if ($stmt = $mysqli->prepare("UPDATE profile SET fullname =?, guardian =?,
addressline1 = ?, addressline2 = ?, city = ?, stateid = ?, pin = ?, birthdate = ?,
bloodgroup= ?, allergydetails= ?, pancardno= ?, officephone= ?, residencephone= ?,
mobilephone= ?, drivinglicensenumber= ?, drivinglicensevalidupto= ?,
fmscidrivinglicensenumber= ?, fmscientrantlicensenumber= ?, vehiclemake= ?,
vehiclemodel= ?, vehiclenumber= ?, vehicleyear= ?, emergencyname= ?,
emergencyaddress1= ?, emergencyaddress2= ?,emergencylandphone= ?,
emergencymobilephone= ?, isprofilecomplete = ? WHERE username = ?"))
{
$stmt->bind_param('sssssississsssssssssssssssssi', $fullname, $sodowo,
addressline1, $addressline2, $city, $stateid, $pin, $birthdate, $bloodgroup,
$allergydetails, $pancardno, $officephone, $residencephone, $mobilephone,
$drivinglicensenumber, $drivinglicensevalidupto, $fmscidrivinglicensenumber,
$fmscientrantlicensenumber, $vehiclemake, $vehiclemodel, $vehiclenumber, $vehicleyear,
$emergencyname, $emergencyaddress1, $emergencyaddress2, $emergencylandphone,
$emergencymobilephone, $isprofilecomplete , $username );
$stmt->execute();
$stmt->close();
}
执行上述更新语句时,它将使用值而不是WHERE子句更新所有行。任何想法为什么会发生这种情况?
感谢。
答案 0 :(得分:1)
bind param的类型字符串的最后一个值(第一个参数(“sssssississsssssssssssssssssssi”)是整数的“i”,但你要将它与“username”进行比较,后者可能是一个字符串。
我猜你传入的值被转换为0并且将0与MySQL中的任何字符串进行比较始终为真(参见mysql: why comparing a 'string' to 0 gives true?)。
尝试在“sssssississsssssssssssssssssi”中更改“s”的最后一个“i”(读起来非常糟糕,因此非常容易出错。)