PHP中的MySQL更新查询 [英] MySQL Update Query in PHP

问题描述

我正在创建一个简单的mysql表，其中包含一个id，名字，姓氏和一封电子邮件.表创建代码如下:

I'm creating a simple mysql table that contains an id, firstname, lastname and an email. The table creation code is as follows:

$sql="CREATE TABLE users
(
   id int NOT NULL auto_increment,
   PRIMARY KEY(id),
   firstname varchar(20),   
   lastname varchar(20),
   email varchar(40)
)";

表创建有效，但我没有任何问题.当我尝试更新表和用户信息时，出现了我的问题.

Table creation works and I've had no issues. My problem comes when I try to update the table, and the user information.

我的更新查询如下:

mysql_select_db(dustin,$con);

$sql="UPDATE users SET firstname='".$_GET['fn']."',lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";

$sherlock=mysql_query($sql,$con);

基本上，我打开了一个文件，该文件允许用户编辑表单元素中存储的信息，然后在运行更新查询时，它应该更改表中包含的信息.

Essentially, I open a file that allows the user to edit the stored information in form elements and then when the update query runs it should alter the information contained within the table.

mysql_error();显示无输出，并且UPDATE查询失败.

mysql_error(); shows no output and the UPDATE query fails.

推荐答案

$sql="UPDATE users SET firstname='".$_GET['fn']."', lastname='".$_GET['ln']."',email='".$_GET['emadd']"'";

让我们看看...做到这一点.

Let's see... do this.

$sql="UPDATE `users` SET firstname='{$_GET['fn']}', lastname='{$_GET['ln']}', email='{$_GET['emadd']}'";

但是我不建议这样做！

首先使用mysql_real_escape_string()清理数据，以防止SQL注入！

Clean your data first with mysql_real_escape_string() to prevent SQL injection!

例如:

$firstname = mysql_real_escape_string($_GET['fn']);
$lastname = mysql_real_escape_string($_GET['ln']);
$email = mysql_real_escape_string($_GET['emadd']);

$sql="UPDATE `users` SET `firstname`='$firstname', `lastname`='$lastname', `email`='$email' WHERE ...";

mysql_query($sql);

还有，您的WHERE子句在哪里?

Also, where's your WHERE clause?

这篇关于PHP中的MySQL更新查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！