douyouming9180 2016-04-06 09:03
浏览 54
已采纳

PDO sql语句中的语法错误

I got a problem in this code in the sql statement ($result). It says that I have a Syntax error on WHERE 'idCartao'='$id'.

<?php
$db_host        = 'localhost';
$db_user        = 'root';
$db_pass        = '';
$db_database    = 'hsa'; 
$id = $_POST['idTAG'];
        try {
            $db = new PDO('mysql:host='.$db_host.';dbname='.$db_database, $db_user, $db_pass);
        } 
        catch (PDOException $e) {
            print "Error!: " . $e->getMessage() . "<br/>";
            die();
}
            $result = $db->prepare("INSERT INTO 'cartao' (horaEntrada,horaSaida) VALUES (CURTIME(),CURTIME()) WHERE 'idCartao'='$id'");
            $result->execute();
$db = null;
?>
  • 写回答

1条回答 默认 最新

  • 普通网友 2016-04-06 09:23
    关注

    1) In SQL anything quoted within '' is a string. You cannot use it as a column/table/database name. MySQL specifically offers quoting for columns/tables/databases using `` and it is generally good practice to use it as to escape MySQL reserved keywords when using such keywords as data names.

    2) INSERT ... VALUES does not work with WHERE you probably intended to use UPDATE? Not sure, not clear from the question.

    3) You should also know how to use prepared statements properly.

    Overall you'd probably need to do the following:

    $result = $db->prepare("UPDATE `cartao` SET `horaEntrada`=CURTIME(),`horaSaida`=CURTIME() WHERE `idCartao`=:id");    
$result->execute([ ":id" => $id ]);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀