mysql更新设置所有字段相同
[英]mysql update setting all fields the same
问题描述
This is my php code: 
这是我的PHP代码:
if (isset($_POST['data']) && is_array($_POST['data'])) {
foreach ($_POST['data'] as $row => $data) {
$result = mysql_query("UPDATE orders SET project_ref='".$data['project_ref']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result1 = mysql_query("UPDATE orders SET supp_short_code='".$data['supp_short_code']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result2 = mysql_query("UPDATE orders SET om_part_no='".$data['om_part_no']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result3 = mysql_query("UPDATE orders SET description='".$data['description']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result4 = mysql_query("UPDATE orders SET quantity='".$data['quantity_input']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result5 = mysql_query("UPDATE orders SET cost_of_items='".$data['cost_of_items']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
$result6 = mysql_query("UPDATE orders SET cost_total='".$data['cost_total_td']."' where order_id = '".$data['order_id']."'") or die(mysql_error());
}
}
So when the user wants to edit order id: 1, i hope it will update all rows where the order_id is 1, but what this code is doing is setting all fields to "1"?? 因此,当用户想要编辑订单ID:1时,我希望它将更新order_id为1的所有行,但是此代码正在将所有字段设置为“ 1”?
EDIT: 编辑:
This is how i'm sending the data to the PHP: 这就是我将数据发送到PHP的方式:
$('#submit').live('click',function(){
var postData = {};
postData['data[order_id]'] = $('#order_id').text();
$('#items tr').not(':first').each(function(index, value) {
var keyPrefix = 'data[' + index + ']';
postData[keyPrefix + '[supp_short_code]'] = $(this).closest('tr').find('.supp_short_code').text();
postData[keyPrefix + '[project_ref]'] = $(this).closest('tr').find('.project_ref').text();
postData[keyPrefix + '[om_part_no]'] = $(this).closest('tr').find('.om_part_no').text();
postData[keyPrefix + '[description]'] = $(this).closest('tr').find('.description').text();
postData[keyPrefix + '[quantity_input]'] = $(this).closest('tr').find('.quantity_input').val();
postData[keyPrefix + '[cost_of_items]'] = $(this).closest('tr').find('.cost_of_items').text();
postData[keyPrefix + '[cost_total_td]'] = $(this).closest('tr').find('.cost_total_td').text();
});
$.ajax
({
type: "POST",
url: "updateorder.php",
dataType: "json",
data: postData,
cache: false,
success: function()
{
alert("Order Updated");
}
});
});
4 个解决方案
解决方案1
1 2010-11-12 09:56:52
you can start by reading this which will save you lots of trouble in the future. 您可以先阅读此内容 ,以免将来麻烦很多。
Also, you don't need to create a query for each field you need to update. 另外,您无需为每个需要更新的字段创建查询。 Disregarding security issues, you can do something like: 忽略安全问题,您可以执行以下操作:
$q = "
UPDATE orders
SET project_ref='".$data['project_ref']."' ,
supp_short_code='".$data['supp_short_code']."' ,
om_part_no='".$data['om_part_no']."' ,
description='".$data['description']."' ,
// .... remaining fields here, don't forget ^ the coma
WHERE order_id = '".$data['order_id']."'
";
mysql_query($q) or die(mysql_error());
What this code is doing is setting your table fields project_ref, supp_short_code, om_part_no, ... to something (which comes from $_POST['data'] ) to whatever order_id comes from $_POST['data']['order_id'] . 这段代码正在做的是设置你的表字段project_ref, supp_short_code, om_part_no, ...的东西(它来自$_POST['data']到任何order_id来自$_POST['data']['order_id'] 。
If all your fields are becoming 1, you probably have some trouble at the data you send from the form. 如果您所有的字段都变为1,则您从表单发送的数据可能会遇到麻烦。 Try a print_r($_POST) to help you fix it. 尝试使用print_r($_POST)来解决它。
解决方案2
1 2010-11-12 09:59:42
$_POST data is usually provided by the user, so there's no way it's a native PHP array unless you make it yourself ( $_POST['data'] = array() ). $_POST数据通常由用户提供,因此除非您自己创建( $_POST['data'] = array() ),否则它不可能是本机PHP数组。
Sanitize your input, and log it before running any query... print_r($_POST['data']) ... be sure it contains the data that you actually want. 清理您的输入,并在运行任何查询之前记录它... print_r($_POST['data']) ...确保它包含您实际想要的数据。
解决方案3
1 2010-11-12 10:00:29
Maybe check out the DB Type for order_id in MySQL. 也许在MySQL中检查DB Type for order_id。 I assume that it's defined as an INT. 我假设它被定义为INT。 If so, remove the single quotes here: 如果是这样,请在此处删除单引号:
where order_id = ".$data['order_id']."
解决方案4
1 已采纳 2010-11-12 10:03:54
Well first of all, is $_POST['data'] an array of arrays? 首先,$ _POST ['data']是一个数组数组吗? Seems a bit odd to me. 对我来说似乎有些奇怪。 A foreach loop iterates through each item in the array, and retrieves the key and value after the as . 一个foreach循环遍历数组中的每个项目,并检索as之后的键和值。 So is this what you meant? 那是你的意思吗?
if (isset($_POST['data']) && is_array($_POST['data'])) {
foreach ($_POST['data'] as $row => $data) {
$result = mysql_query("UPDATE orders SET $row='$data' WHERE order_id = '" . $_POST['data']['order_id'] . "';");
}
}
Second point is that you shouldn't create a new SQL query for each field. 第二点是,您不应该为每个字段创建一个新的SQL查询。 Try this: 尝试这个:
if (isset($_POST['data']) && is_array($_POST['data'])) {
$sql = "UPDATE orders SET ";
foreach ($_POST['data'] as $row => $data) {
$sql .= "$row = '$data'";
}
}
$sql .= " WHERE order_id = '" . $_POST['data']['order_id'] . "'";
$result = mysql_query($sql);
And thirdly, read up on SQL injection. 第三,阅读SQL注入。 At the very minimum, put mysql_real_escape_string() around the $row and $data variables and the $_POST['data']['order_id']. 至少要在$ row和$ data变量以及$ _POST ['data'] ['order_id']周围放置mysql_real_escape_string()。 So: 所以:
if (isset($_POST['data']) && is_array($_POST['data'])) {
$sql = "UPDATE orders SET ";
foreach ($_POST['data'] as $row => $data) {
$sql .= "mysql_real_escape_string($row) = 'mysql_real_escape_string($data)'";
}
}
$sql .= " WHERE order_id = '" . mysql_real_escape_string($_POST['data']['order_id']) . "'";
$result = mysql_query($sql);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.