Question

我有以下代码更新用户信息。我只需要为填写的字段运行查询，因此您不必在每次要对用户进行一些编辑时添加所有信息。我想要忽略空表单字段

我无法弄清楚实现这一目标的方法：

 if(isset($_POST['do_edit'])) {


    $id = mysql_real_escape_string($_POST['user_id']);
    $company_name = mysql_real_escape_string($_POST['company_name']);
    $contact = mysql_real_escape_string($_POST['contact']);
    $username = mysql_real_escape_string($_POST['username']);
    $phone = mysql_real_escape_string($_POST['phone']);
    $address = mysql_real_escape_string($_POST['address']);
    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);
    $password2 = mysql_real_escape_string($_POST['confirm']);
    $level = mysql_real_escape_string($_POST['user_level']);
    $restrict = mysql_real_escape_string($_POST['restrict']);

    $delete = mysql_real_escape_string($_POST['delete']);

    // Ticked the 'delete user' box? If so, delete and echo message.    
    if($delete == 'delete_uid' && $error == '') {

    $sql = "DELETE FROM login_users WHERE user_id='$id'";
    $query = mysql_query($sql) or die("Fatal error: ".mysql_error());

    echo "<h3>Deleted</h3>";
    echo "<div class='success_message'>User <b>$company_name $contact</b> has been removed from the database.</div>";

    echo "<h2>What to do now?</h2><br />";
    echo "<a href=''>&laquo; Back to Admin Panel</a> | Go to the <a href='user_edit.php'>edit users</a> page.</li>";

    } else {

    // Validate the submitted information

        if(trim($id) == '1') {
            $error = '<div class="error_message">Attention! You cannot edit the main Administrator, use database.</div>';
        } else if(trim($company_name) == '') {
            $error = '<div class="error_message">Attention! You must enter a company name.</div>';
        } else if(trim($contact) == '') {
            $error = '<div class="error_message">Attention! You must enter a contact name.</div>';
        } else if(!isEmail($email)) {
            $error = '<div class="error_message">Attention! You have entered an invalid e-mail address, try again.</div>';
        } else if(trim($level) == '') {
            $error = '<div class="error_message">Attention! No user level has been selected.</div>';
        }

    // Password been entered? If so, validate and update information.

        if($password != '') {

            if($password != $password2) {
                $error = '<div class="error_message">Attention! Your passwords did not match.</div>';
            }

            if(strlen($password) < 5) {
                $error = '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
            }

            if($error == '') {

            $sql = "UPDATE login_users SET restricted='$restrict', company_name='$company_name', contact='$contact', email='$email', user_level='$level', password = MD5('$password') WHERE user_id = '$id'";
            $query = mysql_query($sql) or die("Fatal error: ".mysql_error());

            echo "<h2>Updated</h2>";
            echo "<div class='success_message'>User information (and password) updated for User ID <b>$id ($company_name)</b>.</div>";

            echo "<h2>What to do now?</h2><br />";
            echo "<a href=''>&laquo; Back to Admin Panel</a> | Go to the <a href='user_edit.php'>edit users</a> page.</li>";

            }

    // Password has not been entered don't update password fields.

        } else {

            if($error == '') {

            $sql = "UPDATE login_users SET restricted='$restrict', company_name='$company_name', contact='$contact', username='$username', email='$email', user_level='$level' WHERE user_id = '$id'";
            $query = mysql_query($sql) or die("Fatal error: ".mysql_error());

            echo "<h2>Updated</h2>";
            echo "<div class='success_message'>User information updated for <b>$company_name</b>.</div>";

            echo "<h2>What to do now?</h2><br />";
            echo "<a href=''>&laquo; Back to Admin Panel</a> | Go to the <a href='user_edit.php'>edit users</a> page.</li>";

            }

        }

    }
}

Answer 1

检查字段列表，并根据符合条件的查询动态构建UPDATE查询。强烈考虑编写一个或两个函数来帮助构建查询而不需要重复的逻辑，但是下面应该提供一个提示：

$sql = "UPDATE login_users SET ";
$first = 1;
if ($restrict != '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "restricted='$restrict'";
}

if ($company_name != '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "company_name='$company_name'";
}

if ($contact != '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "contact='$contact'";
}

if ($username != '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "username='$username'";
}

if ($email != '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "email='$email'";
}

if ($level!= '') {
    if ($first) {
        $first = 0;
    } else {
        $query += ", ";
    }
    $query += "user_level='$level'";
}

$query += " WHERE user_id = '$id'";

if (! $first) {
    // do query, since we know something was changed
}

Answer 2

两种方法：

我通常使用的是仅使用数据库字段（密码除外）来预先填充表单字段。它们不一定是空的。
从一个空的UPDATE查询（UPDATE login_users SET ? WHERE user_id=$id）开始并构造一个field ='value'，... string来替换？。

第二个似乎比预先填写表格更麻烦。

Answer 3

您可以尝试这样的事情：

$sql = "UPDATE login_users SET ";
foreach ($_POST as $fieldname=>$value) {
    if ($value) {
        $sql .= "$fieldname='$value', ";
    }
}
$sql = substr($sql, 0, -2); // to remove the last ", "
$sql .= " WHERE user_id = '$id';";

要注意两件事：

$ fieldname必须与数据库中的实际字段名称相同（如果没有，您应该做一些重命名）。
你应该在中间的某个地方使用md5作为密码。

编辑：还有两件事！

不要忘记做MySQL转义。
使用sprintf

PHP防止重复发布

3 个答案: