使用php变量时无法执行SQL更新

Question

我只是注意到当我从链接中使用PHP变量时，我无法执行SQL更新 我的代码（我没有发现任何错误，也没有错误输出）

<?php

if ($_POST && isset($_POST['hdduid'], $_POST['status'])) {
    $dbhost = 'localhost';
    $dbuser = 'root';
    $dbpass = 'L24wmc1nJBVP90q9yY';
    $dbname = 'watt';

    try {
        // Try to connect
        $dbh = new PDO(
            'mysql:host='.$dbhost.';dbname='.$dbname,
            $dbuser,
            $dbpass
        );

        // Data
        $hdduid = $_POST['hdduid'];
        $status = $_POST['status'];

        // query
        $sql = "UPDATE users SET paid=':status' WHERE hdduid=':hdduid'";
        $q = $dbh->prepare($sql);
        $q->execute(array(
            ':message' => $message,
            ':email' => $email
        ));

        // Null connection
        $dbh = null;
    } catch (PDOException $e) { // if exception
        print "Error!: " . $e->getMessage() . "<br/>";
        die();
    }

?>

我编辑了代码，它仍然无法工作

Answer 1

您需要使用      mysqli_real_escape_string 不     mysql_real_escape_string 您不能将mysql与MySQLi混合使用

Answer 2

这是一个解决方案。它使用mysqli_real_escape_string而不是mysql_real_escape_string。我也将$status的名称更改为$paid，以提高可读性。祝你好运！

$servername = "localhost";
$username = "root";
$password = ""; //$password = "L24wmc1nJBVP90q9yY";
$dbname = "test";   //$dbname = "ft";

// Create connection
$connection = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($connection->connect_error) {
    die("Connection failed: " . $connection->connect_error);
}

$hdduid = $_GET["hdduid"];
$paid = $_GET["status"];

$sql = "UPDATE users SET paid='$paid' WHERE hdduid='$hdduid'";

if ($connection->query($sql) === TRUE) {
    echo "Record updated successfully";
} else {
    echo "Error updating record: " . $connection->error;
}

$connection->close();

Answer 3

这是使用准备好的语句的另一种解决方案。

$servername = "localhost";
$username = "root";
$password = "L24wmc1nJBVP90q9yY";
$dbname = "ft";

// Create connection
$connection = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($connection->connect_error) {
    die("Connection failed: " . $connection->connect_error);
}

$paid = $_GET["status"];
$hdduid = $_GET["hdduid"];

//Prepared statements
$statement = $connection->prepare("UPDATE users SET paid = ? WHERE hdduid = ?");
$statement->bind_param("ss", $paid, $hdduid);

if(!$statement->execute()) {
    echo "Error updating record: " . $statement->error;
} else {
    echo "Record updated successfully";
}

$statement->close();
$connection->close();