堆栈内存溢出
  简体   繁体   English

用PHP更新数据库

[英]Updating a database in PHP

 原文  2014-01-14 18:19:13       php/ sql/ database/ sql-update

问题描述

I have been programming for years with various programming languages. 我已经使用多种编程语言进行编程多年。 I also have some experience with markup and scripting languages. 我也对标记和脚本语言有一些经验。 I am new to PHP though. 我是PHP新手。 I am trying to fix my dad's website for him and I'm learning a lot as I go. 我正在尝试为他修复我父亲的网站,而且我学到了很多东西。 I have fixed much of it but am currently stuck. 我已经修复了大部分问题,但目前仍无法解决。 A upgrade to the PHP host that my dad uses from 5.1 to 5.4 broke the website. 我父亲使用的PHP主机从5.1升级到5.4的升级破坏了该网站。 I noticed that one of the changes is that variables needed to be defined now. 我注意到其中一项更改是现在需要定义变量。 The database is updating to not be link to the picture any longer. 数据库正在更新,不再链接到图片。 Here is the PHP: 这是PHP: 

if ($act=="update"){
    $id = $_POST['id'];
    $email = $_POST['email'];
    $aim = $_POST['aim'];
    $icq = $_POST['icq'];
    $yahoo = $_POST['yahoo'];
    $homepage = $_POST['homepage'];
    $myip = $_POST['myip'];

    if (!$myip) 
        $myip = $ip;

    $email2 = $_POST['email2'];
    $password = $_POST['password'];
    $title = $_POST['title'];
    $download = $_POST['download'];
    $approved = $_POST['approved'];
    $allowdelete = $_POST['allowdelete'];
    $author = $_POST['author'];
    $facebook = $_POST['facebook'];

    if (isset($_POST['piclink'])) 
        $piclink = $_POST['piclink'];

    $domain = $_POST['domain'];
    $option3 = $_POST['option3'];
    $secret = $_POST['secret'];

    if (isset($piclink)){
        $picfile = "";
        $download = "0";
        $domain = parse_url_domain($piclink);
    }

    $myip = $_REQUEST['ip'];

    if (!$myip) 
        $myip = $ip;

    $email=addslashes($email);
    $aim=addslashes($aim);
    $icq=addslashes($icq);
    $yahoo=addslashes($yahoo);
    $homepage=addslashes($homepage);
    $picfile=addslashes($picfile);

    if (isset($dt))
        $dt=addslashes($dt);

    $myip=addslashes($myip);
    $email2=addslashes($email2);
    $password=addslashes($password);
    $title=addslashes($title);
    $download=addslashes($download);
    $approved=addslashes($approved);
    $allowdelete=addslashes($allowdelete);
    $author=addslashes($author);
    $facebook=addslashes($facebook);
    $piclink=addslashes($piclink);
    $domain=addslashes($domain);
    $option3=addslashes($option3);
    $secret=addslashes($secret);

    //die("IP =".$myip);

    $q="update $table set     email='$email',aim='$aim',icq='$icq',yahoo='$yahoo',homepage='$homepage',picfile='$picfile'  ,ip='$myip',email2='$email2',password='$password',title='$title',download='$download',appro    ved='$approved',allowdelete='$allowdelete',author='$author',facebook='$facebook',piclink='$    piclink',domain='$domain',option3='$option3',secret='$secret' where id='$id'";
    $result=mysql_query($q);
    //dt='$dt' was removed from update as it blanked out date

}

if ($piclink) {
    $url1 = $piclink;
} else {
    $url1 = "http://plankingaround.com/pics/";  
    $url1 .= $picfile; 
}

Everything else updates except the piclink and/or picfile columns in the database. 除数据库中的piclink和/或picfile列外,其他所有内容都会更新。

Any help would be greatly appreciated! 任何帮助将不胜感激!

2 个解决方案

解决方案1
 0  2014-01-14 18:29:39

It's not what you have asked but site you are working has a serious security issue - SQL Injection. 这不是您要的问题,但是您正在工作的站点存在严重的安全问题-SQL注入。

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

Following part of that update SQL would fail: 该更新SQL的以下部分将失败: 

appro    ved='$approved',

You can echo the error with mysql_error() , right after mysql_query($q); 您可以在mysql_query($ q);之后立即使用mysql_error()回显错误

解决方案2
 0 已采纳  2014-01-14 18:42:22

It is considered extremely bad practice to use mysql. 使用mysql被认为是极其糟糕的做法。 You should upgrade the mysql -> mysqli... this will help you prevent SQL Injection, and solve some of your problems. 您应该升级mysql-> mysqli ...这将帮助您防止SQL注入,并解决一些问题。 As mysql will soon by deprecated with newer PHP updates. 由于mysql将很快被较新的PHP更新所淘汰。

Here is an example of how to do this: 这是如何执行此操作的示例: 

 $query = "UPDATE $table 
      SET 
           email=?, 
           aim=?, 
           icq=?, 
           yahoo=?, 
           homepage=?, 
           picfile=?, 
           ip=?, 
           email2=?, 
           password=?, 
           title=?, 
           download=?, 
           approved=?, 
           allowdelete=?, 
           author=?, 
           facebook=?, 
           piclink=?, 
           domain=?, 
           option3=?, 
           secret=? 
      WHERE id=?";

if($stmt = $mysqli->prepare($query)){
    $stmt->bind_param('sssssssssssssssssssi', $email, $aim, $icq, $yahoo, $homepage, $picfile, $myip, $email2, $password, $title, $download, $approved, $allowdelete, $author, $facebook, $pic link, $domain, $option3, $secret, $id);
    $stmt->execute();
}else die("Failed to prepare stmt");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Ajax / PHP:更新数据库 - Ajax/PHP: Updating a Database 用php更新sql数据库 - Updating sql database with php PHP不更新数据库中的行 - PHP not updating rows in Database 使用 PHP 更新数据库 - Updating a database using PHP PHP更新大型数据库 - PHP updating large database PHP数据库未更新,没有错误 - PHP database not updating, no errors 通过PHP更新数据库 - Updating Database through PHP 数据库未在“ Get” PHP上更新 - Database not updating on “Get” PHP PHP更新数据库时遇到问题 - Trouble with PHP updating a database php没有更新我的数据库 - php is not updating my database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM