[英]How to update existing MySQL table when one of the HTML form field is submitted blank where default value for all asked columns is NULL?
登录后,用户需要填写另一份表格。 该网站有一个表,称为users
,其列名为-
Ten_School_name, Ten_Board, Ten_Percentage, Twl_School_Name, Twl_Board, Twl_Percentage
Ten_School_name
, Twl_School_Name
设置为VARCHAR(70)
且默认值为NULL
Ten_Board
, Twl_Board
设置为VARCHAR(10)
且默认值为NULL
Ten_Percentage
, Twl_Percentage
设置为int(3)
且默认值为NULL
“ Username
,“ Email
和“ Password
是其他三列,当用户在网站上注册时这些列将被占用,其余的默认值设置为NULL。 当我通过填写所有六个字段来提交表单时,则成功提交了表单,但是如果将任何字段留空,则会出现来自处理脚本的Incorrect integer value: '' for column 'Twl_Percentage' at row 2
我已经浪费了很多时间寻找解决方案。 我希望这里有人能解决我的问题。
这是我的表格-
<form id="msform" action="includes/cand-reg-dbs.php" method="POST">
<!--10th Class Details-->
<label>10th School Name</label><input type="text" name="tenth-school"><br />
<label>10th Board</label>
<select name="tenth-board">
<option name="tenth-board1" value="icse">ICSE</option>
<option name="tenth-board2" value="cbse">CBSE</option>
<option name="tenth-board3" value="up-board">UP Board</option>
</select>
<br />
<label>10th Percentage</label>
<input type="number" name="tenth-percent">
<br />
<!--12th Class Details-->
<label>12th School Name</label><input type="text" name="twl-school"><br />
<label>12th Board</label>
<select name="twl-board">
<option name="twl-board1" value="icse">ISE</option>
<option name="twl-board2" value="cbse">CBSE</option>
<option name="twl-board3" value="up-board">UP Board</option>
</select>
<br />
<label>12th Percentage</label>
<input type="number" name="twl-percent">
<input type="submit" name="submita" id="" class="" value="Save" /></form>
这是我的PHP脚本来处理数据-
if (isset($_POST['submita'])) {
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "jobin";
$con = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
if (isset($_SESSION['username'])) {
$user = $_SESSION['username'];
echo $user;
$eml = $_SESSION['cand_email'];
echo $eml;
}
$tenthSchool = mysqli_real_escape_string($con, $_POST['tenth-school']);
$tenthBoard = mysqli_real_escape_string($con, $_POST['tenth-board']);
$tenthPercent = mysqli_real_escape_string($con, $_POST['tenth-percent']);
$twlSchool = mysqli_real_escape_string($con, $_POST['twl-school']);
$twlBoard = mysqli_real_escape_string($con, $_POST['twl-board']);
$twlPercent = mysqli_real_escape_string($con, $_POST['twl-percent']);
$sqlsd = "UPDATE users
SET
Ten_School_Name = '$tenthSchool',
Ten_Board = '$tenthBoard',
Ten_Percentage = '$tenthPercent',
Twl_School_Name = '$twlSchool',
Twl_Board = '$twlBoard',
Twl_Percentage = '$twlPercent'
WHERE
Email = '$eml';";
if(!$con)
{
die('Could not connect: ' . mysqli_connect_error());
}
$resultsd = mysqli_query($con, $sqlsd);
if(!$resultsd)
{
die('Could not update data: ' . mysqli_connect_error());
}
if ($resultsd) {
header("Location: ../candidate-registration.php?sd=success");
}
} else {
echo "nothing";
}
我会将列从NULL更改为NOT NULL,并将默认值设置为表上的空字符串”。 这样,您可以使用更安全的预处理语句,如下所示:
$stmt = $link->prepare("UPDATE users SET Ten_School_Name = ?, Ten_Board = ?, Ten_Percentage = ?, Twl_School_Name = ?, Twl_Board = ?, Twl_Percentage = ? WHERE Email = ?");
$stmt->bind_param("ssissis", $tenthSchool, $tenthBoard, $tenthPercent,
$twlSchool, $twlBoard, $twlPercent, $eml);
$stmt->execute();
$stmt->close();
如果您无法更改列,则必须仅使用非空字段编写查询。 像这样:
$sqlsd2 = "";
if ($tenthSchool != "") { $sqlsd2 .= "Ten_School_Name = '$tenthSchool', ";
if ($tenthBoard != "") { $sqlsd2 .= "Ten_Board = '$tenthBoard', ";
if ($tenthPercent != "") { $sqlsd2 .= "Ten_Percentage = $Ten_Percentage, ";
if ($twlSchool != "") { $sqlsd2 .= "Twl_School_Name = '$twlSchool', "
if ($twlBoard != "") { $sqlsd2 .= "Twl_Board = '$twlBoard', "
if ($twlPercent != "") { $sqlsd2 .= "Twl_Percentage = $twlPercent ";
if($sqlsd2 !="")
{ //update)
$sqlsd = "UPDATE users SET " . $sqlsd2 . "WHERE Email = '$eml'";
}
else
{
//nothing to update
}
注意,第二种方法不如第一种安全,因为mysqli_real_escape_string不能完全避免mysql注入。 您必须使用准备好的语句。
有一种方法可以使用call_user_func_array()来创建动态的预准备语句,有时我无法逃避此操作,但这更加复杂。 我建议只更改您的列并执行准备好的语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.