1

我无法在需要时更新它。这是一个退出脚本,旨在使用已删除列中的值 1 更新选定的电子邮件行。我似乎无法让它更新,我认为这是我的 sql 的问题。非常感谢任何有助于理解这一点的帮助。作为说明:我正在抱歉,似乎有问题......

这是脚本。

<?php

if (isset($_GET['e'])) {

    include_once "../storescripts/connect_to_mysql.php";

    $email = $_GET['e'];

    $sql_delete = mysql_query("UPDATE test WHERE email='$email' SET removed = '1'");

    if (!$sql_delete) {
        echo "Sorry there seems to be and issue when trying to remove your listing. Please email Admin directly using this email address: chris@.com";
    } else {
        echo "Sorry to see you go! You will not receive our newsletter ever again unless you relist. To gain access to our newsletter again simply let us know by email at chris@.com";
    }
}
?>
4

5 回答 5

1

尝试:

$sql_delete = mysql_query("UPDATE test SET removed = '1' WHERE email='$email'");

问题是你的语法,看看 mysqlupdate语法,where子句应该去哪里以及set应该去哪里http://dev.mysql.com/doc/refman/5.0/en/update.html

如果您使用正确的错误处理,您会看到这个问题,如下所示:

$sql_delete = mysql_query("UPDATE test SET removed = '1' WHERE email='$email'") or die(mysql_error());

看看mysql_real_escape_string http://www.php.net/manual/en/function.mysql-real-escape-string.php,以防止 SQL 注入。例子:

$email = mysql_real_escape_string($email);
$sql_delete = mysql_query("UPDATE test SET removed = '1' WHERE email='$email'") or die(mysql_error());

另请注意,mysql_扩展名已弃用,您想开始使用mysqlior PDO

于 2013-08-02T02:39:05.080 回答
1

SET在你的WHERE子句之前使用。

UPDATE test 
SET removed = '1'
WHERE email = '$email'
于 2013-08-02T02:40:17.337 回答
1

更新语法是

UPDATE
    table
SET
    column = value
WHERE
    condition = met

另一方面,我看到您正在使用一种非常不安全的动态条目方法 ( $_GET) 并且Mysql_*函数在新版本的 php 中已被弃用>= 5.5。我强烈建议研究 PDO 以使用绑定变量,否则如果

$_GET['e'] = "fake' OR '1'='1" // known as sql injection

好读

于 2013-08-02T02:44:19.660 回答
0

您的查询应该是

mysql_query("UPDATE test SET removed = '1' WHERE email='$email'");

但请注意,此扩展已被弃用。请改用MySQLiPDO_MySQ

两个扩展中的解决方案如下。

MySQLi:

$mysqli = new mysqli(GDB_HOST, GDB_USERNAME, GDB_PASSWORD, GDB_NAME);
$cmd = $mysqli->prepare("UPDATE test SET removed = '1' WHERE email= ? ");
$cmd->bind_param('s', $email);
$cmd->execute();

PDO

$dbh = Database::connect();
$query = "UPDATE test SET removed = '1' WHERE email= ? ";
$sth = $dbh->prepare($query);
$sth->execute(array($email));

使用这 2 个扩展之一的重要意义之一是避免任何SQL 注入尝试

于 2013-08-02T02:52:46.483 回答
0

你是对的,你的UPDATE 语法不正确。这是正确的形式:

UPDATE test
SET removed = '1'
WHERE email = '$email'
于 2013-08-02T02:45:54.983 回答