Question

是否可以使用一个表单更新所有非空白（仅用户输入信息的输入）输入？所以，我有一个edit_profile.php页面，我有一个输入列表。它也是一种形式。我还是PHP的初学者，所以我不确定该怎么做。我知道PHP出错的地方，我只是不知道解决方法。这是html;

<form action="edit_profile.php" method="post">
<fieldset>
    <legend>Edit your profile</legend>
    <label for="title">Member Title</label>
    <input type="text" name="title" id="title" placeholder="Member Title">
    <span class="help-block">This will be shown next to your posts. Only numbers, letters, and grammar symbols allowed</span>
    <hr class="soften">
    <label for="about">About you</label>
    <textarea name="about" id="about" placeholder="Tell us about yourself"></textarea>
    <span class="help-block">This information will be visible to other registered members. Only numbers, letters, and grammar symbols allowed</span>
    <hr class="soften">
    <label>Your gender</label>
    <p>I am...</p>
    <div class="btn-group" data-toggle="buttons-radio">
        <button type="button" class="btn btn-primary" id="gender" name="gender" value="Not Saying">Not Saying</button>
        <button type="button" class="btn btn-primary" id="gender" name="gender" value="Male">Male</button>
        <button type="button" class="btn btn-primary" id="gender" name="gender" value="Female">Female</button>
    </div>
    <span class="help-block">This is optional, leave as it is if you do not want to specify your gender.</span>
    <hr class="soften">
    <h3 class="muted">Social</h3>
    <div class="row-fluid">
        <div class="span4"> 
            <label for="social_facebook">Facebook</label>
            <input type="url" name="social_facebook" id="social_facebook" placeholder="Link to your Facebook page..." style="width: 100%">
        </div>
        <div class="span4">
            <label for="social_twitter">Twitter</label>
            <input type="url" name="social_twitter" id="social_twitter" placeholder="Link to your Twitter page..." style="width: 100%">
        </div>
        <div class="span4">
            <label for="social_youtube">YouTube</label>
            <input type="url" name="social_youtube" id="social_youtube" placeholder="Link to your YouTube page..." style="width: 100%">
        </div>
    </div>
    <span class="help-block">This information will be displayed on your profile if anything is entered</span>
    <hr class="soften">
    <label class="checkbox">
        <input type="hidden" name="view_profile" id="view_profile" value="0">
        <input type="checkbox" name="view_profile" id="view_profile" value="1"> View profile after saving?
    </label>
    <hr class="soften">
    <button type="submit" class="btn btn-primary">Save Profile</button>
    <a href="./" class="btn btn-inverse">Cancel</a>
</fieldset>

和PHP;

$gender = '';
$id = $_SESSION['id'];

$title      = $_POST['title'];
$about      = $_POST['about'];
$gender     = $_POST['gender'];
$check      = $_POST['view_profile'];
$facebook   = $_POST['social_facebook'];
$twitter    = $_POST['social_twitter'];
$youtube    = $_POST['social_youtube'];

$errors = array();
if($title){
    $range = range(0,32);
    if(!in_array(strlen($title),$range)){
        $errors[] = "<div class='alert alert-danger'>Member Title has a character limit of 32 characters!</div>";
    }
}
# if(empty($gender)) {
#   $errors[] = "<div class='alert alert-danger'>Please select a gender!</div>";
# }
$title = addslashes(htmlspecialchars($title));
$about = addslashes(htmlspecialchars($about));

$facebook   = stripslashes($facebook);
$twitter    = stripslashes($twitter);
$youtube    = stripslashes($youtube);

if(count($errors) > 0){
    foreach($errors AS $error){
        echo '<div class="container">';
        echo $error;
        echo '</div>';
    }
} else {
    if(!empty($check)) {
        $url = "./profile.php?id=".$_SESSION['id']."";
        $_SESSION['profile_updated'] = "Your profile was successfully updated";
    } 
    if(empty($check)) {
        $url = './edit_profile.php';
        $_SESSION['profile_updated_edit'] = "Your profile was successfully updated. <a href='./profile.php?id=".$_SESSION['id']."'>View it here</a>";
    }
    $sql4 = "UPDATE 
            `user_profiles` 
            SET 
            `title` = '$title',`about` = '$about', `gender` = '$gender', `facebook` = '$facebook', `twitter` = '$twitter', `youtube` = '$youtube' 
            WHERE 
            `id` = '$id'";
    $res4 = mysql_query($sql4) or die(mysql_error());
    header("Location: $url");
}

所以我知道我在“UPDATE user_profiles查询中出错了，我只是不知道如果它们包含信息，如何插入输入：”

Answer 1

您必须检查每个项目以查看它是否为空，然后构建您的查询：

$qString = '';
if(!empty($title))
    $qString .= "`title` = '$title',";
if(!empty($about))
    $qString .= "`about` = '$about',";
if(!empty($gender))
    $qString .= "`gender` = '$gender',";
if(!empty($check))
    $qString .= "`check` = '$check',";
if(!empty($facebook))
    $qString .= "`facebook` = '$facebook',";
if(!empty($twitter))
    $qString .= "`twitter` = '$twitter',";
if(!empty($youtube))
    $qString .= "`youtube` = '$youtube',";

$qString = trim($qString,',');

if(!empty($qString)){
    $sql4 = "UPDATE
    `user_profiles`
    SET
    $qString
    WHERE
    `id` = '$id'";
}

我真的建议使用PDO或mysqli并使用参数来阻止sql注入

Answer 2

一种选择是在SQL语句中处理它。

将提供的值与零长度字符串进行比较。

如果它不等于零长度字符串，则将其分配给列，否则，不要对列进行更改。而诀窍是将列的当前值分配回列。

您可以进行不等式比较或等式比较，例如

  UPDATE `user_profiles` 
     SET `title` = IF( '$title' <> '' , '$title', `title`)
       , `about` = IF( '$about' = ''  , `about`, '$about')

PHP：更新除空白字段外的所有内容

2 个答案: