PHP中的MySQL更新查询 [英] MySQL Update Query in PHP
问题描述
我正在创建一个简单的mysql表,其中包含一个id,名字,姓氏和一封电子邮件.表创建代码如下:
I'm creating a simple mysql table that contains an id, firstname, lastname and an email. The table creation code is as follows:
$sql="CREATE TABLE users
(
id int NOT NULL auto_increment,
PRIMARY KEY(id),
firstname varchar(20),
lastname varchar(20),
email varchar(40)
)";
表创建有效,但我没有任何问题.当我尝试更新表和用户信息时,出现了我的问题.
Table creation works and I've had no issues. My problem comes when I try to update the table, and the user information.
我的更新查询如下:
mysql_select_db(dustin,$con);
$sql="UPDATE users SET firstname='".$_GET['fn']."',lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";
$sherlock=mysql_query($sql,$con);
基本上,我打开了一个文件,该文件允许用户编辑表单元素中存储的信息,然后在运行更新查询时,它应该更改表中包含的信息.
Essentially, I open a file that allows the user to edit the stored information in form elements and then when the update query runs it should alter the information contained within the table.
mysql_error();显示无输出,并且UPDATE查询失败.
mysql_error(); shows no output and the UPDATE query fails.
推荐答案
$sql="UPDATE users SET firstname='".$_GET['fn']."', lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";
让我们看看...做到这一点.
Let's see... do this.
$sql="UPDATE `users` SET firstname='{$_GET['fn']}', lastname='{$_GET['ln']}', email='{$_GET['emadd']}'";
但是我不建议这样做!
首先使用mysql_real_escape_string()清理数据,以防止SQL注入!
Clean your data first with mysql_real_escape_string() to prevent SQL injection!
例如:
$firstname = mysql_real_escape_string($_GET['fn']);
$lastname = mysql_real_escape_string($_GET['ln']);
$email = mysql_real_escape_string($_GET['emadd']);
$sql="UPDATE `users` SET `firstname`='$firstname', `lastname`='$lastname', `email`='$email' WHERE ...";
mysql_query($sql);
还有,您的WHERE
子句在哪里?
Also, where's your WHERE
clause?
这篇关于PHP中的MySQL更新查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!