0

我正在尝试一次编辑许多列。我有很多字段希望用户能够编辑。我不确定我做错了什么。任何帮助将不胜感激。它指出您的 mySQL 查询存在问题,请联系技术支持并提供以下信息:

       <?php 
       $dbserver = "";
       $dblogin = "";
       $dbpassword = "";
       $dbname = "";

       $con = mysqli_connect("$dbserver","$dblogin","$dbpassword","$dbname");
       if (!$con)
       {
       die('Could not connect to the mySQL server please contact technical 
       support with the following information: ' . mysqli_connect_errno());
       }

       $organization = mysqli_real_escape_string($_POST['organization']);
       $firstname = mysqli_real_escape_string($_POST['firstname']);
       $lastname = mysqli_real_escape_string($_POST['lastname']);
       $rank = mysqli_real_escape_string($_POST['rank']);
       $branch= mysqli_real_escape_string($_POST['branch']);
       $gender= mysqli_real_escape_string($_POST['gender']);
       $emailaddress = mysqli_real_escape_string($_POST['emailaddress']);
       $jobtitle = mysqli_real_escape_string($_POST['jobtitle']);
       $company = mysqli_real_escape_string($_POST['company']);
       $businessphone = mysqli_real_escape_string($_POST['businessphone']);
       $homephone = mysqli_real_escape_string($_POST['homephone']);
       $mobilephone = mysqli_real_escape_string($_POST['mobilephone']);
       $faxnumber = mysqli_real_escape_string($_POST['faxnumber']);
       $address = mysqli_real_escape_string($_POST['address']);
       $city = mysqli_real_escape_string($_POST['city']);
       $state = mysqli_real_escape_string($_POST['state']);
       $zippostal = mysqli_real_escape_string($_POST['zippostal']);
       $country = mysqli_real_escape_string($_POST['country']);
       $notes = mysqli_real_escape_string($_POST['notes']);
       $donorid = mysqli_real_escape_string($_POST['donorid']);

       // make the query a variable so we can print out if it fails
       $query = "UPDATE donors SET organization = '$organization', firstname =         
       '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch', 
       gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', 
       company = '$company', businessphone = '$businessphone', homephone = 
       '$homephone', mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = 
       '$address', city = '$city', state = '$state', zippostal = '$zippostal', country 
       = '$country', notes = '$notes', donorid = '$donorid' WHERE donorid = 
       '$donorid'";

       $sql = mysqli_query($con,$query) or die('There was a problem with your mySQL   
       query please contact technical support with the following information: ' .  
       mysqli_error());

       // troubleshooting for development only     
       if(mysqli_affected_rows($sql) < 1){
       die('There was a problem with your mySQL query : ' . $query);}

       mysqli_close($con);
        header( 'Location: http://localhost/moddonor.php' ) ;
        ?>
4

3 回答 3

4

根据@Sean answer上的对话,您需要动态构建查询,这样的事情应该可以工作(还应该注意我使用 php5.3+ 特定语法的匿名函数array_map):

// array of field => bind type
$fields = array(
   'firstname' => 's',
   'lastname' => 's',
   'rank' => 'i',
   // other fields EXCEPT donorid
);

// template for the sql
$sqlTemplate = 'UPDATE SET %s WHERE donorid = ?';

// array to hold the fields we will actually use with the query
$params = array();

// lets check the fileds against those allowed
// and stick them in the $params array - note we exclude donorid
// because its required


foreach ($fields as $field => $type) {
   if(isset($_POST[$field]) && !empty($_POST[$field])) {
      $params[$field] = array(
          'value' => $_POST[$field],
          'type' => $type
      ); 
   }
}

// if we actually have something to update then lets prep the sql

if(!empty($params)) {
   $forUpdate = array_map(function ($f) { return $field . ' = ?'; }, array_keys($params));
   $sql = sprtintf($sqlTemplates, implode(',', $forUpdate));

   // $sql is now the parameterized query like my example below

   // compile all the parameter types into a single string like 'ssi'
   $types = implode('', array_map(function($v){ return $v['type'];}, $params));

   // now we need to push the $stmt and the $types onto $params
   array_unshift ($params, $stmt, $types);

   // params now looks like:
   // Array ( 0 => Msqil_Stmt, 1 => 'ssi', 'firstname' => 'thevalue', 'lastname' => 'value', 'rank' => 1, etc..) 

   // now call bindparam via call_user_func_array 
   call_user_func_array('mysql_stmt_bind_param', $params);

   // now execute the query:

   mysqli_stmt_execute($stmt);
}

你做错了很多事情:

  1. 您正在使用两者mysql_*mysqli_*它们不可互换。Use mysqli_*because mysql_*is deprecated ans should not be used了;你所有的mysql函数都应该是mysqli版本。
  2. 您需要在值周围加上引号,并且还需要转义这些值。由于您使用 mysqli 使用准备好的语句
  3. 资源连接是查询函数的第二个参数,而不是第一个。

--

  // with mysqli the db name is passed as an argument wen creating the connection
  $con = mysqli_connect("$dbserver","$dblogin","$dbpassword", $dbname);

  if (!$con) {
     die('Could not connect to the mySQL server please contact 
        technical support with the following information: ' . mysqli_error());
  }

  $sql = "UPDATE donors set organization = ?, firstname =  
  ?, lastname = ?, rank = ?, branch = ?,
  gender = ?, emailaddress = ?, jobtitle = ?, company   
  =?, businessphone = ?, homephone = ?, 
  mobilephone =?, faxnumber = ?, address = ?, city = 
  ?, state = ?, zippostal =?, country = ?,
  note = ?
  WHERE donorid= ?";
  $stmt = mysqli_preapre($sql);

  mysqli_bind_param($stmt, 
     'ssisss...i', 
     $organization,
     $firstname,
     $lastname,
     $rank,
     $branch,
     $gender,
      $emailaddress,
     // other feilds... the must be in the same order as named in the query
     // then lastly the donorid
     $donorid
  );

  // execute the query
  mysqli_stmt_excecute($stmt);

  mysqli_close($con);
  header( 'Location: http://localhost/moddonor.php' ) ;
于 2013-03-24T04:02:46.170 回答
1

您正在使用 连接mysql_connect(),但使用mysqli_query(). 您还需要将您的值括在引号'/"

  $con = mysql_connect("$dbserver","$dblogin","$dbpassword");
  ...
  mysql_select_db("$dbname", $con);
  ...
  mysqli_query($con,"UPDATE donors set organization = '$organization', firstname =  
  '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch',
  gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', company   
  ='$company', businessphone = '$businessphone', homephone = '$homephone', 
  mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = '$address', city = 
  '$city', state = '$state', zippostal = '$zippostal', country = '$country',
  note = '$note' WHERE donorid= '$donorid'");

  mysqli_close($con);

将您的连接更改mysqli_connect()mysql_函数已折旧。

  $con = mysqli_connect("$dbserver", "$dblogin", "$dbpassword", "$dbname");
  if (!$con)
  {
  die('Could not connect to the mySQL server please contact 
  technical support with the following information: ' . mysqli_error());
  }

  mysqli_query($con,"UPDATE donors set organization = '$organization', firstname =  
  '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch',
  gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', company   
  ='$company', businessphone = '$businessphone', homephone = '$homephone', 
  mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = '$address', city = 
  '$city', state = '$state', zippostal = '$zippostal', country = '$country',
  note = '$note' WHERE donorid= '$donorid'");

此外,学习如何做准备好的陈述也是有益的 - http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

请参阅 - http://php.net/manual/en/mysqlinfo.api.choosing.php
http://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated


编辑
显然您在查询中使用它们之前没有设置变量。注意:确保清理任何用户输入。看mysqli_real_escape_string()

//Put this after $con = mysqli_connect(), but before mysqli_query()
$organization = mysqli_real_escape_string($_POST['organization']);
$firstname = mysqli_real_escape_string($_POST['firstname']);
$lastname = mysqli_real_escape_string($_POST['lastname']);
....
$donorid = mysqli_real_escape_string($_POST['donorid']);
// need to add the rest of your form inputs

编辑 2
在您更新的脚本上存在一些问题 - organization = $_POST['$organization'], $firstname = $_POST['$firstname']mysql_error()等。尝试使用以下代码编辑。

 <?php 
 $dbserver = "";
 $dblogin = "";
 $dbpassword = "";
 $dbname = "";

 $con = mysqli_connect("$dbserver","$dblogin","$dbpassword","$dbname");
 if (!$con)
 {
 die('Could not connect to the mySQL server please contact technical support with  
 the following information: ' . mysqli_connect_errno());
 }

 $organization = mysqli_real_escape_string($_POST['organization']);
 $firstname = mysqli_real_escape_string($_POST['firstname']);
 $lastname = mysqli_real_escape_string($_POST['lastname']);
 $rank = mysqli_real_escape_string($_POST['rank']);
 $branch= mysqli_real_escape_string($_POST['branch']);
 $gender= mysqli_real_escape_string($_POST['gender']);
 $emailaddress = mysqli_real_escape_string($_POST['emailaddress']);
 $donorid = mysqli_real_escape_string($_POST['donorid']);

 // make the query a variable so we can print out if it fails
 $query = "UPDATE donors SET organization = '$organization', firstname = '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch', gender = '$gender', emailaddress = '$emailaddress' WHERE donorid = '$donorid'";

 $sql = mysqli_query($con,$query) or die('There was a problem with your mySQL query please contact technical support with the following information: ' . mysqli_error());

 // troubleshooting for development only     
 if(mysqli_affected_rows($sql) < 1){
   die('There was a problem with your mySQL query : ' . $query);}

 mysqli_close($con);
 header( 'Location: http://localhost/moddonor.php' ) ;
于 2013-03-24T04:02:32.273 回答
0

你没有提到错误是什么,但是,

我认为您必须使用单引号 (') 包装这些值,例如

设置组织 = $组织

变成

设置组织 = '$组织'

于 2013-03-24T04:01:05.190 回答