我找到了一个用于更新数据库的代码php,但它仅适用于两个字段的id和item。如果我有7个字段,id_admin,名称,电子邮件,地址,电话号码,用户名和密码,表名是admin,那怎么样?这是我找到的代码。
<?php
error_reporting(0);
include("db_config.php");
// array for JSON response
$response = array();
if( isset($_POST['id'] ) && isset($_POST['item']) ) {
$id=$_POST['id'];
$item=$_POST['item'];
$result = mysql_query("update myorder set item='$item' where id='$id' ") or die(mysql_error());
$row_count = mysql_affected_rows();
if($row_count>0){
$response["success"] = 1;
$response["message"] = "Updated Sucessfully.";
}
else{
$response["success"] = 0;
$response["message"] = "Failed To Update.";
}
// echoing JSON response
echo json_encode($response); } ?>
答案 0 :(得分:0)
更改这些行:
if( isset($_POST['id'] ) && isset($_POST['item']) ) {
$id=$_POST['id'];
$item=$_POST['item'];
$result = mysql_query("update myorder set item='$item' where id='$id' ") or die(mysql_error());
用这些:
if( isset($_POST['submit'] ) ) {
$id=htmlspecialchars($_POST['id']);
$item=htmlspecialchars($_POST['item']);
$name=htmlspecialchars($_POST['name']);
$email=htmlspecialchars($_POST['email']);
//and so on...
$result = mysql_query("update myorder set item=$item, name=$name, email= $email ... where id=$id ") or die(mysql_error());
答案 1 :(得分:0)
警告mysql_query,mysql_fetch_array,mysql_connect等..扩展在PHP 5.5.0中已弃用,并且已在PHP 7.0.0中删除。 相反,应该使用MySQLi或PDO_MySQL扩展。
<?php
error_reporting(0);
//db connection
global $conn;
$servername = "localhost"; //host name
$username = "username"; //username
$password = "password"; //password
$mysql_database = "dbname"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());
mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");
// array for JSON response
$response = array();
if( isset($_POST['id'] ) && isset($_POST['item']) ) {
$id=$_POST['id'];
$item=$_POST['item'];
$stmt = $conn->prepare("update myorder set item=?,name=?,id_admin=?,email=?,address=?,phonenumber=? where id=? ");
$stmt->bind_param('ssissii',$item,$name,$id_admin,$email,$address,$phonenumber,$id);
The argument may be one of four types:
i - integer
d - double
s - string
b - BLOB
//change it by respectively
$stmt->execute();
$row_count= $stmt->affected_rows;
if($row_count>0)
{
$response["success"] = 1;
$response["message"] = "Updated Sucessfully.";
}
else{
$response["success"] = 0;
$response["message"] = "Failed To Update.";
}
// echoing JSON response
echo json_encode($response);
$stmt->close();
$conn->close();
}
?>
答案 2 :(得分:-1)
当需要在查询中插入用户值时,始终使用参数化查询。
示例:
$statement = $conn->prepare("update admin set name=?, email=?, address=?, phonenumber=?, username=?, password=? WHERE id_admin=?");
$statement->bind_param('ssssssi', $name, $email, $address, $phonenumber, $username, $password, $id_admin);
$statement->execute();