带有 if else 条件的 SQL UPDATE

Question

I want to update the columns post_author and post_user with variables if the respective columns are not empty in the table. If to take off those particular conditions and leave only one, for example post_author , then everything is working, I have problems only with the sql 'case' part.

Having this issue:

Notice: Fail You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SET post_author = case when post_author !=null then 'evgen' else null end, SET p' at line 1

$query = "UPDATE posts SET post_title = '{$post_title}', 
post_tags= '{$post_tags}', 
post_date = now(), 
post_image = '{$post_image}', 
post_content = '{$post_content}',  
post_status = '{$post_status}', 
post_category_id = '{$post_category_id}', 
SET post_author = case when post_author !=null then '{$post_author}' 
                                               else null end, 
SET post_user = case when post_user !=null then '{$post_user}' 
                                           else null end 
WHERE post_id = $the_great_post_id ";

I have this HTML:

<?php  
if(null !=  $post_user) {
?>
      <div class="form-group">
        <label for="post_user">User</label>

       <input type="text" class="form-control" name="post_user" value="<?php echo $post_user; ?>">
    </div>

<?php   }
if(null !=  $post_author) {
?>
      <div class="form-group">
        <label for="post_author">Author</label>

       <input type="text" class="form-control" name="post_author" value="<?php echo $post_author; ?>">
       </div>

<?php   }  ?>

Answer 1

You don't need SET for the last two values

  $query = "
      UPDATE posts 
      SET post_title = '{$post_title}', 
      post_tags= '{$post_tags}', 
      post_date = now(), 
      post_image = '{$post_image}',
      post_content = '{$post_content}', 
      post_status = '{$post_status}', 
      post_category_id = '{$post_category_id}', 
      post_author = case when post_author !=null then '{$post_author}' else null end, 
      post_user = case when post_user !=null then '{$post_user}' else null end 
      WHERE post_id = $the_great_post_id ";

Anyway you should not use PHP variables in SQL, doing so puts you are at risk for SQL injection. To avoid this you should take a look at prepared statement and binding param for your PHP db driver.

Answer 2

When you have

SET post_author = case when post_author !=null then '{$post_author}' 
                                               else null end,

there are a few problems,firstly you don't need the SET . Secondly, using else null will set the value to null rather than leaving the field with it's original value.

In this version, it uses...

post_author = case when post_author is null then '{$post_author}' else post_author end, 

which put together gives you...

UPDATE posts 
    SET post_title = '{$post_title}', 
        post_tags= '{$post_tags}', 
        post_date = now(), 
        post_image = '{$post_image}', 
        post_content = '{$post_content}', 
        post_status = '{$post_status}', 
        post_category_id = '{$post_category_id}', 
        post_author = case when post_author is null then '{$post_author}' else post_author end, 
        post_user = case when post_user is null then '{$post_user}' else post_user end 
    WHERE post_id = $the_great_post_id 

The other thing to point out is that you should be using prepared statements as this is insecure and can allow all sorts of problems.