如何使用update语句更新数据库值? [英] How do I update the database values using update statement?
本文介绍了如何使用update语句更新数据库值?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试将'company_name', 'company_add', 'price'
更新为主键'id'
,但是它向我显示'something went wrong'
消息以及'undefined id'
错误.请帮助我!
I am trying to update 'company_name', 'company_add', 'price'
as primary key 'id'
but it shows me a 'something went wrong'
message along with an 'undefined id'
error. please help me!
<?php
include('data_conn.php');
if(isset($_POST['sub']))
{
$comname=$_POST['cname'];
$comadd=$_POST['cadd'];
$pri=$_POST['price'];
$query ="UPDATE login SET company_name=$comname,company_add=$comadd,price=$pri WHERE id=$id";
$result = mysql_query($query);
echo $result;
if(!$result)
{
echo '<script language="javascript">';
echo 'alert("something went Wrong...:("); location.href="edit.php"';
echo '</script>';
}else{
echo '<script language="javascript">';
echo 'alert("successfully updated!!!"); location.href="edit.php"';
echo '</script>';
}
}
?>
推荐答案
除了使用直接替换值,您还可以使用以下方法来避免sql注入.
Instead of using direct substitution values, you could use below methods to avoid sql injection.
您基本上有两种选择可以实现这一目标:
You basically have two options to achieve this:
-
使用PDO(用于任何受支持的数据库驱动程序):
Using PDO (for any supported database driver):
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array('name' => $name));
foreach ($stmt as $row) {
// do something with $row
}
使用MySQLi(对于MySQL):
Using MySQLi (for MySQL):
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
这篇关于如何使用update语句更新数据库值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文