dongxiaofa6359
2014-02-06 12:08
浏览 38
已采纳

在我的php / sql脚本中出错?

While trying to create a website on which users can buy and sell stocks, I encountered the following error while trying to implement the "sell" option. Users can type in the symbol of some stock they have, and then the website ought to delete all stocks with that symbol (by means of a POST method). I use the following sql statements in sell.php (the controller):

query("DELETE FROM userstocks WHERE id = ".$_SESSION["id"]." 
                                     AND symbol = ". $_POST["symbol"] ) ;  
query("UPDATE users SET cash = cash + 200 WHERE id = " . $_SESSION["id"]) ;   
render("sellconfirmation.php", ["cash" => $cash]); 

There is sometheing wrong with the DELETE FROM query, though. I get the following error:

Fatal error: Unknown column 'fb' in 'where clause' in /home/jharvard/vhosts/pset7/includes/functions.php on line 139

I think this is strange, because when I manually type in the actual 'fb' stock (as in: AND symbol = 'symbol' ) it all works perfectly well. I want the website to delete the stock based on what the user typed in though.

Question: What's wrong with the DELETE FROM query?

图片转代码服务由CSDN问答提供 功能建议

在尝试创建用户可以买卖股票的网站时,我在尝试实施时遇到以下错误 “卖出”选项。 用户可以输入他们拥有的某些股票的符号,然后网站应该删除所有具有该符号的股票(通过POST方法)。 我在sell.php(控制器)中使用以下sql语句:

  query(“DELETE FROM userstocks WHERE id =”。$ _ SESSION [“id”]。“  n AND symbol =“。$ _POST [”symbol“]);  
query(“UPDATE users SET cash = cash + 200 WHERE id =”。$ _SESSION [“id”]);  
render(“sellconfirmation.php”,[“cash”=> $ cash]);  
   
 
 

但是,DELETE FROM查询存在一些问题。 我收到以下错误:

致命错误: / home / jharvard / vhosts / pset7 / includes / functions中'where子句'中的未知列'fb' 第139行的.php

我认为这很奇怪,因为当我手动输入实际的'fb'stock 时(如:AND符号= 'symbol')一切都运作得很好。 我希望网站根据用户输入的内容删除股票。

问题:DELETE FROM查询有什么问题?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duanpao4522 2014-02-06 12:09
    已采纳

    Add quote to symbol

    query("DELETE FROM userstocks WHERE id = " . $_SESSION["id"] . " 
                       AND symbol = '". $_POST["symbol"]."'" ) ; 
    

    EDIT:

    Also use mysqli_real_escape_string or PDO::quote to secure your string.

    打赏 评论
  • duan198299 2014-02-06 12:11

    You missed out to close the quote in the delete query. Try this

    query("DELETE FROM userstocks WHERE id = " . $_SESSION["id"] . " 
                              AND symbol = '". $_POST["symbol"]."'" ) ; 
    
    打赏 评论

相关推荐 更多相似问题