drxt70655
2015-10-08 17:31
浏览 24
已采纳

将数据从PHP非空的输入插入MySQL数据库

I have page where user can update or change his profile information for example his location or his profile picture. By default every user get placeholder data or information on his profile page and those fields in mysql database are empty or row with that user id doesn't exists. So first i am checking if user previously entered his profile information into database and if data exist i will just update it with input fields that are not empty and this part works. But if data doesn't exists in database or row with this user id doesn't exist then i want to insert data but again only with inputs that are not empty.

But this is error i am getting

Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;...

This is my code ($userID is session $userID = $_SESSION['ID'];)

if(isset($_POST['updateInfo'])) {
$userDesc = filter_var($_POST['description_update'], FILTER_SANITIZE_STRING);
$userLocation = filter_var($_POST['location_update'], FILTER_SANITIZE_STRING);
$userBirthDate = filter_var($_POST['birthDate_update'], FILTER_SANITIZE_STRING);
$user_picture_tmp = $_FILES['user_picture']['tmp_name'];
$user_picture_name = $_FILES['user_picture']['name'];


$checkInfo = $con->prepare("SELECT * FROM user_info WHERE userid=:userID");
$checkInfo->execute(array(':userID' => $userID));
$data = $checkInfo->fetch(PDO::FETCH_ASSOC);    
$count_rows = $checkInfo->rowCount();

//Here i am checking if data exists in mysql and UPDATING it    
if($count_rows > 0) {   

    if(!empty($userDesc)) {
        $query = $con->prepare("UPDATE user_info SET description=:description WHERE userid=:userID");
        $query->execute(array(':userID' => $userID, ':description'=> $userDesc));
    }   
    if(!empty($userLocation)) {
        $query = $con->prepare("UPDATE user_info SET location=:location WHERE userid=:userID");
        $query->execute(array(':userID' => $userID, ':location'=> $userLocation));
    }
    if(!empty($userBirthDate)) {
        $query = $con->prepare("UPDATE user_info SET birthDate=:birthDate WHERE userid=:userID");
        $query->execute(array(':userID' => $userID, ':birthDate'=> $userBirthDate));
    }
    if(!empty($user_picture_name)) {
        $query = $con->prepare("UPDATE user_info SET profile_pic=:profile_pic WHERE userid=:userID");
        move_uploaded_file($user_picture_tmp, 'user_pic/'.$user_picture_name);
        $query->execute(array(':userID' => $userID, ':profile_pic'=> $user_picture_name));

    }   
    //But if data doesn't exists i want to INSERT IT and here is error
}   else {

    if($userDesc AND $userLocation AND $userBirthDate AND $user_picture_name != '') {

        $query = $con->prepare("INSERT INTO user_info(userid) VALUES(:userID)");
        $query->execute(array(':userID' => $userID));

        if(!empty($userDesc)) {
            $query = $con->prepare("INSERT INTO user_info(description) VALUES(?) WHERE userid=?");
            $query->execute(array($userDesc, $userID));
        }   
        if(!empty($userLocation)) {
            $query = $con->prepare("INSERT INTO user_info(location) VALUES(?) WHERE userid=?");
            $query->execute(array($userLocation, $userID));
        }
        if(!empty($userBirthDate)) {
            $query = $con->prepare("INSERT INTO user_info(birthDate) VALUES(?) WHERE userid=?");
            $query->execute(array($userBirthDate, $userID));
        }   
        if(!empty($user_picture_name)) {
            $query = $con->prepare("INSERT INTO user_info(profile_pic) VALUES(?) WHERE userid=?");
            move_uploaded_file($user_picture_tmp, 'user_pic/'.$user_picture_name);
            $query->execute(array($user_picture_name, $userID));

        }
    } else {echo 'All fields are empty';} 

}                       
}

So my question is why am i getting this error and also am i doing this the wrong way or is there some other better approach to do this. This is just for learning purposes.

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duan7007 2015-10-08 17:53
    已采纳

    You're doing a lot of inserts there! You should only do one insert!

    Try replacing your else-statement with the following:

    else {
        if($userDesc AND $userLocation AND $userBirthDate AND $user_picture_name != '') {
    
            if($userDesc = ''){$userDesc = 'Placeholder description';}
            if($userLocation = ''){$userLocation = 'Placeholder location';}
            if($userBirthDate = ''){$userBirthDate = 'Placeholder birthdate';}
            if($user_picture_name = ''){$user_picture_name = 'Placeholder picture_name';}
    
            if ($stmt = $con->prepare("INSERT INTO user_info(description, location, birthDate, profile_pic ) VALUES(?,?,?,?)")) {
                $stmt->bind_param("ssss", $userDesc, $userLocation,$userBirthDate, $user_picture_name );
                $stmt->execute();
            }
        } else {echo 'All fields are empty';} 
    }  
    
    打赏 评论

相关推荐 更多相似问题