更新成员表PDO php时出现SQL错误

时间:2016-09-29 14:24:07

标签: php mysql web pdo

下午,

目前我正在编写一个允许管理员更新成员数据库的程序。

我的代码如下:

    $member_id = $formdata['update']; 
$surname = $formdata['surname'];
$other_name = $formdata['othername'];
$contactmethod = $formdata['contactmethod'];
$email = $formdata['email'];
$mobilenum = $formdata['mobilenum'];
$phonenum = $formdata['phonenum'];
$occupation = $formdata['occupation'];    
$userpass = $formdata['userpass'];
if(!isset($formdata['magazine']))
   $magazine = 0;
else
   $magazine = 1;

//Get ready to talk to the DB
$db = getDBConnection();
//Make a prepared query so that we can use data binding and avoid SQL injections. 
$insertUser = $db->prepare('INSERT into member VALUES
                          (:surname, :other_name, :contact_method,
                           :email, :mobile, :landline, :magazine, :street,
                           :suburb, :postcode, :password,
                           :occupation) WHERE member_id=$member_id');
//Bind the data from the form to the query variables.
//Doing it this way means PDO sanitises the input which prevents SQL injection.
$insertUser->bindParam(':surname', $surname, PDO::PARAM_STR);
$insertUser->bindParam(':other_name', $other_name, PDO::PARAM_STR);
$insertUser->bindParam(':contact_method', $contactmethod, PDO::PARAM_STR);
$insertUser->bindParam(':email', $email, PDO::PARAM_STR);
$insertUser->bindParam(':mobile', $mobilenum, PDO::PARAM_STR);
$insertUser->bindParam(':landline', $phonenum, PDO::PARAM_STR);
$insertUser->bindParam(':magazine', $magazine, PDO::PARAM_INT);
$insertUser->bindParam(':street', $streetaddr, PDO::PARAM_STR);
$insertUser->bindParam(':suburb', $suburbstate, PDO::PARAM_STR);
$insertUser->bindParam(':postcode', $postcode, PDO::PARAM_INT);
$insertUser->bindParam(':password', $userpass, PDO::PARAM_STR);
$insertUser->bindParam(':occupation', $occupation, PDO::PARAM_STR);

当前错误在WHERE member_id=$member_id

之内

我不知道错误是什么以及如何修复它。

任何提示?

1 个答案:

答案 0 :(得分:0)

尝试使用UPDATE。

'UPDATE member SET surname = :surname, other_name = :other_name, contact_method = :contact_method,
                           email = :email, mobile = :mobile, landline = :landline, magazine = :magazine, street = :street,
                           suburb = :suburb, postcode = :postcode, password = :password,
                           occupation = :occupation) WHERE member_id = :member_id'

此外,为member_id绑定另一个参数,否则在执行其他参数时没有多大意义

$insertUser->bindParam(':member_id', $member_id, PDO::PARAM_INT);
相关问题
最新问题