MySQL Update不起作用,但删除工作完美

时间:2017-05-26 13:43:02

标签: php mysql wordpress

<?php

$connect = mysqli_connect('localhost', 'root', 'samagulf', 'wordpress');
$input = filter_input_array(INPUT_POST);
$country = mysqli_real_escape_string($connect, $input["country"]);
$city = mysqli_real_escape_string($connect, $input["city"]);
$for = mysqli_real_escape_string($connect, $input["for"]);
$title = mysqli_real_escape_string($connect, $input["title"]);
$details = mysqli_real_escape_string($connect, $input["details"]);
$price = mysqli_real_escape_string($connect, $input["price"]);
$email = mysqli_real_escape_string($connect, $input["email"]);
$phone = mysqli_real_escape_string($connect, $input["phone"]);
$photo = mysqli_real_escape_string($connect, $input["photo"]);

if($input["action"] === 'edit') {

    $query = "UPDATE wp_wpdatatable_1
        SET country=' " . $country . " ',city=' " . $city . " ',for=' " . $for . " ',title=' 
        " . $title . " ',details=' " . $details . " ',price=' " . $price . " ',email=' 
        " . $email . " 
        ',phone=' " . $phone . " ',photo=' " . $photo . " '
        where wdt_ID=' " . $input["wdt_ID"] . " ' ";

    mysqli_query($connect, $query);
}

if($input["action"] === 'delete') {
    $query = "DELETE FROM wp_wpdatatable_1 
        where wdt_ID=' " . $input["wdt_ID"] . " ' ";

    mysqli_query($connect, $query);
}

echo json_encode($input);

?>

1 个答案:

答案 0 :(得分:0)

在这里,使用预备语句。这将解决您所引发的问题,例如引用。它也会阻止SQL注入。 N.B你不需要再逃避了。使用准备好的陈述时没有必要

 $stmt = $connect->prepare("UPDATE wp_wpdatatable_1 SET country=?, city=?, for=?, title=?, details=?, price=?, email=? phone=? photo=? WHERE wdt_ID=?");
        $stmt->bind_param('sssssssss', $country, $city, $for, $title, $details, $price, $email, $phone, $photo, $input['wdt_ID']); //bind placeholders to values     

 if($stmt->execute() == true){//check for success/failure(returns true/false)
    echo 'Updated';//it worked
  } else {
      echo 'Failed to update: '.$connect->error; //Oops error. 
    }