您在某些值后面有分号，也许您应该只传递整数，即 qoh 和 qbuys.除此之外，您应该在整数值之前使用 mysql_real_escape_string() 和 (int) 以防止 SQL 注入，例如:

You have semicolons after some values maybe you should pass just the integer this are qoh and qbuys. Apart of that you should use mysql_real_escape_string() and (int) before integer values to prevent SQL injection e.g.:

$int = (int)$_GET['price'];
$string = $_GET['val'];
mysql_real_escape_string($string);

另外，如果你想传递多个值，你必须为它们使用数组:

Also if you want to pass multiple values you have to use array for them:

HTML

<input type="hidden" name="ids[]" value="1">
<input type="hidden" name="ids[]" value="2">
<input type="hidden" name="ids[]" value="3">

PHP

$ids = $_GET['ids'];
foreach($ids as $id) {
    $sql = 'UPDATE table SET field=? WHERE id='.(int)$id;
    ....
}