[英]PDO MySQL php foreach loop
I UPDATE a single mysql record using a foreach loop which obtains the name and value of $_POST variable and UPDATES the record column at the time, the names of the $_POST variables are the same as the mysql column names 我使用foreach循环更新单个mysql记录,该循环获取$ _POST变量的名称和值,并同时更新记录列,$ _ POST变量的名称与mysql列名称相同
Here is the code 这是代码
foreach ($_POST as $key => $value) {
$value = mysqli_real_escape_string($con, $value );
$value = strip_tags($value);
$sql="UPDATE properties SET $key = '$value' WHERE propertyID='$propertyID'";
$query = mysqli_query($con, $sql);
if (mysqli_errno($con)){$error=1;}
}//end foreach loop
unset($value);
unset($key);
This works fine 这很好
However I'm trying to convert the loop to use PDO. 但是我正在尝试将循环转换为使用PDO。 I have tried looking at previous posts on this subject but am still unable to make it work 我曾尝试查看有关此主题的先前帖子,但仍无法使其正常工作
Here is the code I have tried: 这是我尝试过的代码:
foreach ($_POST as $key => $value) {
$value = mysqli_real_escape_string($con, $value );
$value = strip_tags($value);
$sql="UPDATE vendors SET $key = '$value' WHERE vendorID='$vendorID'";
$stmt = $pdo->prepare($sql);
$stmt->bindValue($key, $value); //have also tried bindParam!!
$stmt->execute();
}//end foreach loop
unset($value);
unset($key);
This runs but doesn't update any of the columns, can anybody help please? 这会运行,但不会更新任何列,有人可以帮忙吗?
Thanx 谢谢
Bob 鲍勃
You are not binding value properly, Do it like this: 您没有正确绑定值,请执行以下操作:
$sql="UPDATE vendors SET $key = :value WHERE vendorID='$vendorID'";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':value', $value); //have also tried bindParam!!
That's how I'll do it : 这就是我要做的:
foreach ($_POST as $key => $value) {
$query = 'UPDATE vendors SET ' . $key .' = :key WHERE vendorID=:vendorID';
$statement = $pdo->prepare($query);
$statement->execute(['key' => $key, 'vendorID' => $vendorID]);
}
But that's not optimized, you're updating column one by one.. 但这并没有优化,您正在逐一更新列。
check out this thread, It explains how to implode $key and $value from an array, use this and put it in your SET statement. 看看这个线程,它说明了如何从数组中插入$ key和$ value,并使用它并将其放入您的SET语句中。
How to implode array with key and value without foreach in PHP 如何在PHP中不带foreach的情况下使用键和值对数组进行内爆
How about this as a better idea, you process the $_POST bit dangerous that and build a single query that updates all the provided columns in one query. 作为一个更好的主意,您如何处理$ _POST 有点危险的问题,并构建一个查询来更新一个查询中所有提供的列。 It could reduce the load on your database server 1000 fold. 它可以将数据库服务器上的负载减少1000倍。
$columns = '';
foreach ( $_POST as $field_name=> $value ) {
$columns .= "$field_name = ?,";
}
$columns = rtrim($columns, ','); // loose the trailing comma
$sql="UPDATE vendors SET $columns WHERE vendorID=?";
$stmt = $stmt = $pdo->prepare($sql);
if ( ! $stmt ) {
print_r( $pdo->errorInfo() );
exit;
}
// add the parameter using the bindValue
$col = 1;
foreach ( $_POST as $idx => $value ) {
$stmt->bindValue($col, $value);
$col++;
}
$stmt->bindValue($col, $vendorID); // finally bind the vendorID
$res = $stmt->execute();
if ( ! $res ) {
print_r( $stmt->errorInfo() );
exit;
}
I would love to know if this actually works as I have not tested it. 我很想知道这是否真的有效,因为我尚未对其进行测试。 If it does you will probably be able to hear your database server audibly breath a sign of relief. 如果是这样,您将可能能够听到您的数据库服务器发出可口的喘息声。
Problem is that you are binding value but you don't send any parameter query just remove that line: 问题是您要绑定值,但不发送任何参数查询,只需删除该行即可:
$stmt->bindValue($key, $value);
And then the code will be: 然后代码将是:
foreach ($_POST as $key => $value) {
$value = mysqli_real_escape_string($con, $value );
$value = strip_tags($value);
$sql="UPDATE vendors SET $key = '$value' WHERE vendorID='$vendorID'";
$stmt = $pdo->prepare($sql);
$stmt->execute();
} //end foreach loop
unset($value);
unset($key);
One another option to put parameter in the query which is more secured but it needs more work and expertise. 将参数放在查询中的另一种方法虽然更安全,但需要更多的工作和专业知识。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.