有没有办法用PHP在UPDATE语句中获取值?
在PHP中,我将变为空白或只是说“.”作为一个值 这是我的回声:有没有办法用PHP在UPDATE语句中获取值?,php,sql,Php,Sql,在PHP中,我将变为空白或只是说“.”作为一个值 这是我的回声: UPDATE tbl_returnlog SET entry_date = '.''.', suppliername = '.''.', lotid = '.''.', stonedescription = '.''.', returninvc = '.''.', supp_invcdate = '.''.', supp_invc = '.''.', ppc = '.''.', ttl_cost = '.''.', de
UPDATE tbl_returnlog SET entry_date = '.''.', suppliername = '.''.', lotid = '.''.',
stonedescription = '.''.', returninvc = '.''.', supp_invcdate = '.''.',
supp_invc = '.''.', ppc = '.''.', ttl_cost = '.''.',
destination = '.''.', actual_ship_date = '.''.', courier = '.''.',
tracking = '.''.' WHERE suppliername = '.''.';
同时分享我的完整状态:
<?php
error_reporting(E_ERROR | E_PARSE);
include "config.php";
$updatereturnstonedetails = $_POST['updatereturnstonedetails'];
//echo json_encode($updatereturnstonedetails, true);
$Stone = json_decode($updatereturnstonedetails, true);
$sql = '';
//foreach ($StoneArr as $Stone)
//{
$entry_date=$Stone['entry_date'];
$suppliername=$Stone['suppliername'];
$lotid=$Stone['lotid'];
$stonedescription=$Stone['stonedescription'];
$returninvc=$Stone['returninvc'];
$supp_invcdate=$Stone['supp_invcdate'];
$supp_invc=$Stone['supp_invc'];
$ppc=$Stone['ppc'];
$ttl_cost=$Stone['ttl_cost'];
$destination=$Stone['destination'];
$actual_ship_date=$Stone['actual_ship_date'];
$courier=$Stone['courier'];
$tracking = $Stone['tracking'];
$sql .= "UPDATE tbl_returnlog SET entry_date = '.'".$entry_date."'.', suppliername = '.'".$suppliername."'.', lotid = '.'".$lotid."'.',
stonedescription = '.'".$stonedescription."'.', returninvc = '.'".$returninvc."'.', supp_invcdate = '.'".$supp_invcdate."'.',
supp_invc = '.'".$supp_invc."'.', ppc = '.'".$ppc."'.', ttl_cost = '.'".$ttl_cost."'.',
destination = '.'".$destination."'.', actual_ship_date = '.'".$actual_ship_date."'.', courier = '.'".$courier."'.',
tracking = '.'".$tracking."'.' WHERE suppliername = '.'".$suppliername."'.';";
//}
echo $sql;
而且还需要去除多余的半氯
其中suppliername='$suppliername'强>”
最佳方法
你应该使用PDO
例如:
使用PDO的示例
$query=“更新表\名称集字段1=:?“
$stmt->bind_参数('field1',$value)
$stmt=$conn->prepare($query)
$stmt->execute()
PDO示例:
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email)
VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);
$firstname = "John";
$lastname = "Ramki";
$email = "john@ex.com";
$stmt->execute();
echo "New records created successfully";
您应该使用prepared Statement不要在'
@可执行文件中使用
,请帮助,如果您知道,我是新手。这可能有助于prepared Statement可能重复的Okay。我将给出PDO连接示例不要捕获异常只是为了显示它。请删除并尝试捕获。您还应该指定connec无法设置字符集或禁用模拟语句,因为在极少数情况下,此代码仍可能容易受到SQL注入的攻击。已删除try-catch块
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email)
VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);
$firstname = "John";
$lastname = "Ramki";
$email = "john@ex.com";
$stmt->execute();
echo "New records created successfully";