2010-04-07 16:14
浏览 47


A problem I recently ran into was that when trying to update a field in my database using this code would not work. I traced it back to having a % sign in the text being updated ($note, then $note_escaped)... Inserting it with sprintf worked fine though.

Should I not be using sprintf for updates, or should it be formed differently?

I did some searching but couldn't come up with anything.

$id = mysql_real_escape_string($id);
$note_escaped = mysql_real_escape_string($note);
$editedby = mysql_real_escape_string($author);
$editdate = mysql_real_escape_string($date);
//insert info from form into database
$query= sprintf("UPDATE notes_$suffix SET note='$note_escaped', editedby='$editedby', editdate='$editdate' WHERE id='$id' LIMIT 1");

Thanks much!

图片转代码服务由CSDN问答提供 功能建议

我最近遇到的一个问题是,尝试使用此代码更新数据库中的字段时无效。 我追溯到正在更新的文本中有%符号($ note,然后是$ note_escaped)...使用sprintf插入它虽然工作得很好。

我应该不使用sprintf 更新,还是应该以不同的方式形成?


  $ id  = mysql_real_escape_string($ id); 
 $ note_escaped = mysql_real_escape_string($ note); 
 $ editedby = mysql_real_escape_string($ author); 
 $ editdate = mysql_real_escape_string($ date); 
 $ query = sprintf(“UPDATE notes_ $ suffix SET note ='$ note_escaped',editedby ='$ editedby',editdate ='$ editdate'WHERE id ='$ id'LIMIT 1”); 


  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

5条回答 默认 最新

  • duanjiaoxi4928 2010-04-07 16:18

    You are using sprintf totally wrong. Removing the function call in your code would still do the same thing. It should be:

    sprintf("UPDATE notes_%s SET note='%s', editedby='%s', editdate='%s' WHERE id=%d LIMIT 1", $suffix, $note_escaped, $editedby, $editdate, $id);

    You should read the manual.

    解决 无用
    打赏 举报

相关推荐 更多相似问题