更新mySQL数据库的PHP脚本 [英] PHP script to update mySQL database

问题描述

改天再问...

我需要编写 PHP 脚本来更新 mySQL 数据库.

I need to write PHP script to update mySQL database.

例如:当用户想要更改他们的名字、姓氏等时更新个人资料页面.

For example: updating profile page when user want to change their first name, last name or etc.

到目前为止，这是我的 php 脚本，它不起作用.请帮忙！

<?php
@ $db = new MySQLi('localhost','root','','myDB');

if(mysqli_connect_errno()) {
    echo 'Connection to database failed:'.mysqli_connect_error();
    exit();
}

if (isset($_GET['id'])) {

$id = $db->real_escape_string($_GET['id']); 

$First_Name2 = $_POST['First_Name2'];

$query  = "UPDATE people SET $First_Name2 = First_Name WHERE `Id` = '$id'";

$result = $db->query($query);

if(! $result)
{
    die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";

$db->close();
}
?>

谢谢.

推荐答案

你的 sql 错了.除了巨大的开放SQL注入攻击漏洞之外，您还生成了错误的sql.

Your sql is wrong. Apart from the gaping wide open SQL injection attack vulnerability, you're generating bad sql.

例如考虑提交Fred"作为名字:

e.g. consider submitting "Fred" as the first name:

$First_Name2 = "Fred";
$query = "UPDATE people SET Fred = First_name WHERE ....";

现在您告诉数据库将字段名称Fred"更新为First_Name"字段中的值.您的值必须被引用和反转:

now you're telling the db to update a field name "Fred" to the value in the "First_Name" field. Your values must be quoted, and reversed:

$query = "UPDATE people SET First_name = '$First_Name2' ...";

您还像醉汉在街上蹒跚而行一样混合了 mysqli 和 mysql 数据库库.PHP 的数据库库和函数/方法调用不可可以这样互换.

You are also mixing the mysqli and mysql DB libraries like a drunk staggering down the street. PHP's db libraries and function/method calls are NOT interchangeable like that.

简而言之，这段代码是纯粹的货物崇拜编程.

In short, this code is pure cargo-cult programming.

这篇关于更新mySQL数据库的PHP脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！