我正在php文件中处理sql请求,但我遇到了一个问题。我的行动奏效了:
if( isset($_POST['week']) && !empty($_POST['week']) && isset($_POST['location']) && !empty($_POST['location']))
{
$week = $_POST['week'];
$location = $_POST['location'];
$sql = 'SELECT *
FROM myDataBaseName
WHERE myDataBaseName_week='.$week.'
AND myDataBaseName_location="'.$location.'"';
}
我的更新功能看起来不起作用:
if (isset($_POST['week']) && !empty($_POST['week']) && isset($_POST['location']) && !empty($_POST['location']) && isset($_POST['number']) && !empty($_POST['number']))
{
$week = $_POST['week'];
$location = $_POST['location'];
$numberForUpdate = $_POST['number'];
$sql = 'UPDATE *
FROM myDataBaseName
SET myDataBaseName_numbers ='.$numberForUpdate.'
WHERE myDataBaseName_week='.$week.'
AND myDataBaseName_location="'.$location.'"';
}
有人能帮我获得正确的更新功能吗?
谢谢!
应该是:
$sql = 'UPDATE myDataBaseName
SET myDataBaseName_numbers ='.$numberForUpdate.'
WHERE myDataBaseName_week='.$week.'
AND myDataBaseName_location="'.$location.'"';
而不是
$sql = 'UPDATE *
FROM myDataBaseName
SET myDataBaseName_numbers ='.$numberForUpdate.'
WHERE myDataBaseName_week='.$week.'
AND myDataBaseName_location="'.$location.'"';
MySQL 更新参考
然而,您需要知道更新数据的方法并不安全。您应该使用准备好的语句来防止SQL注入,这里的数据可以是用户在表单中输入的任何数据。