dsfw2154 2014-07-28 11:25
浏览 8
已采纳

用PHP更新MYSQl会导致空白页面

i am trying to update mysql table with php grabbing data from a form.

When i run the script with this

$query="UPDATE customers SET background='$_GET['background']',font='$_GET['font']',fontcolour='$_GET['fontcolour']',fontsize='$_GET['fontsize']',title='$_GET['title']' WHERE client='$_GET['client']'";

i get a black screen but if i do the below script

$background=$_GET['background'];
$client=$_GET['client'];
$query="UPDATE customers SET background='$background' WHERE client='$client'";

it goes through fine

although i can do it this way i am trying to understand why i can not just put the get right into the query rather than having more lines of code than necessary.

NOTE: all other code stripped can post if required.

  • 写回答

2条回答 默认 最新

  • dtch60248 2014-07-28 11:31
    关注

    Change your code to this

    $query="UPDATE customers SET background='" . $_GET['background'] . "',font='" . $_GET['font'] . "',fontcolour='" . $_GET['fontcolour'] . "',fontsize='" . $_GET['fontsize'] . "',title='" . $_GET['title'] . "' WHERE client='" . $_GET['client']."'";

    Also, your code is vulnerable to SQL injection

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 DS18B20内部ADC模数转换器
  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动