我正在开发一个'updateProfile'网络服务,用户可以更新一个或多个字段,我对如何构建查询感到困惑。我想我可以有多个if isset条件并根据需要在查询上保持一致。但是,我会遇到一个问题,即不知道哪些是提前发布的,因此不知道是否包括AND或逗号等。这是我的出发点:
$UpdateTradesman_Query= "UPDATE Tradesmen SET ";
if(isset($_REQUEST['FName'])){
$FName=mysql_real_escape_string($_POST['FName']);
$UpdateTradesman_Query.= "FName ='".$FName."'";
}
if(isset($_REQUEST['SName'])){
$SName=mysql_real_escape_string($_POST['SName']);
$UpdateTradesman_Query.= "SName ='".$SName."'";
}
if(isset($_REQUEST['Email'])){
$Email=mysql_real_escape_string($_POST['Email']);
$UpdateTradesman_Query.= "Email ='".$Email."'";
}
if(isset($_REQUEST['HomePhone'])){
$HomePhone=mysql_real_escape_string($_POST['HomePhone']);
$UpdateTradesman_Query.= "HomePhone ='".$HomePhone."'";
}
if(isset($_REQUEST['Mobile'])){
$Mobile=mysql_real_escape_string($_POST['Mobile']);
$UpdateTradesman_Query.= "Mobile ='".$Mobile."'";
}
if(isset($_REQUEST['Trade'])){
$Trade=mysql_real_escape_string($_POST['Trade']);
$UpdateTradesman_Query.= "Trade ='".$Trade."'";
}
if(isset($_REQUEST['Address'])){
$Address=mysql_real_escape_string($_POST['Address']);
$UpdateTradesman_Query.= "Address ='".$Address."'";
}
if(isset($_REQUEST['County'])){
$County=mysql_real_escape_string($_POST['County']);
$UpdateTradesman_Query.= "County ='".$County."'";
}
if(isset($_REQUEST['PostCode'])){
$PostCode=mysql_real_escape_string($_POST['PostCode']);
$UpdateTradesman_Query.= "PostCode ='".$PostCode."'";
}
if(isset($_REQUEST['Photo'])){
$Photo=mysql_real_escape_string($_POST['Photoe']);
$UpdateTradesman_Query.= "Photo ='".$Photo."'";
}
if(isset($_REQUEST['Profile'])){
$Profile=mysql_real_escape_string($_POST['Profile']);
$UpdateTradesman_Query.= "Profile ='".$Profile."'";
}
if(isset($_REQUEST['Qualification'])){
$Qualification=mysql_real_escape_string($_POST['Qualification']);
$UpdateTradesman_Query.= "Qualification ='".$Qualification."'";
}
if(isset($_REQUEST['AvailabilityTimes'])){
$AvailabilityTimes=mysql_real_escape_string($_POST['AvailabilityTimes']);
$UpdateTradesman_Query.= "AvailabilityTimes ='".$AvailabilityTimes."'";
}
$UpdateTradesman_Query.= "WHERE TradesmanID=".$TradesmanID;
echo $UpdateTradesman_Query;
if (mysql_query($UpdateTradesman_Query)){
$status= 'OK';
$message= 'null';
$Update= "OK";
}
else{
$status= 'Not OK';
$message= 'Error: Query Unsuccessful.'. mysql_error();
$Update= "Not OK";
}
我还必须考虑到,如果用户选择更新用户名或电子邮件,我将必须确保a)该电子邮件尚未与另一个帐户(已在数据库中)相关联或b)用户名还没有被采取。任何帮助赞赏。
答案 0 :(得分:0)
从您目前拥有的内容开始,您可以添加标记并添加逗号,如:
$addcomma=false;
$UpdateTradesman_Query= "UPDATE Tradesmen SET ";
if(isset($_REQUEST['FName'])){
$FName=mysql_real_escape_string($_POST['FName']);
$UpdateTradesman_Query.= "FName ='".$FName."'";
$addcomma= true;
}
if(isset($_REQUEST['SName'])){
$SName=mysql_real_escape_string($_POST['SName']);
if($addcomma) $UpdateTradesman_Query.= ",";
$UpdateTradesman_Query.= "SName ='".$SName."'";
$addcomma= true;
}
..etc..