql = " UPDATE diseases SET UserInput = '$finalData' WHERE Name = '$dname' ";
or better use prepared statements
或者更好地使用准备好的语句
#1
3
Change:
变化:
$sql = " UPDATE diseases SET UserInput = $finalData WHERE Name = $dname ";
to:
:
$sql = "UPDATE `diseases` SET `UserInput` = '$finalData' WHERE `Name` = '$dname'";
Add single quotes around variables that contain a string. Add backticks around columns and table to prevent mysql reserved words error
在包含字符串的变量周围添加单引号。在列和表周围添加回勾以防止mysql保留字错误
It would be even better to use mysqli_prepare do the following:
最好使用mysqli_prepare执行以下操作:
$stmt = mysqli_prepare($con, "UPDATE `diseases` SET `UserInput` = ? WHERE `Name` = ?");
mysqli_stmt_bind_param($stmt, "ss", $finalData, $dname);
mysqli_stmt_execute($stmt);
#2
1
As the error message should state, you have an error in your SQL syntax:
由于错误消息应该说明,您的SQL语法中有一个错误:
MySQL Error 1064: You have an error in your SQL syntax
MySQL错误1064:在SQL语法中有一个错误。
Surround your data by single quotes and you are good to go. Furthermore, Name is a reserved keyword in MySQL. You can still use it in your query, though, but you should consider escaping table names with backticks:
用单引号括住你的数据,你就可以开始了。此外,Name是MySQL中的保留关键字。不过,您仍然可以在查询中使用它,但您应该考虑使用带反勾号的转义表名:
$sql = " UPDATE diseases SET `UserInput` = '$finalData' WHERE `Name` = '$dname' ";
#3
0
Add single qoutes around your data:
在你的数据周围增加单独的qoutes:
$sql = " UPDATE diseases SET UserInput = '$finalData' WHERE Name = '$dname' ";
or better use prepared statements
或者更好地使用准备好的语句