Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/229.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/60.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
无法使用php中的过程更新表_Php_Mysql_Sql - Fatal编程技术网
Fatal编程技术网
  • php/
  • 无法使用php中的过程更新表

无法使用php中的过程更新表

php mysql sql

无法使用php中的过程更新表,php,mysql,sql,Php,Mysql,Sql,我从php表单中获取值,并使用它来更新usr表中的一行。问题是,如果没有给出某些值,更新查询将无法工作。但是,如果表单中的所有变量都给定了,那么更新就完成了 <?php $mysqli=mysqli_connect('localhost','root','mysql','package'); if(mysqli_connect_errno()) { echo "cant connect to database".mysqli_connect_erro

我从php表单中获取值,并使用它来更新usr表中的一行。问题是,如果没有给出某些值,更新查询将无法工作。但是,如果表单中的所有变量都给定了,那么更新就完成了

    <?php
    $mysqli=mysqli_connect('localhost','root','mysql','package');
    if(mysqli_connect_errno())
    {
    echo "cant connect to database".mysqli_connect_error();
    }
    SESSION_start();
    if(!isset($_SESSION['usermail'])){
    header('Location: http://localhost/twitter/php/login.php');
    }
    else{
    $email = $_SESSION['usermail'];
    if(empty($_POST['username']))
    $username = NULL;
    else
    $username = $_POST['username'];
    if(empty($_POST['dob']))
    $dob = NULL;
    else
    $dob = $_POST['dob'];
    if(empty($_POST['city']))
    $city = NULL;
    else
    $city = $_POST['city'];
    if(empty($_POST['school']))
    $school = NULL;
    else
    $school = $_POST['school'];
    if(empty($_POST['college']))
    $college = NULL;
    else
    $college = $_POST['college'];
    if(empty($_POST['rstatus']))
    $rstatus = NULL;
    else
    $rstatus = $_POST['rstatus'];
    if(empty($_POST['work']))
    $work = NULL;
    else
    $work = $_POST['work'];
    if(empty($_POST['tagline']))
    $tagline = NULL;
    else
    $tagline = $_POST['tagline'];
    if(!$mysqli->query("call update_usr('$email','$username','$dob','$city','$school','$college','$rstatus','$work','$tagline')"))        {
    echo "call failed:(".$mysqli->errno.")".$mysqli->error;
    }
    }
    ?>
这个
dob2日期,city2 varchar(20)
-要么在
dob2,
之后缺少一个逗号,要么如果
dob2日期
是一列,那么它需要用反勾号包装
`
您得到了什么输出?您将在某处收到一条错误消息。@Fred ii-:或
date
是参数的类型…@MarcB Hm。。。你说得有道理。这看起来非常不安全,因为你的用户参数不安全,而且你将
$\u POST
数据直接放入查询,造成了巨大的安全隐患。使用
mysqli
时,您应该使用参数化查询,并将用户数据添加到查询中。不要使用字符串插值来完成此操作。 
    create procedure update_usr(mail varchar(40),username2 varchar(20),dob2 date,city2 varchar(20),school2 varchar(50),coll2 varchar(50),relationship varchar(10),work2 varchar(50),tagline2 varchar(140))
    begin
    update usr set usrname=username2,dob=dob2,city=city2,school=school2,coll=coll2,rel=relationship,work=work2,tagline=tagline2 where email=mail;
    end