使用php mysql的PDO UPDATE数组

时间:2014-10-24 23:21:51

标签: php mysql arrays pdo survey

您好我正在尝试创建一个代码来更新或编辑每个答案的调查答案和评论但是当我执行提交表单的函数时,它没有将任何值保存到数据库中。我该怎么做才能解决它?

我是PDO的新手。

提前致谢。

数据库结构

"Questions" (idquestion, question)

"Surveys" (idsurvey, idquestion, answers, comments_per_question, survey_number)

更新功能

public function ModifySurveyMulti($answer = array())
{                           
    if(!empty($answer)) {
        foreach($answer as $questi => $value  ) {
            $this->MyDB->Write("UPDATE survey SET(
                      `idquestion` = '".$questi."',                             
                      `answers` = '".$value[0]."',
                      `comments_per_answer`= '".$_POST["comment"][$questi]."')");
        }
    }
}

modify_surveyform.php

<th><?php echo $row["questions"];?></th>
<td>
  <input type  = "text" 
         name  = "answer[<?php echo $row['idquestion'];?>][]"
         value = "<?php echo $row["answers"];?>">
  </input>
</td>
<td>
  <Textarea type = "text"
            name = "comment[<?php echo $row['idquestion'];?>]"
            cols = "50" rows = "3"/> <?php echo $row["comment"];?
  </textarea>
</td>
</tr><?php } ?>

Mydbconnect.php

<?php
// I'm adding my PDO database because yours is deprecated
class DBConnect
{
    public   $con;
    // Create a default database element
    public  function __construct($host = '',$db = '',$user = '',$pass = '')
    {
        try {
            $this->con = new PDO("mysql:host=$host;
                                  dbname=$db",$user,
                                  $pass, array(
                                          PDO::ATTR_ERRMODE 
                                               => PDO::ERRMODE_WARNING
                                         )
                                 );
        }
        catch (Exception $e) {
            return 0;
        }
     }

     // Simple fetch and return method
     public  function Fetch($_sql)
     {
         $query  =   $this->con->prepare($_sql);
         $query->execute();
             if($query->rowCount() > 0) {
                 while($array = $query->fetch(PDO::FETCH_ASSOC)) {
                     $rows[]   =   $array;
                 }
             }
         return (isset($rows) && $rows !== 0 && !empty($rows))? $rows: 0;
      }

      // Simple write to db method
      public  function Write($_sql)
      {
          $query = $this->con->prepare($_sql);
          $query->execute();
      }
}?>

1 个答案:

答案 0 :(得分:2)

您需要做的事情很少:

  • 首先抛弃此代码,它是无用的,并将您暴露给sql 注射
  • 直接使用PDO和准备好的声明
  • 您需要的查询是:

UPDATE survey SET(`answers`= ?,`comments_per_answer`= ?) WHERE idquestion = ?

您需要调整班级才能创建连接

class DBConnect
{
    public   $con;

    public  function __construct($host = '',$db = '',$user = '',$pass = '')
    {
        try {
                $this->con  =  new PDO(
                               "mysql:host=$host;dbname=$db",
                               $user,$pass, 
                               array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING)
                );
        }
        catch (Exception $e) {
            die($e);
        }
    }

    public function get_connection(){
        return $this->con;
    }

}

这样你就可以像这样创建它:

$db = new DBConnect(/*pass arguments here*/);
$this->MyDB = $db->get_connection();

在您的函数中修改并使用它:

public function ModifySurveyMulti($answer = array(), $comments)
{
    $sql = 'UPDATE survey SET(`answers`= ?,`comments_per_answer`= ?) 
            WHERE idquestion = ?';
    $stmt->prepare($sql);
    foreach($answer as $questi => $value ) {
        $stmt->execute(array($value, $comments[$questi],$questi));
        $count = $stmt->rowCount();
        echo $count > 0 ? $questi.' updated' : $questi.' did not update';
    }
}

调用该函数:

if(isset($_POST['answer'], $_POST['comments'])){
    $answers =  $_POST['answer'];
    $comments =  $_POST['comments'];
    ModifySurveyMulti($answers, $comments);
}