PHP MYSQL使用JSON输入的内容构建动态UPDATE查询

Question

PHP

$postdata = json_decode(file_get_contents("php://input"));
$src = $postdata->data;
print_R( $src );

The above prints out

stdClass Object
(
    [id] => 1
    [first] => Joe
    [middle] => Cornelius
    [last] => Bloggs
)

But what I'm looking to do is build an UPDATE MySQL Query that is dynamic so that if in the event that the data input could be something like the following:

stdClass Object
    (
        [id] => 1
        [first] => Joe
        [middle] =>
        [last] => Bloggs
    )

Then the MySQL Query would miss out middle from updating. The MySQL Table rows march the id of the array.

I have tried to have a go at this but all I can think of doing is an if statement to see if there is a value but thats not looping.

I was hoping someone would think of a simpler way.

Answer 1

Something like this?

$src = (array) $src;
$sets = array();
$valid_fields = array('first','middle','last');

foreach( $valid_fields as $valid_field )
{
  if(!empty($src[ $valid_field ]))
  {
    $safe_data = some_type_of_validation( $src[ $valid_field ]); // addslashes? mysql_real_escape_string?
    $sets[] = "{$valid_field} = '{$safe_data}'";
  }
}

if(!empty($sets))
{
  $set_clause = implode(',',$sets);
  $sql = "UPDATE table SET {$set_clause} WHERE id = {$id}";
}

Notice that this does not allow you to set a value to an empty string, so if, for example, someone did want to set their middle name to '', this wouldn't work.

Answer 2

foreach ($src as $field => $value) {
            $list[] = $field.'='."'".mysql_real_escape_string($value)."'";
        }
        $fields = implode(', ', $list);

        $q = $db->query("UPDATE people SET ".$fields." WHERE id = $src[id]");