dsfw2154 2014-07-28 11:25
浏览 8
已采纳

用PHP更新MYSQl会导致空白页面

i am trying to update mysql table with php grabbing data from a form.

When i run the script with this

$query="UPDATE customers SET background='$_GET['background']',font='$_GET['font']',fontcolour='$_GET['fontcolour']',fontsize='$_GET['fontsize']',title='$_GET['title']' WHERE client='$_GET['client']'";

i get a black screen but if i do the below script

$background=$_GET['background'];
$client=$_GET['client'];
$query="UPDATE customers SET background='$background' WHERE client='$client'";

it goes through fine

although i can do it this way i am trying to understand why i can not just put the get right into the query rather than having more lines of code than necessary.

NOTE: all other code stripped can post if required.

  • 写回答

2条回答 默认 最新

  • dtch60248 2014-07-28 11:31
    关注

    Change your code to this

    $query="UPDATE customers SET background='" . $_GET['background'] . "',font='" . $_GET['font'] . "',fontcolour='" . $_GET['fontcolour'] . "',fontsize='" . $_GET['fontsize'] . "',title='" . $_GET['title'] . "' WHERE client='" . $_GET['client']."'";

    Also, your code is vulnerable to SQL injection

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看