Mistake:

You have an error in your SQL syntax; If you’re on the right line . = genre = Children's literature, about = drghdzhd, `price'at line1

edit_book.php

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <title>Редактировать книгу</title> </head> <? include('../config.php'); if (!isset($id)) { $result = mysql_query ("SELECT * FROM catalog"); $count = mysql_num_rows($result); if($count == 0){ echo "Не найдено ни одной записи"; } else { print("<form method=\"post\">"); print("<table border=\"2\" align=\"center\">"); print("<tr>"); print("<td>Name</td><td>Author</td><td>Genre</td><td>About</td><td>Price</td><td>About_all</td>"); print("<td>Delete</td>"); print("<td>Update</td>"); print("</tr>"); while ($row = mysql_fetch_assoc($result)){ print ("<tr>"); $aName1 = $row['name']; $aName2 = $row['author']; $aName3 = $row['genre']; $aName4 = $row['about']; $aName5 = $row['price']; $aName6 = $row['id']; $aName7 = $row['about_all']; print("<td>$aName1</td>"); print("<td>$aName2</td>"); print("<td>$aName3</td>"); print("<td>$aName4</td>"); print("<td>$aName5</td>"); print("<td>$aName7</td>"); print("<td>"); print("<input type=\"checkbox\" name=\"delete[]\" value=\"$aName6\">"); print("</td>"); print("<td>"); print("<input type=\"checkbox\" name=\"update[]\" value=\"$aName6\">"); print("</td>"); print("</tr>"); } print("</table>"); print("<div align=\"center\"><input type=\"submit\" name=\"Delete\" value=\"Delete\">"); print("<input type=\"submit\" name=\"Update\" value=\"Select Update\"></div>"); print("</form>"); } } class DataBase { function UpdateRecord($aName1,$aName2,$aName3,$aName4,$aName5,$aName6){ $aSQL="update catalog set `name`=$aName1,`author`=$aName2,; $aSQL.=`genre`=$aName3,`about`=$aName4,`price`=$aName5,`about_all` = $aName6 where `id`=$aName7"; $aQResult=mysql_query($aSQL); if($aQResult==TRUE){ echo "Update OK!"; } else {echo mysql_error();}//print("ERROR Update Record!<br>.mysql_error()");} } function DeleteRecord($aNomer){ $aDBLink=mysql_connect("localhost","root",""); if(!empty($aDBLink)){ if(mysql_select_db("catalog",$aDBLink)==True){ $aSQL="delete from `catalog` where `id`=".$aNomer; $aQResult=mysql_query($aSQL,$aDBLink); if($aQResult==TRUE){ } else { echo mysql_error();} }} } function SelectUpdateRecord(){ $aSQL="select * from catalog where id="; $aCOUNT=count($_POST['update']); $aNEXT=0; foreach($_POST['update'] as $val){ $aSQL.="$val"; $aNEXT++; if($aNEXT<$aCOUNT){ $aSQL.=" or id="; } } $aDBLink=mysql_connect("localhost","root",""); if(!empty($aDBLink)){ if(mysql_select_db("catalog",$aDBLink)==True){ $aQResult=mysql_query($aSQL,$aDBLink); if($aQResult==TRUE){ print("<form method=\"post\">"); print("<table border=\"2\" align=\"center\">"); print("<tr>"); print("<td>Name</td><td>Author</td><td>Genre</td><td>About</td><td>Price</td>"); print("<td>About_all</td>"); print("<td>Id</td>"); print("</tr>"); $num_rows=mysql_num_rows($aQResult); while($aRow=mysql_fetch_array($aQResult)){ $aName1=$aRow["name"]; $aName2=$aRow["author"]; $aName3=$aRow["genre"]; $aName4=$aRow["about"]; $aName5=$aRow["price"]; $aName6=$aRow["about_all"]; $aName7=$aRow["id"]; print("<tr>"); print("<td><input type=\"text\" name=\"name[]\" value=\"$aName1\"></td>"); print("<td><input type=\"text\" name=\"author[]\" value=\"$aName2\"></td>"); print("<td><input type=\"text\" name=\"genre[]\" value=\"$aName3\"></td>"); print("<td><input type=\"text\" name=\"about[]\" value=\"$aName4\"></td>"); print("<td><input type=\"text\" name=\"price[]\" value=\"$aName5\"></td>"); print("<td><input type=\"text\" name=\"about_all[]\" value=\"$aName6\"></td>"); print("<td><input type=\"hidden\" name=\"id[]\" value=\"$aName7\"></td>"); print("</tr>"); } print("</table>"); print("<div align=\"center\"><input type=\"submit\" name=\"OkUpdate\" value=\"Update Ok!\"></div>"); print("</form>"); } } } } } $data=new DataBase(); if(isset($_POST['Delete']) && $_POST['Delete']){ if($_POST['delete']){ foreach($_POST['delete'] as $val){ $data->DeleteRecord($val); } } } if(isset($_POST['Update']) && $_POST['Update']){ if($_POST['update']){ $data->SelectUpdateRecord(); } } if(isset($_POST['OkUpdate']) && $_POST['OkUpdate']){ $aS1=0; foreach($_POST['name'] as $val1){ $Name1[]=$val1; $aS1++; } foreach($_POST['author'] as $val2){ $Name2[]=$val2; } foreach($_POST['genre'] as $val3){ $Name3[]=$val3; } foreach($_POST['about'] as $val4){ $Name4[]=$val4; } foreach($_POST['price'] as $val5){ $Name5[]=$val5; } foreach($_POST['about_all'] as $val6){ $Name6[]=$val6; } foreach($_POST['id'] as $val7){ $Name7[]=$val7; } for($count=0;$count<$aS1;$count++){ $data->UpdateRecord($Name1[$count],$Name2[$count],$Name3[$count],$Name4[$count],$Name5[$ count],$Name6[$count],$Name7[$count]); } } ?> <div align="center"><a href="admin.php">Назад в админ-панель</a><br></div> <body> </body> </html>
  • 2
    Fierce gut. Is it really so hard to mark the code as a code? There is a special button for this, with zeros and ones. - Ali
  • At the same time, there is also a fierce programmer that prints out html elements by print :) - stck

3 answers 3

Screen the column names with ` , and their values ​​with single quotes.

Example:

... author = 'Author 3', genre = 'Children's literature', about = 'drghdzhdh' ...

    Do not interrogate the query string and poke variables into it directly!

    Read about mysql_real_escape_string() to full enlightenment.

      Syntax error. Where is the quote or comma missed in the request . I can’t say anything more;