堆栈内存溢出
  简体   繁体   English

如何使用update语句更新数据库值?

[英]How do I update the database values using update statement?

 原文  2016-07-11 06:07:22       php/ mysql

问题描述

I am trying to update 'company_name', 'company_add', 'price' as primary key 'id' but it shows me a 'something went wrong' message along with an 'undefined id' error. 我正在尝试将'company_name', 'company_add', 'price'为主键'id'但它向我显示'something went wrong'消息以及'undefined id'错误。 please help me! 请帮我! 

<?php
include('data_conn.php');

if(isset($_POST['sub']))
{
    $comname=$_POST['cname'];
    $comadd=$_POST['cadd'];
    $pri=$_POST['price'];

    $query ="UPDATE login SET company_name=$comname,company_add=$comadd,price=$pri WHERE id=$id";
    $result = mysql_query($query);
    echo $result;
    if(!$result)
    {
        echo '<script language="javascript">';
        echo 'alert("something went Wrong...:("); location.href="edit.php"';
        echo '</script>';
    }else{
        echo '<script language="javascript">';
        echo 'alert("successfully updated!!!"); location.href="edit.php"';
        echo '</script>';
    }
}
?>

2 个解决方案

解决方案1
 2 已采纳  2016-07-11 06:23:46

Instead of using direct substitution values, you could use below methods to avoid sql injection. 除了使用直接替换值外,还可以使用以下方法来避免sql注入。

You basically have two options to achieve this: 您基本上有两种选择可以实现此目的:

  1. Using PDO (for any supported database driver): 使用PDO(对于任何受支持的数据库驱动程序): 

     $stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name'); $ stmt = $ pdo-> prepare('SELECT * FROM employee WHERE name =:name');\n\n$stmt->execute(array('name' => $name)); $ stmt-> execute(array('name'=> $ name));\n\nforeach ($stmt as $row) { foreach($ stmt as $ row){\n    // do something with $row //用$ row做点什么\n} }

  2. Using MySQLi (for MySQL): 使用MySQLi(对于MySQL): 

     $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $ stmt = $ dbConnection-> prepare('SELECT * FROM employee WHERE name =?');\n$stmt->bind_param('s', $name); $ stmt-> bind_param('s',$ name);\n\n$stmt->execute(); $ stmt-> execute();\n\n$result = $stmt->get_result(); $ result = $ stmt-> get_result();\nwhile ($row = $result->fetch_assoc()) { 而($ row = $ result-> fetch_assoc()){\n    // do something with $row //用$ row做点什么\n} }

Please refer How can I prevent SQL injection in PHP? 请参阅如何防止PHP中的SQL注入?

解决方案2
 0  2016-07-11 06:09:23

You have to put the character values in single quotes: 您必须将字符值放在单引号中: 

$query ="UPDATE login SET company_name='$comname',company_add='$comadd',price=$pri WHERE id=$id";

Stop using deprecated mysql_* API. 停止使用不推荐使用的mysql_* API。 Use mysqli_* or PDO with prepared Statements. mysqli_*PDO与已准备好的语句一起使用。 Atleast use the error function, to get the error message. Atleast使用错误功能来获取错误消息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用php更新数据库? - How do I update the database using php? 如何在 Yii 中为 IN() 子句创建参数化数据库更新语句? - How do I create a parameterized database update statement in Yii for an IN() clause? 如何编写带有更新的准备好的语句? - How do I write a prepared statement with an update? 如何使用PHP更新MySQL数据库中的序列化数据? - How do I update serialized data in a MySQL database using PHP? 如何使用选择表单更新数据库并提交? - How do I update database using select form and submit? 如何使用php更新mysql数据库中的连续行? - How do I update consecutive rows in a mysql database using php? 如何更新 MySQL 表,其值在一个插入语句中相互依赖 - How do I update a MySQL table with values dependent of each other in one Insert Statement PHP PDO - 如何使用已包含当前数据库值的单选按钮值更新数据库? - PHP PDO - How do I update the Database with Radio button values which already contain the current database value? 如何使用复选框值更新数据库? - How do I update database with checkbox value? 如何更改数据库更新中的元素 - How do i change an element on Database update
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM