我想知道这个想法是否是更新数据库中表格行的好习惯。
我通常更新这样的行,
$pg_id = set_variable($_POST,'pg_id');
$pg_url = set_variable($_POST,'pg_url');
$pg_title = set_variable($_POST,'pg_title');
$pg_subtitle = set_variable($_POST,'pg_subtitle');
$pg_description = set_variable($_POST,'pg_description');
$pg_introduction = set_variable($_POST,'pg_introduction');
$pg_content_1 = set_variable($_POST,'pg_content_1');
$pg_content_2 = set_variable($_POST,'pg_content_2');
$pg_content_3 = set_variable($_POST,'pg_content_3');
$pg_content_4 = set_variable($_POST,'pg_content_4');
$pg_backdate = set_variable($_POST,'pg_backdate');
$pg_tag = set_variable($_POST,'pg_tag');
$pg_user = set_variable($_POST,'pg_user');
$pg_member = set_variable($_POST,'pg_member');
$pg_highlight = set_variable($_POST,'pg_highlight');
$pg_hide = set_variable($_POST,'pg_hide');
$pg_cat_id = set_variable($_POST,'pg_cat_id');
$ps_cat_id = set_variable($_POST,'ps_cat_id');
$parent_id = set_variable($_POST,'parent_id');
$tmp_id = set_variable($_POST,'tmp_id');
$usr_id = set_variable($_POST,'usr_id');
$sql = "
UPDATE root_pages
SET
pg_url = ?,
pg_title = ?,
pg_subtitle = ?,
pg_backdate = ?,
pg_description = ?,
pg_introduction = ?,
pg_content_1 = ?,
pg_content_2 = ?,
pg_content_3 = ?,
pg_content_4 = ?,
pg_highlight = ?,
pg_hide = ?,
ps_cat_id = ?,
parent_id = ?,
tmp_id = ?,
updated_by = ?
WHERE pg_id = ?
";
# use the instantiated db connection object from the init.php, to process the query
$result = $connection->run_query($sql,array(
$pg_url,
$pg_title,
$pg_subtitle,
$pg_backdate,
$pg_description,
$pg_introduction,
$pg_content_1,
$pg_content_2,
$pg_content_3,
$pg_content_4,
$pg_highlight,
$pg_hide,
$ps_cat_id,
$parent_id,
$tmp_id,
$usr_id,
$pg_id
));
我发现这需要花费很长时间才能在维护时列出表格中的所有字段,所以我有这个简短的想法来解决它,
# queury the table columns.
$sql = "
SHOW COLUMNS
FROM root_pages
";
# use the stored connection object from the class_page_controller.php, to process the query.
$columns = $connection->fetch_all($sql);
# loop through the table columns, select the 'Field' column only, turn the field into variables, then get the variable's value from the array.
foreach($columns as $column)
{
$$column['Field'] = set_variable($_POST,$column['Field']);
}
foreach($columns as $column)
{
$sql = "
UPDATE root_pages
SET
".$column['Field']." = ?
WHERE pg_id = ?
";
# use the instantiated db connection object from the init.php, to process the query
$result = $connection->run_query($sql,array($$column['Field'],$pg_id));
}
它更短但我在这个捷径中使用了大量的循环 - 是不是很糟糕?
这是否会使服务器在处理更新时变慢?我没有看到这种方法会遇到什么问题?
答案 0 :(得分:2)
更多查询意味着更多时间,因此如果您要单独更新每个字段(而不是一次更新一行),则需要更长时间。
此外,您可能希望对提交的值应用过滤器,以确保不会更新您不想更新的字段。
例如,如果您有一个用户表,其中列出了帐户余额:
id | user | credit
==========================
1 | John Smith | 50
如果我可以向您的表单处理程序提交表单,因为“信用”字段会显示在SHOW COLUMNS...查询中,我可以通过一个表单向您发送POST提交内容使用$_POST['user'] = "Mike Rowe" 和 $_POST['credit'] = 9999更改我的姓名,您可以将上述内容更改为:
id | user | credit
==========================
1 | Mike Rowe | 9999
更新:建议的解决方案
不是相信数据库字段名称可以安全地用于处理这样的查询,为什么不拥有自己的可编辑字段数组而只是循环它们呢?
$editable_fields = array(
'pg_url' ,
'pg_title' ,
...
);
$form_values = array();
$sql_pattern = array();
foreach( $editable_fields as $k ){
if( $k != 'pg_id'
&& isset( $_POST[$k] ) ){
$form_values[$k] = $_POST[$k];
// NOTE: You could use a variant on your above code here, like so
// $form_values[$k] = set_variable( $_POST , $k );
$sql_pattern[] = "$k = ?";
}
}
$sql_pattern = 'UPDATE root_pages SET '.implode( ' , ' , $sql_pattern ).' WHERE pg_id = ?';
# use the instantiated db connection object from the init.php, to process the query
$result = $connection->run_query($sql_pattern,array_merge(
$form_values ,
$_POST['pg_id']
));
注意:此代码未经测试,而不是我通常操作的方式,因此请将其用作指南,而不是圣经......