Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/62.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 内爆修复更新sql_Php_Mysql_Implode - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 内爆修复更新sql

Php 内爆修复更新sql

php mysql

Php 内爆修复更新sql,php,mysql,implode,Php,Mysql,Implode,我有这个功能 function updateDbRecord($db, $table, $carry, $carryUrl) { mysql_select_db($db) or die("Could not select database. " . mysql_error()); $resultInsert = mysql_query("SHOW COLUMNS FROM " . $table . " WHERE Field NOT IN ('id')"); $fi

我有这个功能

function updateDbRecord($db, $table, $carry, $carryUrl) {   
    mysql_select_db($db) or die("Could not select database. " . mysql_error());
    $resultInsert = mysql_query("SHOW COLUMNS FROM " . $table . " WHERE Field NOT IN ('id')");
    $fieldnames=array();
      if (mysql_num_rows($resultInsert) > 0) {
        while ($row = mysql_fetch_array($resultInsert)) {
            $fieldnames[] = $row['Field'];
            $arr = array_intersect_key( $_POST, array_flip($fieldnames) ); #check if value is null otherwise do not INSERT
        }
      }

      $set = "";
      foreach($arr as $key => $v) {
        $val = is_numeric($v) ? $v : "'" . $v . "'";

        $set .= $key . '=' . $val . ', ';
      }
      $sql = sprintf("UPDATE %s SET %s WHERE id='%s'", $table, $set, $_POST['id']);
      mysql_query($sql);
      if ($carry == 'yes') {
        redirect($carryUrl.'?id='.$_REQUEST['id']);
      } else { echo "Done!"; }
      echo $sql;

}
例如,它输出:更新项目集project_name='123',project_bold='123',project_content='123',其中id='12'

where前面的最后一个逗号阻止它工作。有没有办法避免这种情况?我知道函数内爆,但我不确定在这种情况下如何使用它。

$sql = substr($sql,'',-1);
我会用

$sql = rtrim($sql, ',');
或者,不是附加到字符串,而是附加到数组,然后使用
内爆

我一直在尝试实现这个解决方案,但没有成功。你能在这方面给我举个例子吗?对于前面的insert函数,我是这样做的:$sql=sprintf('insert-INTO%s(%s)VALUES(“%s”),$table,infrade(',',array_-map('mysql_-escape_-string',array_-keys($VALUES)),infrade(“,”,array_-map('mysql_-escape_-string',$VALUES));mysql_查询($sql)@Alex为什么不使用类似于
PDO
?我还没有学会,在这个项目的rhelm中,我没有时间:(但当我这样做的时候,我肯定会读到它的材料!”亚历克斯老实说,我认为在你学习之前,你需要花费大约5分钟的时间,这会节省你很多时间。它比你想象的要简单得多。请修复SQL注入漏洞,并考虑切换到MySQLi或PDO扩展来访问你的漏洞。数据库(MySql扩展名为obselete)。请参阅 
function updateDbRecord($db, $table, $carry, $carryUrl) {   
    mysql_select_db($db) or die("Could not select database. " . mysql_error());
    $resultInsert = mysql_query("SHOW COLUMNS FROM " . $table . " WHERE Field NOT IN ('id')");
    $fieldnames=array();
      if (mysql_num_rows($resultInsert) > 0) {
        while ($row = mysql_fetch_array($resultInsert)) {
            $fieldnames[] = $row['Field'];
            $array = array_intersect_key( $_POST, array_flip($fieldnames) ); #check if value is null otherwise do not INSERT
        }
      }
      foreach ($array as $key => $value) {

                $value = mysql_real_escape_string($value); // this is dedicated to @Jon
                $value = "'$value'";
                $updates[] = "$key = $value";
            }
      $implodeArray = implode(', ', $updates);
      $sql = sprintf("UPDATE %s SET %s WHERE id='%s'", $table, $implodeArray, $_POST['id']);
      mysql_query($sql);