PHP/MYSQL 更新查询不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10922490/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP/MYSQL Update query not working
提问by Sephiroth
Can anyone tell my why this update query is not working?
谁能告诉我为什么这个更新查询不起作用?
if ($_GET['update']) {
include 'config.php';
//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");
mysql_query("UPDATE contact SET read = 1 WHERE id = '$_GET[update]'")or die("Query failed.");
echo "Update works!";
} else {
echo "Update does not work...ughh.";
}
Thank you in advance.
先感谢您。
Edit: I got the query to work. For anyone who was worrying about the security, I was using this script as a test to see if I wanted to use it. I just added the security now that the script works. Thank you all for the help and tips.
编辑:我让查询工作。对于担心安全性的任何人,我使用这个脚本作为测试,看看我是否想使用它。我刚刚添加了安全性,因为脚本可以工作。谢谢大家的帮助和提示。
回答by themerlinproject
Try this for your query line:
为您的查询行试试这个:
mysql_query("UPDATE contact SET read = 1 WHERE id = '".$_GET[update]."'")or die("Query failed: " . mysql_error());
Notice the change of the die()statement for better error handling:
注意die()语句的更改以更好地处理错误:
die("Query failed: " . mysql_error());
*Also, just an FYI, you should really escape user variables (e.g. GET variables) like so to prevent SQL injections:
*此外,仅供参考,您真的应该像这样转义用户变量(例如 GET 变量)以防止 SQL 注入:
mysql_query("UPDATE contact SET read = 1 WHERE id = '".mysql_real_escape_string($_GET[update])."'")or die("Query failed: " . mysql_error());
Please report back the result.
请反馈结果。
回答by spitfire
What is column read?
什么是列读?
mysql_query("UPDATE contact SET read = 1 WHERE id = '$_GET[update]'")
Judging by the non-capitalization of read, I suspect you are using a reserved word in MySQL for that column.
从 read 的非大写判断,我怀疑您在 MySQL 中为该列使用了保留字。
See:
看:
To Get around this, just put a single quote around read. I.E.
要解决这个问题,只需在 read 周围加上单引号。IE
mysql_query("UPDATE contact SET 'read' = 1 WHERE id = '$_GET[update]'")
Or better per j.bruni:
或者更好的 j.bruni:
mysql_query("UPDATE contact SET `read` = 1 WHERE id = '$_GET[update]'")
回答by richardhsu
I believe you need to escape the string to have $_GET['update'] to add it's value to the string. But you really should be using prepared statements least you be attacked by malicious users.
我相信您需要对字符串进行转义以使 $_GET['update'] 将其值添加到字符串中。但是你真的应该使用准备好的语句,至少你会受到恶意用户的攻击。
Prepared Statements: http://php.net/manual/en/pdo.prepared-statements.php
准备好的声明:http: //php.net/manual/en/pdo.prepared-statements.php
回答by Nicola Cossu
READis a reserved word. You need to put it within backticks or rename your field.
READ是保留字。您需要将其放在反引号内或重命名您的字段。
Take a look at this link:
看看这个链接:
回答by Sam
You can test so
你可以这样测试
mysql_query("UPDATE contact SET read = 1 WHERE id = '".(int)$_GET['update']."'")or die("Query failed.");
if isn't this the problem specific
如果这不是特定问题
回答by Othman
mysql_query("UPDATE contact SET read = 1 WHERE id = '.$_GET[update].'")or die("Query failed.");
echo "Update works!
Please try to not use the mysql_query. It's old and it's not efficient. why don't try to learn about the PDO and prepare statements .. ?
请尽量不要使用mysql_query。它很旧而且效率不高。为什么不尝试了解 PDO 并准备语句..?
