[英]How to debug the concatenation of a SQL query in PHP?
There's something with my query, but I cannot manage to find what. 我的查询有问题,但是我无法找到什么。
$keys = array_keys($fields);
$values = array_values($fields);
$sql = "UPDATE " .$table. " SET " .implode("`, `", $keys) ."='".implode("', '", $values) . "' WHERE id={$id}";
And it shows as : UPDATE users SET name
, password'Rick is vets', 'sdfg' WHERE id=5
它显示为:
UPDATE users SET name
, password'Rick is vets', 'sdfg' WHERE id=5
But it has to show as : UPDATE users SET name = 'Rick is vets', password='sdfg' WHERE id=5
但是它必须显示为:
UPDATE users SET name = 'Rick is vets', password='sdfg' WHERE id=5
$setString='';
foreach($fields as $k=>$v){
$setString .=$k." = '".$v."', ";
}
$setString=rtrim($setString,', ');
include $setString
in query 在查询中包含
$setString
Try looping through the $fields
array to create an update string like this: 尝试遍历
$fields
数组以创建一个更新字符串,如下所示:
$update_string='';
foreach ($fields as $key=>$value)
{
$update_string .= $key."='$value', ";
}
Then remove the last comma character from the string using rtrim()
function: 然后使用
rtrim()
函数从字符串中删除最后一个逗号:
$update_string = rtrim($update_string, ", ");
Then your query becomes: 然后您的查询变为:
$sql = "UPDATE " .$table. " SET " .$update_string. " WHERE id={$id}";
This is just to illustrate the concept since your code might still be open to SQL injection attacks, in which case you should use prepared statement.
这只是为了说明这个概念,因为您的代码可能仍会受到SQL注入攻击的影响,在这种情况下,您应该使用预处理语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.