douwei1128 2014-01-31 17:59
浏览 30
已采纳

插入MYSQL字符串PHP时,POST值变为空

I am sending some values with AJAX POST to a PHP file: I know I am getting them because I can see the values sent in the console: 

table=MENU&colid=MID&id=2&colname=STATUS&value=1

But for some strange reason when I insert them into the query string:

"UPDATE ".$_POST['table']." SET ".$_POST['colname']." = ".$_POST['value']." 
WHERE ".$_POST['colid']." = ".$_POST['id'];

Value is empty when value = 1!!!

UPDATE MENU SET STATUS = '' WHERE MID = '2'

I solved the problem by changing the variable name value to val, has anybody experienced something similar? is value a keyword or reserved word?

Any thoughts? Thanks

  • 写回答

2条回答 默认 最新

  • duan0403788996 2014-01-31 18:07
    关注

    This SQL

    UPDATE MENU SET STATUS = '' WHERE MID = '2'

    doesn't actually reflect what you are doing in PHP. The line:

    "UPDATE ".$_POST['table']." SET ".$_POST['colname']." = ".$_POST['value']." 
WHERE ".$_POST['colid']." = ".$_POST['id'];

    otherwise should read:

    "UPDATE ".$_POST['table']." SET ".$_POST['colname']." = '".$_POST['value']."' 
WHERE ".$_POST['colid']." = '".$_POST['id'] . "'";

    mind the single quotes in your SQL statement which are missing in your PHP code.

    Besides this I highly recommend to not send parts of SQL via AJAX from client to server as you are disclosing the internal structure of your database to everyone listening the traffic or just peeping into the data send by the browser.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 求螺旋焊缝的图像处理
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案
  • ¥50 yalmip+Gurobi
  • ¥20 win10修改放大文本以及缩放与布局后蓝屏无法正常进入桌面
  • ¥15 itunes恢复数据最后一步发生错误
  • ¥15 关于#windows#的问题:2024年5月15日的win11更新后资源管理器没有地址栏了顶部的地址栏和文件搜索都消失了