目前,我在一个文本框中提交了两个“WS_ID”号码,两者之间有一个空格。我拥有的SQL命令能够在sql数据库中更新两个结果,但是当文本框中只提交了一个“WS_ID”时,不会更新任何内容。任何帮助都会很有帮助。非常感谢。
if(isset($_GET["Update"]))
{ $DEP_TIME = $_GET["DEP_TIME"];
$ARR_TIME = $_GET["ARR_TIME"];
$TRAVEL_TIME = $_GET["TRAVEL_TIME"];
$HRS_WORKED = $_GET["HRS_WORKED"];
$INC_DEP_TIME = $_GET["INC_DEP_TIME"];
$INC_LAB_DAY = $_GET["INC_LAB_DAY"];
$LAB_DATE = $_GET["LAB_DATE"];
$WS_ID = $_GET["WS_ID"];
$WS_ID2 = explode(" ", $WS_ID);
$SQL = "UPDATE `elecsys`.`worksheet_labour` SET DEP_TIME = $DEP_TIME, ARR_TIME = $ARR_TIME, TRAVEL_TIME = $TRAVEL_TIME, HRS_WORKED = $HRS_WORKED WHERE WS_ID = $WS_ID2[0] OR WS_ID = $WS_ID2[1]";
$resultset2 = mysql_query($SQL);
}
答案 0 :(得分:2)
在你的sql中,你可能需要围绕当前值的引号。但是,在当前这个时候,您需要进行SQL注入。您应该使用PDO或MYSQLI来避免这种情况。
当$WS_ID2[1]为空时,你得到WHERE WS_ID=value OR WS_ID = ;我不相信MYSQL知道假设没有引号就是空白。
$con = new mysqli($databasehost,$dbuser,$dbpassword);
if ($con->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
//Set all your variables here, omitted from code...
$stmt = $con->prepare("UPDATE `elecsys`.`worksheet_labour` SET DEP_TIME = ?, ARR_TIME = ?, TRAVEL_TIME = ?, HOURS_WORKED = ?, WHERE WS_ID = ? OR WS_ID = ?");
//bind using data according to http://www.php.net/manual/en/mysqli-stmt.bind-param.php
$stmt->bind_param('ssddii', $DEP_TIME, $ARR_TIME, $TRAVEL_TIME, $HRS_WORKED, $WS_ID2[0], $WS_ID2[1]);
$stmt->execute();
$stmt->close();
$con->close();
另外,我的另一个想法是,如果$WS_ID2只有一个值,那么PHP不会为$ WS_ID [1]提供超出范围的错误吗?