您没有在任何字符串文字周围加上引号。
UPDATE `users` SET
`about_me`=about_me,
`profile_pic`=,
`econ_views`=test econ,
`religious_views`=test rel,
`abortion_view`=test abortion,
`gay_marriage`=test gay marraige,
`other`=test other,
`political_party`=democrat
WHERE `username`=emoore24应该:
UPDATE `users` SET
`about_me`='about_me',
`profile_pic`=NULL,
`econ_views`='test econ',
`religious_views`='test rel',
`abortion_view`='test abortion',
`gay_marriage`='test gay marraige',
`other`='test other',
`political_party`='democrat'
WHERE `username`='emoore24'如果您将PDO与准备好的语句一起使用,那么它将更简单,更安全,您不必担心引用或转义文字。例如,以下是我编写该代码的方法:
$info = array(
'about_me' => NULL,
'profile_pic' => NULL,
'political_party' => NULL,
'econ_views' => NULL,
'religious_views' => NULL,
'abortion_view' => NULL,
'gay_marriage' => NULL,
'other' => NULL
);
$query = "UPDATE `users` SET
`about_me`=:about_me,
`profile_pic`=:profile_pic,
`econ_views`=:econ_views,
`religious_views`=:religious_views,
`abortion_view`=:abortion_view,
`gay_marriage`=:gay_marriage,
`other`=:other,
`political_party`=:political_party
WHERE `username`=:username";
if (($stmt = $pdo->prepare($query)) == FALSE) {
$err = $pdo->errorInfo(); die($err[2]);
}
$values = array_intersect_key($_POST, $info);
$values['username'] = 'emoore24';
if ($stmt->execute( $values ) == FALSE) {
$err = $stmt->errorInfo(); die($err[2]);
}