PHP 的數據更新准備好的語句不起作用? [等候接聽]
[英]Data UPDATE by PHP Prepared Statement not working? [on hold]
問題描述
這是我更新 mysql 數據記錄的代碼,但此代碼不更新數據記錄。 顯示空白頁。 請幫助我該怎么做以及如何通過此代碼成功實現。
<?php
require 'connect.php';
if (isset($_POST['id']))
{
if ($stmt = $conn->prepare ('select * member where id= ?')){
$stmt -> bind_param('s', $_SESSION['id']);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows>0){
if($stmt = $conn->prepare('UPDATE member SET name=?, department=?, session=? ,hall=?,mobile=?, rudf_position=?, email=?, blood=?, birthday=? where id=?')){
$stmt->bind_param('sssssssss',
$_POST['name'],
$_POST['department'],
$_POST['session'],
$_POST['hall'],
$_POST['birthday'],
$_POST['blood'],
$_POST['mobile'],
$_POST['email'],
$_POST['rudf_position'],);
$stmt->execute();
header('Location: index.php');
echo 'Updated';
}
}else{
echo 'Sorry';
}
}
}
1 個解決方案
解決方案1
0 2019-10-27 13:55:59
如果看起來,上面的select語句只是為了確定提供的 session id是否有相應的記錄,那么我相信你可以完全刪除它。 關於您的代碼的另一點是,您只測試$_POST['id']是否實際設置 - 如果未設置其他字段,您會收到錯誤 - 使用如下方法(未測試 btw)意味着您可以識別缺失的字段或實際處理 sql 語句之前的附加字段。
為了支持前面的評論:sql 中的占位符數量(用?表示)必須與bind_param方法中的type標識符數量相同(即: sssss....等) and then the number of variables assigned must also match. In the above there are 10 placeholders in the sql but only 9 ) and then the number of variables assigned must also match. In the above there are 10 placeholders in the sql but only 9標識符和 9 個變量。
如果您測試prepared statement (即: if( $stmt ) {} ),您可以分叉邏輯以捕獲錯誤發生的位置 - 您不會對代碼執行此操作。 我希望以下內容可能會有所幫助。
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
require 'connect.php';
$errors=array();
/* Expected POST fields and a suitable FILTER type */
$args=array(
'id' => FILTER_SANITIZE_STRING,
'name' => FILTER_SANITIZE_STRING,
'department' => FILTER_SANITIZE_STRING,
'session' => FILTER_SANITIZE_STRING,
'hall' => FILTER_SANITIZE_STRING,
'birthday' => FILTER_SANITIZE_STRING,
'blood' => FILTER_SANITIZE_STRING,
'mobile' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'rudf_position' => FILTER_SANITIZE_STRING
);
/* Ensure that ALL post variables are within the expected range as defined above to avoid spurious injection of parameters */
foreach( $_POST as $field => $value ){
try{
if( !in_array( $field, array_keys( $args ) )throw new Exception( sprintf( 'unknown field "%s"',$field ) );
}catch(Exception $e){
$errors[]=$e->getMessage();
continue;
}
}
/* Ensure that all POST variables are set */
foreach( array_keys( $args ) as $field ){
try{
if( !isset( $_POST[ $field ] ) )throw new Exception( sprintf( 'Required field "%s" is not set', $field ) );
}catch(Exception $e){
$errors[]=$e->getMessage();
continue;
}
}
if( empty( $errors ) ){
/* Filter the POST array and assign to variables using `extract` */
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
$id=$_SESSION['id'];
/* Prepare the sql */
$sql='update `member` set `name`=?,`department`=?,`session`=?,`hall`=?,`mobile`=?,`rudf_position`=?,`email`=?,`blood`=?,`birthday`=? where `id`=?';
$stmt=$conn->prepare( $sql );
if( !$stmt )$errors[]='INSERT: SQL Prepared Statement failed';
/* bind params and variables */
$stmt->bind_param('ssssssssss', $name, $department, $session, $hall, $mobile, $rudf_position, $email, $blood, $birthday, $id );
/* execute the statement */
$status = $stmt->execute();
http_response_code(200);
exit( header( sprintf('Location: index.php?status=%s', $status ? 'ok' : 'fail' ) ) )
} else {
exit( sprintf( '<pre>%s</pre>', print_r( $errors, true ) ) );
}
}
?>
PHP MYSQLI准備的更新語句不起作用?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.