0

我正在尝试更新数据库表。如何通过提供条件(如果它为空)来防止来自表单的密码(“MemberPassword”,$ pass)被更新为 sql 代码?是否可以?

   //database connection
        $SQL = "mysql:host=" . $this->MYSQL_HOST . ";dbname=" . $this->MYSQL_DB;

        try {
            $this->pdo = new \PDO($SQL, $this->MYSQL_USER, $this->MYSQL_PASS);
            $this->pdo->exec("SET NAMES'" . $this->CHARSET . "'COLLATE'" . $this->COLLATION . "'");
            $this->pdo->exec("SET CHARACTER SET'" . $this->CHARSET . "'");
            $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
            $this->pdo->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_OBJ);

            
        } catch (PDOException $e) {
            die( $e->getMessage());
        }
    }
    //Connect DB END

    private function myQuery($query, $params = null)
        {
            if (is_null($params)) {
                $this->stmt = $this->pdo->query($query);
            } else {
                $this->stmt = $this->pdo->prepare($query);
                $this->stmt->execute($params);
            }
            return $this->stmt;
        }
    
    
        public function Update($query, $params = null)
            {
                try {
                    return $this->myQuery($query, $params)->rowCount();
                } catch (PDOException $e) {
                    die($e->getMessage());
                }
            }
    
    
            
            $update = $db->Update("UPDATE members SET
            MemberUsername=?,
            MemberPassword=?,
            MemberEmail=?,
            MemberName=?,
            MemberLastName=?,
            MemberBirthday=?,
            MemberAge=?,
            MemberGender=?,
            CityID=?
            WHERE MemberID=?
            ", array($username, $pass, $email, $name, $lastname, $birthday, $age, $gender, $city, $memberID));
4

3 回答 3

2

在你的 php 代码中使用这样的东西:

 $param = array($username, $email, $name, $lastname, $birthday, $age, $gender, $city);

 $sqlUpdate = "UPDATE members SET  
    MemberUsername=?,
    MemberEmail=?,
    MemberName=?,
    MemberLastName=?,
    MemberBirthday=?,
    MemberAge=?,
    MemberGender=?,
    CityID=?"
   

 if(!is_null(pass)) {
    $sqlUpdate = $sqlUpdate . ", MemberPassword = ?";
    array_push($param , $pass);
 }

 $sqlUpdate = $sqlUpdate . " WHERE MemberID=?";
 array_push($param , $memberID);

 $update = $db->Update($sqlUpdate, $param);

您可以将此模式用于所有其他字段。

于 2021-04-12T13:03:50.040 回答
1

您可以轻松使用IFNULL(expr1,expr2) ,例如:

如果 IFNULL 不为空,则返回 expr1,否则返回 expr2

$update = $db->Update("UPDATE members SET
            MemberUsername=?,
            MemberPassword=IFNULL(?,MemberPassword),
            MemberEmail=?,
            MemberName=?,
            MemberLastName=?,
            MemberBirthday=?,
            MemberAge=?,
            MemberGender=?,
            CityID=?
            WHERE MemberID=?
            ", array($username, $pass, $email, $name, $lastname, $birthday, $age, $gender, $city, $memberID));
于 2021-04-12T13:01:51.573 回答
0

我不明白您的问题到底是什么,但我认为这就是您想要的:用户提交表单,如果从该表单发送的密码不为空,则更新包括密码在内的所有内容,否则更新除密码之外的所有内容!为此,您可以在 SQL 查询中使用 if 语句

$update = $db->Update("UPDATE members SET
MemberUsername=?,
MemberPassword=IF(? IS NOT NULL AND LENGTH(?) > 0, ?, MembersPassword),
MemberEmail=?,
MemberName=?,
MemberLastName=?,
MemberBirthday=?,
MemberAge=?,
MemberGender=?,
CityID=?
WHERE MemberID=?
", array($username, $pass, $pass, $pass, $email, $name, $lastname, $birthday, $age, $gender, $city, $memberID));
于 2021-04-12T13:35:34.583 回答