我使用此代码在Web应用上输入更新用户权限:
$updaters = array();
for ($i = 1; $i <= 24; $i++){
if (isset($_POST['permsA['.$i.']']))
$updaters[] = '`'.$i.'` = \''.mysqli_real_escape_string($db, $_POST['permsA['.$i.']']).'\'';
}
$insert = mysqli_query($db,'UPDATE `tbl_perms` SET '.implode(',', $updaters). 'WHERE `userid` = '.$id)or die(mysqli_error($db));
我从SQL中得到的错误是:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE `userid` = 1' at line 1
我似乎无法重写代码以消除错误:(
这是生成permsa的代码
while($i = mysqli_fetch_array($get_perms)){
$pname = $i[pname];
$id = $i[id];
?>
} ?>
下面是产生错误的确切查询:
$insert = mysqli_query($db,'UPDATE `tbl_perms` '.$updaters.' WHERE `userid` = '.$id) or die(mysqli_error($db));
以下是此SQL生成的内容:
UPDATE `tbl_perms` SET WHERE `userid` = 1
这是post后变量的一个变量转储
var_dump($_POST['permsA'])
:
array(22) { [1]=> string(1) "1" [2]=> string(1) "1" [3]=> string(1) "1" [4]=> string(1) "1" [5]=> string(1) "1" [6]=> string(1) "1" [8]=> string(1) "1" [9]=> string(1) "1" [10]=> string(1) "1" [11]=> string(1) "1" [12]=> string(1) "1" [13]=> string(1) "1" [14]=> string(1) "1" [15]=> string(1) "1" [16]=> string(1) "1" [17]=> string(1) "1" [18]=> string(1) "1" [19]=> string(1) "1" [20]=> string(1) "1" [21]=> string(1) "1" [22]=> string(1) "1" [23]=> string(1) "1" }