[英]Mysqli update query doesn't work
So I'm trying to build a kind of update email function, and the part that should put it into the db looks like this 因此,我正在尝试构建一种更新电子邮件功能,应将其放入数据库的部分如下所示
<?php $emailfrom = $_POST['emailfrom'];
$emailto = $_POST['emailto'];
$query = sprintf('UPDATE `users` SET `email`="%s" WHERE `email`="%s"`',
mysqli_real_escape_string($db, $emailfrom),
mysqli_real_escape_string($db, $emailto));
mysqli_query($db, $query);
The problem is that the row don't update... And I need help in knowing why, as I'm not so well experienced with mysql, used other dbs mainly earlier 问题是该行不会更新...而且我需要帮助来知道为什么,因为我对mysql不太熟悉,所以为什么以前主要使用其他数据库
You've got syntax error in your query. 您的查询中有语法错误。
\/
$query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`',
mysqli_real_escape_string($db, $emailfrom),
mysqli_real_escape_string($db, $emailto));
mysqli_query($db, $query);
Also, you probably want to change emails from emailFrom to emailTo, now you are doing it the other way around. 另外,您可能希望将电子邮件从emailFrom更改为emailTo,现在您正以另一种方式进行操作。 After edit:
编辑后:
$query = sprintf('UPDATE `users` SET `email`= "%s" WHERE `email`= "%s"`',
mysqli_real_escape_string($db, $emailto),
mysqli_real_escape_string($db, $emailfrom));
mysqli_query($db, $query);
The accepted answer will work, but a prepared statement would be much safer 可接受的答案会起作用,但是准备好的声明会更安全
$query="UPDATE `users` SET `email`= ? WHERE `email`= ?";
$stmt = $db->prepare($query);
$stmt->bind_param('ss',$_POST['emailfrom'],$_POST['emailto']);
$stmt->execute();
$stmt->close();
With a prepared statement you don't have to worry about escaping your variables to prevent SQL injection. 使用准备好的语句,您不必担心转义变量以防止SQL注入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.