[英]How do I update the database values using update statement?
I am trying to update 'company_name', 'company_add', 'price'
as primary key 'id'
but it shows me a 'something went wrong'
message along with an 'undefined id'
error. 我正在尝试将'company_name', 'company_add', 'price'
为主键'id'
但它向我显示'something went wrong'
消息以及'undefined id'
错误。 please help me! 请帮我!
<?php
include('data_conn.php');
if(isset($_POST['sub']))
{
$comname=$_POST['cname'];
$comadd=$_POST['cadd'];
$pri=$_POST['price'];
$query ="UPDATE login SET company_name=$comname,company_add=$comadd,price=$pri WHERE id=$id";
$result = mysql_query($query);
echo $result;
if(!$result)
{
echo '<script language="javascript">';
echo 'alert("something went Wrong...:("); location.href="edit.php"';
echo '</script>';
}else{
echo '<script language="javascript">';
echo 'alert("successfully updated!!!"); location.href="edit.php"';
echo '</script>';
}
}
?>
Instead of using direct substitution values, you could use below methods to avoid sql injection. 除了使用直接替换值外,还可以使用以下方法来避免sql注入。
You basically have two options to achieve this: 您基本上有两种选择可以实现此目的:
Using PDO (for any supported database driver): 使用PDO(对于任何受支持的数据库驱动程序):
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name'); $ stmt = $ pdo-> prepare('SELECT * FROM employee WHERE name =:name');\n\n$stmt->execute(array('name' => $name)); $ stmt-> execute(array('name'=> $ name));\n\nforeach ($stmt as $row) { foreach($ stmt as $ row){\n // do something with $row //用$ row做点什么\n} }
Using MySQLi (for MySQL): 使用MySQLi(对于MySQL):
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $ stmt = $ dbConnection-> prepare('SELECT * FROM employee WHERE name =?');\n$stmt->bind_param('s', $name); $ stmt-> bind_param('s',$ name);\n\n$stmt->execute(); $ stmt-> execute();\n\n$result = $stmt->get_result(); $ result = $ stmt-> get_result();\nwhile ($row = $result->fetch_assoc()) { 而($ row = $ result-> fetch_assoc()){\n // do something with $row //用$ row做点什么\n} }
Please refer How can I prevent SQL injection in PHP? 请参阅如何防止PHP中的SQL注入?
You have to put the character values in single quotes: 您必须将字符值放在单引号中:
$query ="UPDATE login SET company_name='$comname',company_add='$comadd',price=$pri WHERE id=$id";
Stop using deprecated mysql_*
API. 停止使用不推荐使用的mysql_*
API。 Use mysqli_*
or PDO
with prepared Statements. 将mysqli_*
或PDO
与已准备好的语句一起使用。 Atleast use the error function, to get the error message. Atleast使用错误功能来获取错误消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.