douyouming9180 2016-04-06 09:03
浏览 54
已采纳

PDO sql语句中的语法错误

I got a problem in this code in the sql statement ($result). It says that I have a Syntax error on WHERE 'idCartao'='$id'.

<?php
$db_host        = 'localhost';
$db_user        = 'root';
$db_pass        = '';
$db_database    = 'hsa'; 
$id = $_POST['idTAG'];
        try {
            $db = new PDO('mysql:host='.$db_host.';dbname='.$db_database, $db_user, $db_pass);
        } 
        catch (PDOException $e) {
            print "Error!: " . $e->getMessage() . "<br/>";
            die();
}
            $result = $db->prepare("INSERT INTO 'cartao' (horaEntrada,horaSaida) VALUES (CURTIME(),CURTIME()) WHERE 'idCartao'='$id'");
            $result->execute();
$db = null;
?>
  • 写回答

1条回答 默认 最新

  • 普通网友 2016-04-06 09:23
    关注

    1) In SQL anything quoted within '' is a string. You cannot use it as a column/table/database name. MySQL specifically offers quoting for columns/tables/databases using `` and it is generally good practice to use it as to escape MySQL reserved keywords when using such keywords as data names.

    2) INSERT ... VALUES does not work with WHERE you probably intended to use UPDATE? Not sure, not clear from the question.

    3) You should also know how to use prepared statements properly.

    Overall you'd probably need to do the following:

    $result = $db->prepare("UPDATE `cartao` SET `horaEntrada`=CURTIME(),`horaSaida`=CURTIME() WHERE `idCartao`=:id");    
$result->execute([ ":id" => $id ]);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分