MySQL 更新命令不起作用 [英] MySQL Update command not working

问题描述

我一直在尝试让 mysql 条目通过 iOS 中的 php 进行更新.但是，xcode 的模拟器拒绝更新这些值.我的格式正确吗?(澄清一下，数据库名称是登录"，两个 prog 变量是整数(不必以不同的方式格式化吗?))

I have been trying to get mysql entries to update via php from iOS. However, xcode's simulator refuses to update the values. Did I format this correctly? (to clarify, database name is "login" and the two prog variables are integers (that doesn't have to be formatted differently does it?))

<?php
$prog= $_GET['prog'];
$prog1= $_GET['prog1'];
$dbh = new PDO('(censored)');
$sql = "UPDATE login SET oneam = $prog, twelvefif = $prog1 WHERE username = 'hello'"; 
$q = $dbh->prepare( $sql );
$q;
?>

或在 xcode...

or in xcode...

NSString *urlString = [NSString stringWithFormat:@"(censored)?prog=%@&prog1=%@", prog, prog1];

推荐答案

为了避免 sql 注入问题，您应该将变量强制转换为 int 或在准备好的语句中绑定变量(首选...):

To avoid sql injection problems, you should cast your variables to int or bind the variables in your prepared statement (preferred...):

$prog = (int) $_GET['prog'];
$prog1 = (int) $_GET['prog1'];

除此之外，您还必须实际执行准备好的语句，仅准备它是不够的:

Apart from that you have to actually execute the prepared statement, just preparing it is not enough:

$q = $dbh->prepare( $sql );
$q->execute();

这篇关于MySQL 更新命令不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！