更新mySQL数据库的PHP脚本 [英] PHP script to update mySQL database
问题描述
改天再问...
我需要编写 PHP 脚本来更新 mySQL 数据库.
I need to write PHP script to update mySQL database.
例如:当用户想要更改他们的名字、姓氏等时更新个人资料页面.
For example: updating profile page when user want to change their first name, last name or etc.
到目前为止,这是我的 php 脚本,它不起作用.请帮忙!
<?php
@ $db = new MySQLi('localhost','root','','myDB');
if(mysqli_connect_errno()) {
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}
if (isset($_GET['id'])) {
$id = $db->real_escape_string($_GET['id']);
$First_Name2 = $_POST['First_Name2'];
$query = "UPDATE people SET $First_Name2 = First_Name WHERE `Id` = '$id'";
$result = $db->query($query);
if(! $result)
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
$db->close();
}
?>
谢谢.
推荐答案
你的 sql 错了.除了巨大的开放SQL注入攻击漏洞之外,您还生成了错误的sql.
Your sql is wrong. Apart from the gaping wide open SQL injection attack vulnerability, you're generating bad sql.
例如考虑提交Fred"作为名字:
e.g. consider submitting "Fred" as the first name:
$First_Name2 = "Fred";
$query = "UPDATE people SET Fred = First_name WHERE ....";
现在您告诉数据库将字段名称Fred"更新为First_Name"字段中的值.您的值必须被引用和反转:
now you're telling the db to update a field name "Fred" to the value in the "First_Name" field. Your values must be quoted, and reversed:
$query = "UPDATE people SET First_name = '$First_Name2' ...";
您还像醉汉在街上蹒跚而行一样混合了 mysqli 和 mysql 数据库库.PHP 的数据库库和函数/方法调用不可可以这样互换.
You are also mixing the mysqli and mysql DB libraries like a drunk staggering down the street. PHP's db libraries and function/method calls are NOT interchangeable like that.
简而言之,这段代码是纯粹的货物崇拜编程.
In short, this code is pure cargo-cult programming.
这篇关于更新mySQL数据库的PHP脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!