PHP脚本未更新mysql表
[英]PHP script not updating mysql table
问题描述
this script is simply not working... can anyone tell me what I'm doing wrong? 
该脚本根本无法正常工作...任何人都可以告诉我我做错了什么吗?
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' AND SET date='". $date . "' AND SET html='" . $html . "' AND SET shortdesc='" . $shortdesc . "' AND SET link='" . $link . "' AND SET target='" . $target . "' AND SET sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
5 个解决方案
解决方案1
5 2012-06-06 05:49:45
You aren't escaping your values so you are vulnerable to SQL injection and also construction of invalid statements. 您不会逃避自己的值,因此容易受到SQL注入和无效语句构造的影响。 For example, if any of your input strings contain an apostrophe then it could cause your code to fail. 例如,如果您的任何输入字符串包含撇号,则可能导致您的代码失败。
Have a look at prepared statements that will make it much easier to construct your queries with parameters . 看一下准备好的语句 ,这将使使用参数构造查询变得更加容易。
In your query you will also need to use commas instead of AND SET . 在查询中,您还需要使用逗号而不是AND SET 。
$query = "UPDATE insight SET name='foo', date='2012-12-10' WHERE id=42";
The syntax for UPDATE is described in the MySQL documentation: 更新的语法在MySQL文档中描述:
解决方案2
0 2012-06-06 05:50:51
这样使用
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
解决方案3
0 2012-06-06 05:55:21
Its working ... check now 它的工作...现在检查
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
解决方案4
0 2012-06-06 05:57:19
I aint a pro at mysql, but a try. 我不是mysql专业人士,但可以尝试。
I guess id is an integer. 我想id是一个整数。 So, dont quote it. 所以,不要引用它。
Try this, 尝试这个,
$query = "UPDATE insight SET name='".$name."' , date='". $date . "' , html='" . $html . "' , shortdesc='" . $shortdesc . "' , link='" . $link . "' , target='" . $target . "' , sort='" . $sort . "' WHERE id=". $id ;
解决方案5
0 2012-06-06 06:15:01
我认为SQL语法不正确,可以这样使用它: UPDATE tablename SET rowname = value , ....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.