Php 从数组更新mysql表(HTML表单输入)
我试图从多个表单字段(文本字段和文本区域)更新mysql表的一行(=ID)。该表如下所示: ID |第1列|第2列|第3列…|第50列 如果我像这样使用$\u Post[]变量,一切都正常Php 从数组更新mysql表(HTML表单输入),php,mysql,Php,Mysql,我试图从多个表单字段(文本字段和文本区域)更新mysql表的一行(=ID)。该表如下所示: ID |第1列|第2列|第3列…|第50列 如果我像这样使用$\u Post[]变量,一切都正常 $Name = $_POST['Name']; $Name2 = $_POST['Name2']; $sql= "UPDATE Bilder SET Name = '$Name', Name2 = '$Name2' WHERE id = '$ID'"; <form id="InsertData
$Name = $_POST['Name'];
$Name2 = $_POST['Name2'];
$sql= "UPDATE Bilder SET Name = '$Name', Name2 = '$Name2' WHERE id = '$ID'";
<form id="InsertData" action="insert-dataset.php" method="post">
<input type="hidden" name="ID" id="ID" value="'.$row->id.'" />
<input type="text" name="Name" value="'.$row->Name.'" /><br />
<input type="text" name="Name2" value="'.$row->Name.'" /><br />
<input type="submit" name="submit" value="Daten eintragen" class="sendbutton" />
</form>
谢谢大家的帮助。大概是这样的:
$str = '';
$id = 0;
foreach($_POST['Name'] as $value)
{
$id ++;
$str .= ($str == '' ? '' : ', ').'Name'.$id.' = \''.addslashes($value).'\'';
}
$sql= "UPDATE Bilder SET ".$str." WHERE id = '$ID'";
注2:在sql查询中粘贴变量时,至少应该使用addslashes方法,以保护自己免受黑客攻击。以下是一些想法
- 为字段命名一些有用的名称。给他们起个垃圾名字,比如Name1,Name2等等,会在以后的日子里咬你的屁股。也要善待下一个要看这个的人
- 如果您有一大堆有意义或没有意义的字段名,并且不想在代码中手动键入它们,那么可以使用SQL descripe()或SHOW COLUMNS命令()
<?php
// Get all of the field names
$col_result = mysql_query("SHOW COLUMNS FROM Bilder");
// make sure we could get the colnames from mysql
if(!$col_result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
// Handle a POST
if(!empty($_POST)){
// start preparing the update statement
$update_sql = "UPDATE Bilder SET ";
if(mysql_num_rows($col_result) > 0) {
// make a key = value statement for each column in the table
while($colrow = mysql_fetch_assoc($col_result)) {
// prepare the key = value statement
$update_sql .= sprintf(" %s = %s, ", $colrow["Field"], mysql_real_escape_string($_POST[$colrow["Field"]]));
}
}
// BTW this is going to have a extra "," in it use substr to clear it
$update_sql = substr_replace($update_sql ,"", -2);
// finish off by limiting this statement to only one row
$update_sql .= sprintf(" WHERE id = %s", mysql_real_escape_string($_POST["id"]));
// ACTUALLY RUN THIS STATEMENT
}
if(!$row_result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
好的,我用了preg\u replace。这可能不是最佳做法。代码如下所示,工作正常:
// Handle a POST
if(!empty($_POST)){
// start preparing the update statement
$update_sql = "UPDATE Bilder SET ";
if(mysql_num_rows($col_result) > 0) {
// make a key = value statement for each column in the table
while($colrow = mysql_fetch_assoc($col_result)) {
// prepare the key = value statement
$update_sql .= sprintf("%s = '%s',", $colrow["Field"], mysql_real_escape_string($_POST[$colrow["Field"]]));
}
}
// BTW this is going to have a extra "," in it use substr to clear it
// finish off by limiting this statement to only one row
$update_sql .= sprintf("WHERE id = '$ID'");
$update_sql = preg_replace("/,WHERE/", "WHERE", $update_sql);
当然,还有安全问题。我会解决的。但是,这并不重要,因为此应用程序仅供个人使用。它不可公开访问。你是一个女人!工作起来很有魅力。非常感谢你!唯一的缺点是列名必须连续编号。如果我能用,比如说,彼得,保罗,玛丽来代替名字1,名字2,名字3,那就太完美了。为此,我可能不得不使用COLUMNS.ORDINAL_位置,这被认为是不好的做法。背景是:数据是从Excel电子表格导入的。在电子表格中,除表名(Excel表)、列名(第1行)和值(第2行)外,不得有任何其他内容。这将更容易为用户提供有意义的名称。非常感谢您的帮助。我改变了一些小细节,我几乎做到了。我只有多余的钱要清理。我用不同的方法尝试了substr和rtrim,但都没有成功。我是一个初学者,很抱歉用一些愚蠢的问题来打扰你,但是我到底应该如何应用substr呢?这行代码:$update\u sql=substr\u replace($update\u sql,“,-2)
我也将其添加到了我的答案中。另外,在//实际运行此语句后,您仍然需要运行在该块中生成的sql。你好,Franics,Thanks。我试过了。可能是打字错误什么的。我非常感谢你的帮助。这对我更好地理解这个主题有很大帮助。顺便说一句,在阅读您的编辑之前,我用preg_replace发布了我的解决方案。我仍然对空白字段有问题。忽略空的$\u POST变量非常重要。我试图扩展if条件,但它不适用于if(strlen($\u POST)!==0
或if(!empty($\u POST)&&strlen($\u POST)!==0
。输入在多个页面上。因此,预填充输入字段不会起作用。
<?php
// Get all of the field names
$col_result = mysql_query("SHOW COLUMNS FROM Bilder");
// make sure we could get the colnames from mysql
if(!$col_result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
// Handle a POST
if(!empty($_POST)){
// start preparing the update statement
$update_sql = "UPDATE Bilder SET ";
if(mysql_num_rows($col_result) > 0) {
// make a key = value statement for each column in the table
while($colrow = mysql_fetch_assoc($col_result)) {
// prepare the key = value statement
$update_sql .= sprintf(" %s = %s, ", $colrow["Field"], mysql_real_escape_string($_POST[$colrow["Field"]]));
}
}
// BTW this is going to have a extra "," in it use substr to clear it
$update_sql = substr_replace($update_sql ,"", -2);
// finish off by limiting this statement to only one row
$update_sql .= sprintf(" WHERE id = %s", mysql_real_escape_string($_POST["id"]));
// ACTUALLY RUN THIS STATEMENT
}
if(!$row_result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
// Get the row item that you are currently working on
$row = mysql_fetch_row($row_result);
// output all the formfields for the above row
if(mysql_num_rows($col_result) > 0) {
// Go through all of the columns and output the colname from $colrow and the value from $row
while ($colrow = mysql_fetch_assoc($col_result)) {
// The HTML (don't be daunted by that variable-variable http://php.net/manual/en/language.variables.variable.php)
echo '<input type="text" name="' . $colrow["Field"] . '" value="' . $row->{$colrow["Field"]} . '" /><br />';
}
}
?>
// Handle a POST
if(!empty($_POST)){
// start preparing the update statement
$update_sql = "UPDATE Bilder SET ";
if(mysql_num_rows($col_result) > 0) {
// make a key = value statement for each column in the table
while($colrow = mysql_fetch_assoc($col_result)) {
// prepare the key = value statement
$update_sql .= sprintf("%s = '%s',", $colrow["Field"], mysql_real_escape_string($_POST[$colrow["Field"]]));
}
}
// BTW this is going to have a extra "," in it use substr to clear it
// finish off by limiting this statement to only one row
$update_sql .= sprintf("WHERE id = '$ID'");
$update_sql = preg_replace("/,WHERE/", "WHERE", $update_sql);