MySQLi更新不起作用,多列和两个where子句

时间:2015-03-11 01:10:20

标签: php mysqli

所以我已经调试了30多分钟,但我仍然无法弄清楚我做错了什么。我刚开始使用MySQLi,这就是我一直搞砸的事情之一。我认为它可能与preg_replace有关,我之前只使用过一次,所以我仍然不太喜欢它。

<?php
ob_start();
session_start(); 

include("../include/config.php");
include("../include/functions.php");

if (isset($_SESSION['pv1_session']) && $_SESSION['pv1_session'] == true) {

if (isset($_POST['submit'])) {

    $uid = idinfo($_SESSION['pv1_user_id'],"idu");
    $id = mysqli_real_escape_string($mysql, $_POST['fid']);

    $post_name = mysqli_real_escape_string($mysql, $_POST['name']);
    $post_tags = mysqli_real_escape_string($mysql, $_POST['tags']);

    $name = preg_replace("/[^\w a-zA-Zа-яА-Я0-9._-]/u", "_", $post_name);
    $tags = preg_replace("/[^\w a-zA-Zа-яА-Я0-9._-]/u", "_", $post_tags);
    $file = preg_replace("/[^\wa-zA-Zа-яА-Я0-9._-]/u", "_", $post_name);

    $update = mysqli_query($mysql,"UPDATE files SET name='$name', filename='$file', tags='$tags' WHERE user_id='$uid' AND filehash='$id'");

if (!$update) { 
    echo "<p>Unable to update file.</p>";
    exit;
} else {
echo "<p>Success: Your uploaded file has been updated!</p>";
$pro_url = $web['url'].'/account/manage_uploads.php';
header("Location: $pro_url");
}

}

} else {
  echo "ERROR: Please log in first!";
} 
?>

1 个答案:

答案 0 :(得分:0)

使用&#34;准备好的陈述&#34; (http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

这给你带来两个好处:

  • 它为你处理转义(并且也是正确的:你在preg_replace之前进行转义,这可能会非常错误)
  • 它还为您提供了非常简单的调试。您将参数放入一个数组中,您可以简单地回显(print_r)参数数组并查看preg_replace已完成的操作。