MySql PHP更新错误 [英] MySql PHP Update Error

查看：122 发布时间：2020/11/29 1:04:03 php mysql insert-update

本文介绍了MySql PHP更新错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已经把这个代码弄乱了几个小时，无法弄清为什么它不起作用.这是通过JQuery传递的配置文件更新php页面，除了实际上已更新到表中之外，其他一切似乎都还不错.这是我正在使用的代码:

session_start();
include("db-connect.php");//Contains $con

$get_user_sql = "SELECT * FROM members WHERE username = '$user_username'";
$get_user_res = mysqli_query($con, $get_user_sql);
while($user = mysqli_fetch_array($get_user_res)){
    $user_id = $user['id'];
}
$name = mysqli_real_escape_string($con, $_REQUEST["name"]);
$location = mysqli_real_escape_string($con, $_REQUEST["location"]);
$about = mysqli_real_escape_string($con, $_REQUEST["about"]);

$insert_member_sql = "UPDATE profile_members SET id = '$user_id', names = '$name', location = '$location', about = '$about' WHERE id = '$user_id'"; 
$insert_member_res = mysqli_query($con, $insert_member_sql) or die(mysqli_error($con));
if(mysqli_affected_rows($con)>0){
echo "1";
}else{
echo "0";
}

当返回值为0时，我得到的所有信息都可以发现任何潜在的错误吗?谢谢

解决方案

首先，请使用

require("db-connect.php");

代替

include("db-connect.php");

现在，考虑使用预处理语句，您的代码容易受到sql注入的攻击.</p>

考虑使用PDO代替mysql语法，从长远来看，我发现它会更好用，并且它避免了很多无意义的问题，您可以像这样进行操作(可以将其保存在db中-connect文件(如果需要，甚至使数据库连接变为全局):

// Usage:   $db = connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword);
// Pre:     $dbHost is the database hostname, 
//          $dbName is the name of the database itself,
//          $dbUsername is the username to access the database,
//          $dbPassword is the password for the user of the database.
// Post:    $db is an PDO connection to the database, based on the input parameters.
function connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword)
{
    try
    {
        return new PDO("mysql:host=$dbHost;dbname=$dbName;charset=UTF-8", $dbUsername, $dbPassword);
    }
    catch(PDOException $PDOexception)
    {
        exit("<p>An error ocurred: Can't connect to database. </p><p>More preciesly: ". $PDOexception->getMessage(). "</p>");
    }
}

然后初始化变量:

$host = 'localhost';
$user = 'root';
$databaseName = 'databaseName';
$pass = '';

现在您可以通过以下方式访问数据库

$db = connectToDatabase($host, $databaseName, $user, $pass);

现在，这是解决问题的方法(使用准备好的语句，避免sql注入):

function userId($db, $user_username)
{
    $query = "SELECT * FROM members WHERE username = :username;";
    $statement = $db->prepare($query); // Prepare the query.
    $statement->execute(array(
        ':username' => $user_username
    ));
    $result = $statement->fetch(PDO::FETCH_ASSOC);
    if($result)
    {
        return $result['user_id'];
    }
    return false
}

function updateProfile($db, $userId, $name, $location, $about)
{
    $query = "UPDATE profile_members SET name = :name, location = :location, about = :about WHERE id = :userId;";
    $statement = $db->prepare($query); // Prepare the query.
    $result = $statement->execute(array(
        ':userId' => $userId,
        ':name' => $name,
        ':location' => $location,
        ':about' => $about
    ));
    if($result)
    {
        return true;
    }
    return false
}

$userId = userId($db, $user_username); // Consider if it is not false.

$name = $_REQUEST["name"];
$location = $_REQUEST["location"];
$about = $_REQUEST["about"];

$updated = updateProfile($db, $userId, $name, $location, $about);

尽管您应该检查一下查询，但我对其进行了一些修复，但不能100％确定它们是否可以正常工作.

您可以轻松地将另一个函数插入tha数据库中，而不用对其进行更新或将其保留在同一函数中；如果找到该条目的存在，则将其插入，否则将对其进行更新.

I've been messing about with this code for a few hours now and can't work out why it's not working. It's a profile update php page that is passed through JQuery and all seems to be fine except for it actually updating into the table. Here is the code I'm using:

session_start();
include("db-connect.php");//Contains $con

$get_user_sql = "SELECT * FROM members WHERE username = '$user_username'";
$get_user_res = mysqli_query($con, $get_user_sql);
while($user = mysqli_fetch_array($get_user_res)){
    $user_id = $user['id'];
}
$name = mysqli_real_escape_string($con, $_REQUEST["name"]);
$location = mysqli_real_escape_string($con, $_REQUEST["location"]);
$about = mysqli_real_escape_string($con, $_REQUEST["about"]);

$insert_member_sql = "UPDATE profile_members SET id = '$user_id', names = '$name', location = '$location', about = '$about' WHERE id = '$user_id'"; 
$insert_member_res = mysqli_query($con, $insert_member_sql) or die(mysqli_error($con));
if(mysqli_affected_rows($con)>0){
echo "1";
}else{
echo "0";
}

All I get as the return value is 0, can anybody spot any potential mistakes? Thanks

解决方案

To begin with, use

require("db-connect.php");

instead of

include("db-connect.php");

And now, consider using prepared statements, your code is vulnerable to sql injections.

Consider using PDO instead of the mysql syntax, in the long run I find it much better to use and it avoids a lot of non-sense-making problems, you can do it like this (You can keep it in the db-connect file if you want, and even make the database conncetion become global):

// Usage:   $db = connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword);
// Pre:     $dbHost is the database hostname, 
//          $dbName is the name of the database itself,
//          $dbUsername is the username to access the database,
//          $dbPassword is the password for the user of the database.
// Post:    $db is an PDO connection to the database, based on the input parameters.
function connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword)
{
    try
    {
        return new PDO("mysql:host=$dbHost;dbname=$dbName;charset=UTF-8", $dbUsername, $dbPassword);
    }
    catch(PDOException $PDOexception)
    {
        exit("<p>An error ocurred: Can't connect to database. </p><p>More preciesly: ". $PDOexception->getMessage(). "</p>");
    }
}

And then init the variables:

$host = 'localhost';
$user = 'root';
$databaseName = 'databaseName';
$pass = '';

Now you can access your database via

$db = connectToDatabase($host, $databaseName, $user, $pass);

Now, here's how you can solve your problem (Using prepared statements, avoiding sql injection):

function userId($db, $user_username)
{
    $query = "SELECT * FROM members WHERE username = :username;";
    $statement = $db->prepare($query); // Prepare the query.
    $statement->execute(array(
        ':username' => $user_username
    ));
    $result = $statement->fetch(PDO::FETCH_ASSOC);
    if($result)
    {
        return $result['user_id'];
    }
    return false
}

function updateProfile($db, $userId, $name, $location, $about)
{
    $query = "UPDATE profile_members SET name = :name, location = :location, about = :about WHERE id = :userId;";
    $statement = $db->prepare($query); // Prepare the query.
    $result = $statement->execute(array(
        ':userId' => $userId,
        ':name' => $name,
        ':location' => $location,
        ':about' => $about
    ));
    if($result)
    {
        return true;
    }
    return false
}

$userId = userId($db, $user_username); // Consider if it is not false.

$name = $_REQUEST["name"];
$location = $_REQUEST["location"];
$about = $_REQUEST["about"];

$updated = updateProfile($db, $userId, $name, $location, $about);

You should check the queries though, I fixed them a little bit but not 100% sure if they work.

You can easily make another function which inserts into tha database, instead of updating it, or keeping it in the same function; if you find an existance of the entry, then you insert it, otherwise you update it.

这篇关于MySql PHP更新错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

MySql PHP更新错误 [英] MySql PHP Update Error

问题描述

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

MySql PHP更新错误 [英] MySql PHP Update Error

问题描述

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭