PHP MySQL更新使用多列设置查询

时间:2013-10-14 23:11:14

标签: php mysql sql sql-update

我用逗号和“AND”语句尝试了这个查询,如下图所示。我收到语法错误

  

出了点问题。您的SQL语法出错了;查看与MySQL服务器版本对应的手册,以便在第1行'are available 24/7 by phone and email to answer any questions and to assist you '附近使用正确的语法

每次我尝试此查询时:

$sql = mysql_query("UPDATE general
    SET bookabandheading = $_POST[bookabandheading 
    AND bookaband = $_POST[bookaband]
    AND contactus = $_POST[contactus]
    AND aboutuslisten = $_POST[aboutuslisten]
    AND contactusheading = $_POST[contactusheading]
    AND nightclubsheading = $_POST[nightclubsheading]
    AND acousticheading = $_POST[acousticheading]
    AND schoolsheading = $_POST[schoolsheading]
    AND privateheading = $_POST[privateheading]
    AND concertsheading = $_POST[concertsheading]
    AND festivalsheading = $_POST[festivalsheading]
    AND submissions = $_POST[submissions]
    AND interns = $_POST[interns]
    AND managementbio = $_POST[managementbio]
    AND latestnews = $_POST[latestnews]
    AND artistofthemonth = $_POST[artistofthemonth]
    AND artistofthemonthphoto = $_POST[artistofthemonthphoto]
    AND artistofthemonthid = $_POST[artistofthemonthid]
    AND listentoourartists = $_POST[listentoourartists]
    AND musicianswanted = $_POST[musicianswanted]
    AND aboutus = $_POST[aboutus]
    AND bshowcases = $_POST[bshowcases]
    AND bandavails = $_POST[bandavails]");

该查询在另一个VPS上的另一个数据库中工作,但我只迁移了服务器,它不再有效。任何帮助都是非常明确的!

4 个答案:

答案 0 :(得分:5)

虽然主要问题是你在bookamandheading之后错过了结束括号,但我仍然建议你重构这个请求,例如:

$keys = array("bookabandheading", "bookaband", "contactus", "aboutuslisten",
              "contactusheading", "nightclubsheading", "acousticheading",
              "schoolsheading", "privateheading", "concertsheading",
              "festivalsheading", "submissions", "interns", "managementbio",
              "latestnews", "artistofthemonth", "artistofthemonthphoto",
              "artistofthemonthid", "listentoourartists", "musicianswanted",
              "aboutus", "bshowcases", "bandavails");
$set = array();
foreach ($keys as $key) {
    $set[] = sprintf(" %s = '%s' ", $key, mysql_escape_string($_POST[$key]));
}
$sql = mysql_query("UPDATE general SET " . implode(", ", $set));

通过转义输入,维护起来更容易,也更安全。

更新:添加where语句示例

$where = array();
$where[] = sprintf(" some_string = '%s' ", mysql_escape_string($some_string));
$where[] = sprintf(" some_integer = %d ", $some_integer);
$where = " WHERE " . implode(" AND ", $where);
$sql = mysql_query("UPDATE general SET " . implode(", ", $set) . " " . $where);

答案 1 :(得分:1)

我认为这有三个问题:

  • 查询中的原始POST数据 - 至少是用户mysql_real_escape_string
  • 参数看起来像字符串所以应该有引号
  • 没有WHERE选项,因此您将更新该表中的每一行

答案 2 :(得分:1)

您有一些错误:

  • 语法错误。改变

    $ _ POST [bookabandheading to $ _ POST [bookabandheading]

  • 这也非常容易出现SQL注入。您应该使用mysqli,但如果您设置了mysql(从5.5.0开始不推荐使用),则应使用mysql_real_escape_string()转义每个$ _POST变量。

  • 每个$ _POST变量都需要使用引号井进行参数化。所以,举个例子:

    $ _ POST ['bookabandheading'] (对所有$ _POST变量执行此操作)

答案 3 :(得分:0)

$_POST[bookabandheading

更改为

$_POST[bookabandheading]
相关问题
最新问题