用于更新mySQL数据库的PHP脚本

another day another question...

I need to write PHP script to update mySQL database.

For example: updating profile page when user want to change their first name, last name or etc.

Here is my php script so far, it doesn't work. Please help!

<?php
@ $db = new MySQLi('localhost','root','','myDB');

if(mysqli_connect_errno()) {
    echo 'Connection to database failed:'.mysqli_connect_error();
    exit();
}

if (isset($_GET['id'])) {

$id = $db->real_escape_string($_GET['id']); 

$First_Name2 = $_POST['First_Name2'];

$query  = "UPDATE people SET $First_Name2 = First_Name WHERE `Id` = '$id'";

$result = $db->query($query);

if(! $result)
{
    die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully
";

$db->close();
}
?>

THank you.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsk88199 2014-08-15 16:41
关注
Your sql is wrong. Apart from the gaping wide open SQL injection attack vulnerability, you're generating bad sql.

e.g. consider submitting "Fred" as the first name:

$First_Name2 = "Fred"; $query = "UPDATE people SET Fred = First_name WHERE ....";

now you're telling the db to update a field name "Fred" to the value in the "First_Name" field. Your values must be quoted, and reversed:

$query = "UPDATE people SET First_name = '$First_Name2' ...";

You are also mixing the mysqli and mysql DB libraries like a drunk staggering down the street. PHP's db libraries and function/method calls are NOT interchangeable like that.

In short, this code is pure cargo-cult programming.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

悬赏问题

¥15 高德地图点聚合中Marker的位置无法实时更新
¥15 DIFY API Endpoint 问题。
¥20 sub地址DHCP问题
¥15 delta降尺度计算的一些细节，有偿
¥15 Arduino红外遥控代码有问题
¥15 数值计算离散正交多项式
¥30 数值计算均差系数编程
¥15 redis-full-check比较两个集群的数据出错
¥15 Matlab编程问题
¥15 训练的多模态特征融合模型准确度很低怎么办

用于更新mySQL数据库的PHP脚本

1条回答 默认 最新

悬赏问题

1条回答默认最新