问题描述
|
我知道如何更新数据库中的行,我知道如何将数据从一页转移到另一页,但是我不知道这是更新多个不同行的数据库的好方法,只要变量不是不空。
我正在处理的是一个用户页面,该页面具有用于更改真实姓名,用户名,密码和类似名称的设置,但是我不知道如何在更改后立即进行更新。例如,如果我将\“ Username \”留空,然后按\“ Change Settings \”,则它将清空用户名行。如何使其忽略空变量?
解决方法
您很可能希望使用准备好的语句来完成此任务。既可以使代码更漂亮,更健壮,又可以避免SQL注入(替代)。
现在,由于您要根据某些条件更新不同的列,因此您可以选择几种继续操作的方法。
一种是使用多个更新语句(每个要更新的列一个)并将它们捆绑在事务中。将语句绑定在事务内将确保原子性,并且还将帮助减轻使用多个SQL语句代替一个语句(除非您有许多并发用户,否则这不太可能影响性能)的影响。
它可能看起来像这样(使用mysqli API):
$mysqli = @new mysqli(\"dbhost\", \"dbuser\", \"dbpassword\", \"dbname\");
$mysqli->autocommit(FALSE);
if ($userName) {
$stmt = $mysqli->prepare(\"UPDATE TABLE users WHERE uid=? SET username=?\");
$stmt->bind_param(\"i\", $uid);
$stmt->bind_param(\"s\", $userName);
$stmt->execute();
}
if ($password) {
$stmt = $mysqli->prepare(\"UPDATE TABLE users WHERE uid=? SET password=?\");
$stmt->bind_param(\"i\", $password);
$stmt->execute();
}
if ($firstName) {
$stmt = $mysqli->prepare(\"UPDATE TABLE users WHERE uid=? SET firstname=?\");
$stmt->bind_param(\"i\", $firstName);
$stmt->execute();
}
if ($lastName) {
$stmt = $mysqli->prepare(\"UPDATE TABLE users WHERE uid=? SET lastname=?\");
$stmt->bind_param(\"i\", $lastName);
$stmt->execute();
}
$mysqli->commit();
$mysqli->close();
$mysqli->rollback()
function updateColumn($mysqli,$query,$uid,$value) {
if ($value) {
$stmt = $mysqli->prepare($query);
$stmt->bind_param(\"i\", $uid);
$stmt->bind_param(\"s\", $value);
$stmt->execute();
}
}
$mysqli = @new mysqli(\"dbhost\", \"dbname\");
$mysqli->autocommit(FALSE);
updateColumn($mysqli,\"UPDATE TABLE users WHERE uid=? SET username=?\",$userName);
updateColumn($mysqli,\"UPDATE TABLE users WHERE uid=? SET password=?\",$password);
updateColumn($mysqli,\"UPDATE TABLE users WHERE uid=? SET firstname=?\",$firstName);
updateColumn($mysqli,\"UPDATE TABLE users WHERE uid=? SET lastname=?\",$lastName);
$mysqli->commit();
$mysqli->close();
<input type=\"text\" name=\"name\" value=\"<?php echo $(value currently in db);?>\" />
$values = array();
foreach($user_data as $key => $value)
if (isset($value) && trim($value) != \'\')
$values[] = $key.\' = \"\'.mysql_real_escape_string($value).\'\"\';
$sql = \'UPDATE users SET \'.implode(\',\',$values).\' WHERE id = \'.$id;
mysql_query($sql);
?>
<input type=\"text\" name=\"firstname\" values=<?php echo $firstname;?>
$query = \"Update table SET \"
if(isset($_POST[\'firstname\']) && strlen($_POST[\'firstname\'])>0){
$query.= \"firstname = \".$_POST[\'variable\'];
}
<?php
$MoreSQL = \'\';
if (trim($_POST[\'username\'] != \'\')) {
$MoreSQL .= \'username=\"\'.trim($_POST[\'username\']).\'\"\';
}
if (trim($_POST[\'password\'] != \'\')) {
if ($MoreSQL)
$MoreSQL .= \',\'; // add comma if $MoreSQL is not empty
$MoreSQL .= \'password=\"\'.trim($_POST[\'password\']).\'\"\';
}
if (trim($_POST[\'firstname\'] != \'\')) {
if ($MoreSQL)
$MoreSQL .= \',\'; // add comma if $MoreSQL is not empty
$MoreSQL .= \'firstname=\"\'.trim($_POST[\'firstname\']).\'\"\';
}
if (trim($_POST[\'lastname\'] != \'\')) {
if ($MoreSQL)
$MoreSQL .= \',\'; // add comma if $MoreSQL is not empty
$MoreSQL .= \'lastname=\"\'.trim($_POST[\'lastname\']).\'\"\';
}
if (!$MoreSQL) { // if everything is empty,no need to fire mysql_query
echo \'nothing to update\';
} else { // otherwise,update the record
mysql_query(\'UPDATE mytable SET \'.$MoreSQL.\' WHERE membersID=\'.($_POST[\'membersID\'] + 0).\'\');
}
?>
if (trim($_POST[\'style\'] != \'\')) {
if ($MoreSQL)
$MoreSQL .= \',\'; // add comma if $MoreSQL is not empty
$MoreSQL .= \'css=\"\'.trim($_POST[\'style\']).\'\"\';
}
if (!$MoreSQL) { // if everything is empty,update the record
mysql_query(\"UPDATE ´database SET \'.$MoreSQL.\' WHERE usernamename=\'.$u_name.\'\");
}