尝试更新我的一个数据库表时,我不断收到以下错误消息:
idrr = 167
age_notes = 'Enumerate, Louisvilleluminary, Nacho Friend, Bulls and Bears, Bricklayer, Activity Report, Interactif, Soundman).\r\n
\r\nBashford Manor S (gr-III, 6f, defeating Flatter Than Me, Brassy Boy, Grand Slam Andre, Soundman, Westrock Gold, Vito Filitto, Even Wilder).\r\n
\r\nA maiden special weight race at Churchill Downs (5f, by 2 3/4, defeating Thiskyhasnolimit, Red Rally, Dublin, Criminal Offense, Congar, Horst, Prospective Union, Victorystart, Harley\'s Heat).'
警告:sprintf()[function.sprintf]:第305行/data/19/1/60/63/1875552/user/2038041/htdocs/vinery/Admin/upload_stallion.php中的参数太少 查询为空
警告正上方是sprintf()中使用的两个变量的回声。
以下是我的php文件中的部分:
$idrr = GetSQLValueString($_POST['id1'], "int");
$associated_horse = GetSQLValueString($_POST['associated_horse1'], "int");
$year = GetSQLValueString($_POST['year1'], "text");
$age = GetSQLValueString($_POST['age1'], "int");
$starts = GetSQLValueString($_POST['starts1'], "int");
$first = GetSQLValueString($_POST['first1'], "int");
$first_sw = GetSQLValueString($_POST['first_sw1'], "int");
$second = GetSQLValueString($_POST['second1'], "int");
$second_sp = GetSQLValueString($_POST['second_sp1'], "int");
$third = GetSQLValueString($_POST['third1'], "int");
$third_sp = GetSQLValueString($_POST['third_sp1'], "int");
$age_notes = GetSQLValueString($_POST['age_notes1'], "text");
$age_text = GetSQLValueString($_POST['age_text1'], "text");
$earned = GetSQLValueString($_POST['earned1'], "text");
echo ("idrr = " . $idrr . "<br/>");
echo ("age_notes = " . $age_notes);
$insertSQL = sprintf("UPDATE race_records SET age_notes = $age_notes WHERE rr_id = %s", GetSQLValueString($idrr, "int"));
mysql_select_db($database_XXXXXX, XXXXXX);
$Result = mysql_query($insertSQL, $HDAdave) or die(mysql_error())
我无法弄清楚为什么这个特殊的更新不会起作用。 谁能看到我做错了什么?
答案 0 :(得分:1)
您可能希望在$age_notes和%s附近添加反引号或单引号
$insertSQL = sprintf("UPDATE race_records SET age_notes = '$age_notes' WHERE rr_id = '%s'", GetSQLValueString($idrr, "int"));
答案 1 :(得分:0)
经验法则不是将sprintf与$ var替换字符串混合使用。所以你应该使用
$insertSQL = sprintf("UPDATE race_records SET age_notes = '%s' WHERE rr_id = '%s'", mysql_real_escape_string($age_notes), mysql_real_escape_string(GetSQLValueString($idrr, "int")) );
或
$insertSQL = "UPDATE race_records SET age_notes = '" . mysql_real_escape_string($age_notes) . "' WHERE rr_id = '" . mysql_real_escape_string(GetSQLValueString($idrr, "int")) . "'";
您收到此错误消息可能是因为$age_notes包含%符号并且正在弄乱sprintf。
@ cenanozen关于使用引号的建议也很好(虽然它没有回答你的特定问题)。
请记住使用mysql_real_escape_string()或其他内容引用SQL中的所有字符串!