我必须更新配置文件的代码始终使用update语句中#! /bin/bash
if [ $# != "1" ];then
echo "Not enough arguments.";
echo "Usage: killQueryByDB.sh <db_name>";
exit;
fi;
DB=${1};
for i in `mysql -u <user> -h localhost ${DB} -p<password> -e "show processlist" | sed 's/\(^[0-9]*\).*/\1/'`; do
echo "Killing query ${i}";
mysql -u <user> -h localhost ${DB} -p<password> -e "kill query ${i}";
done;
的参数进行更新。即使它们为空且非null,这意味着我的用户会使用大量空值进行更新。我希望我的SQL语句中的POST语句(我正在使用PDO)仅在值不为空且与现有值不同时才更改所设置的内容。目前,我认为我的代码是检查值是否与现有值不同。我想尽可能使用UPDATE使用现有模板,但可以使用其他解决方案,例如bindParam如果你想得更好!
以下是我的更新个人资料页面,其中包含if(!isempty)表单:
POST然后传递给<form id="profile_form" action="updateProfile.php" method="post">
<input hidden name="userID" value="<?php echo $user; ?>"/>
<div class="col-md-9 col-lg-9 " align="center"><img alt="User Pic"
src="<?php echo $data['profile_picture']; ?>"
class="img-circle img-responsive"
style="max-width:30%;max-height:30%;">
<p>
<label for="file">Select a file:</label> <input type="file" disabled name="userfile"
id="file"> <br/>
</div>
<?php
if (isset($_POST['userfile'])){
// Configuration - Your Options
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
$upload_path = './uploads/profile/'; // The place the files will be uploaded to (currently a 'files' directory).
$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
// Upload the file to your specified path.
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
else
echo 'There was an error during the file upload. Please try again.'; // It failed :(.
}
?>
<div class=" col-md-9 col-lg-9 ">
<table class="table table-user-information">
<tbody>
<tr>
<td>Username</td>
<td><input type="text" disabled name="username"
value= <?php echo $data['username']; ?>>
</td>
</tr>
<tr>
<td>First Name</td>
<td><input type="text" disabled name="firstName"
value= <?php echo $data['first_name']; ?>></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" disabled name="lastName"
value= <?php echo $data['last_name']; ?>>
</td>
</tr>
<tr>
<td>Date of Birth</td>
<td><input type="text" disabled name="dob"
value= <?php echo $data['birthdate']; ?>>
</td>
</tr>
<tr>
<tr>
<td>Email</td>
<td><input type="text" disabled name="email"
value= <?php echo $data['email']; ?>>
</td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" disabled name="password">
</td>
</tr>
<!-- Conditional label based on who you are -->
<?php
if ($data['role_id'] == 2) {
echo "<td>Seller Rating</td>";
} else {
echo "<td>Buyer Rating</td>";
}
?>
<td>
<?php
$stars = round($data['rating'], 0, PHP_ROUND_HALF_DOWN);
$diff = $data['rating'] - $stars;
$perc = number_format(($data['rating'] / 5) * 100);
do {
if ($stars == 1 && $diff < 0) {
echo '<span class="glyphicon glyphicon-star opacity"></span>';
} else {
echo '<span class="glyphicon glyphicon-star"></span>';
}
$stars = $stars - 1;
} while ($stars > 0);
echo "<p> " . $perc . "% </p>";
?>
</td>
</tr>
</tbody>
</table>
<input class="btn btn-sm btn-warning" id="edit" type="button" value="Edit">
<input class="btn btn-sm btn-success" disabled type="submit" value="Submit">
</a>
</div>
</form>
<script>
var el = document.getElementById('edit');
var frm = document.getElementById('profile_form');
el.addEventListener('click', function () {
for (var i = 0; i < frm.length; i++) {
frm.elements[i].disabled = false;
}
frm.elements[0].focus();
});
</script>
:
updateProfile.php答案 0 :(得分:0)
COALESCE返回第一个非null参数。因此,如果您希望保持代码的工作方式相同,则可以将每个bindParam调用更改为:
$ins->bindParam(':username', $_POST["username"] ?: null);
所以&#34; false&#34;值(&#39;&#39;,0等)作为null发送到DB。
如果您想有条件地致电bindParam,您还需要有条件地构建您的SQL。绑定参数必须与SQL中定义的参数对齐。此时,您正在动态构建一个查询字符串,这会很快变得难看。
但是,我认为这是一个糟糕的解决方案,代码可以更好地编写。例如,如果您正在进行表单POST,为什么先前设置的数据会有空值?我会在加载时用当前数据填充表单。还要考虑切换到查询构建器或ORM,以便只将修改后的字段放入查询中。
答案 1 :(得分:0)
我设法解决了这个问题。 COALESCE声明令人分心。我使用数组来构建SQL,如@Matt S提到的那样。
以下是updateProfile.php的代码。
此外,无需将bindParam与PDO一起使用。
<?php
try {
require 'dbConnection.php';
$sql = "UPDATE Users SET ";
$username = "";
$firstName = "";
$lastName = "";
$dob = "";
$userfile = "";
$email = "";
$hashedPass = "";
if (!empty($_POST["username"])) {
$username = $_POST["username"];
}
if (!empty($_POST["password"])) {
$hashedPass = sha1($_POST["password"], false);
}
if (!empty($_POST["firstName"])) {
$firstName = $_POST["firstName"];
}
if (!empty($_POST["lastName"])) {
$lastName = $_POST["lastName"];
}
if (!empty($_POST["dob"])) {
$dob = $_POST["dob"];
}
if (!empty($_POST["userfile"])) {
$userfile = $_POST["userfile"];
}
if (!empty($_POST["email"])) {
$email = $_POST["email"];
}
$userID = $_POST['userID'];
$updates = array();
if ($username != "") {
$updates[] = "username='$username'";
}
if ($firstName != "") {
$updates[] = "first_name='$firstName'";
}
if ($lastName != "") {
$updates[] = "last_name='$lastName'";
}
if ($email != "") {
$updates[] = "email='$email'";
}
if ($dob != "") {
$updates[] = "birthdate='$dob'";
}
if ($userfile != "") {
$updates[] = "profile_picture='$userfile'";
}
if ($hashedPass != "") {
$updates[] = "passwd='$hashedPass'";
}
if (count($updates) > 0) {
$sql .= implode(', ', $updates) . " WHERE user_id='$userID'";
}
// Prepare query
$updatequery = $db->prepare($sql);
// execute the query
$updatequery->execute();
header('Location: profile.php');
} catch (PDOException $e) {
echo $e->getMessage();
}