0

一度に多くの列を編集しようとしています。ユーザーが編集できるようにしたいフィールドがたくさんあります。何を間違っているのか正確にはわかりません。どんな助けでも大歓迎です。mySQLクエリに問題があったと記載されています。次の情報をテクニカルサポートに連絡してください。

       <?php 
       $dbserver = "";
       $dblogin = "";
       $dbpassword = "";
       $dbname = "";

       $con = mysqli_connect("$dbserver","$dblogin","$dbpassword","$dbname");
       if (!$con)
       {
       die('Could not connect to the mySQL server please contact technical 
       support with the following information: ' . mysqli_connect_errno());
       }

       $organization = mysqli_real_escape_string($_POST['organization']);
       $firstname = mysqli_real_escape_string($_POST['firstname']);
       $lastname = mysqli_real_escape_string($_POST['lastname']);
       $rank = mysqli_real_escape_string($_POST['rank']);
       $branch= mysqli_real_escape_string($_POST['branch']);
       $gender= mysqli_real_escape_string($_POST['gender']);
       $emailaddress = mysqli_real_escape_string($_POST['emailaddress']);
       $jobtitle = mysqli_real_escape_string($_POST['jobtitle']);
       $company = mysqli_real_escape_string($_POST['company']);
       $businessphone = mysqli_real_escape_string($_POST['businessphone']);
       $homephone = mysqli_real_escape_string($_POST['homephone']);
       $mobilephone = mysqli_real_escape_string($_POST['mobilephone']);
       $faxnumber = mysqli_real_escape_string($_POST['faxnumber']);
       $address = mysqli_real_escape_string($_POST['address']);
       $city = mysqli_real_escape_string($_POST['city']);
       $state = mysqli_real_escape_string($_POST['state']);
       $zippostal = mysqli_real_escape_string($_POST['zippostal']);
       $country = mysqli_real_escape_string($_POST['country']);
       $notes = mysqli_real_escape_string($_POST['notes']);
       $donorid = mysqli_real_escape_string($_POST['donorid']);

       // make the query a variable so we can print out if it fails
       $query = "UPDATE donors SET organization = '$organization', firstname =         
       '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch', 
       gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', 
       company = '$company', businessphone = '$businessphone', homephone = 
       '$homephone', mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = 
       '$address', city = '$city', state = '$state', zippostal = '$zippostal', country 
       = '$country', notes = '$notes', donorid = '$donorid' WHERE donorid = 
       '$donorid'";

       $sql = mysqli_query($con,$query) or die('There was a problem with your mySQL   
       query please contact technical support with the following information: ' .  
       mysqli_error());

       // troubleshooting for development only     
       if(mysqli_affected_rows($sql) < 1){
       die('There was a problem with your mySQL query : ' . $query);}

       mysqli_close($con);
        header( 'Location: http://localhost/moddonor.php' ) ;
        ?>
4

3 に答える 3

4

@Sean の回答に関する会話に基づいて、動的にクエリを作成する必要があります。次のようなものが機能するはずです (また、php5.3+ の anon 関数に固有の構文を使用していることにも注意してくださいarray_map):

// array of field => bind type
$fields = array(
   'firstname' => 's',
   'lastname' => 's',
   'rank' => 'i',
   // other fields EXCEPT donorid
);

// template for the sql
$sqlTemplate = 'UPDATE SET %s WHERE donorid = ?';

// array to hold the fields we will actually use with the query
$params = array();

// lets check the fileds against those allowed
// and stick them in the $params array - note we exclude donorid
// because its required


foreach ($fields as $field => $type) {
   if(isset($_POST[$field]) && !empty($_POST[$field])) {
      $params[$field] = array(
          'value' => $_POST[$field],
          'type' => $type
      ); 
   }
}

// if we actually have something to update then lets prep the sql

if(!empty($params)) {
   $forUpdate = array_map(function ($f) { return $field . ' = ?'; }, array_keys($params));
   $sql = sprtintf($sqlTemplates, implode(',', $forUpdate));

   // $sql is now the parameterized query like my example below

   // compile all the parameter types into a single string like 'ssi'
   $types = implode('', array_map(function($v){ return $v['type'];}, $params));

   // now we need to push the $stmt and the $types onto $params
   array_unshift ($params, $stmt, $types);

   // params now looks like:
   // Array ( 0 => Msqil_Stmt, 1 => 'ssi', 'firstname' => 'thevalue', 'lastname' => 'value', 'rank' => 1, etc..) 

   // now call bindparam via call_user_func_array 
   call_user_func_array('mysql_stmt_bind_param', $params);

   // now execute the query:

   mysqli_stmt_execute($stmt);
}

あなたは複数のことを間違っています:

  1. 両方を使用してmysql_*おり、mysqli_*交換可能ではありません。使用は推奨されていないmysqli_*ため、使用すべきではありません。mysql_*すべての mysql 関数はmysqliバージョンである必要があります。
  2. 値を引用符で囲み、それらの値をエスケープする必要もあります。mysqli を使用しているので、準備済みステートメントを使用します。
  3. リソース接続は、クエリ関数の最初の引数ではなく、2 番目の引数です。

--

  // with mysqli the db name is passed as an argument wen creating the connection
  $con = mysqli_connect("$dbserver","$dblogin","$dbpassword", $dbname);

  if (!$con) {
     die('Could not connect to the mySQL server please contact 
        technical support with the following information: ' . mysqli_error());
  }

  $sql = "UPDATE donors set organization = ?, firstname =  
  ?, lastname = ?, rank = ?, branch = ?,
  gender = ?, emailaddress = ?, jobtitle = ?, company   
  =?, businessphone = ?, homephone = ?, 
  mobilephone =?, faxnumber = ?, address = ?, city = 
  ?, state = ?, zippostal =?, country = ?,
  note = ?
  WHERE donorid= ?";
  $stmt = mysqli_preapre($sql);

  mysqli_bind_param($stmt, 
     'ssisss...i', 
     $organization,
     $firstname,
     $lastname,
     $rank,
     $branch,
     $gender,
      $emailaddress,
     // other feilds... the must be in the same order as named in the query
     // then lastly the donorid
     $donorid
  );

  // execute the query
  mysqli_stmt_excecute($stmt);

  mysqli_close($con);
  header( 'Location: http://localhost/moddonor.php' ) ;
于 2013-03-24T04:02:46.170 に答える
1

を使用して接続していますが、 をmysql_connect()使用していmysqli_query()ます。また、値を引用符で囲む必要があります'/"

  $con = mysql_connect("$dbserver","$dblogin","$dbpassword");
  ...
  mysql_select_db("$dbname", $con);
  ...
  mysqli_query($con,"UPDATE donors set organization = '$organization', firstname =  
  '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch',
  gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', company   
  ='$company', businessphone = '$businessphone', homephone = '$homephone', 
  mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = '$address', city = 
  '$city', state = '$state', zippostal = '$zippostal', country = '$country',
  note = '$note' WHERE donorid= '$donorid'");

  mysqli_close($con);

機能が減価償却 さmysqli_connect()れているため、接続を変更してください。mysql_

  $con = mysqli_connect("$dbserver", "$dblogin", "$dbpassword", "$dbname");
  if (!$con)
  {
  die('Could not connect to the mySQL server please contact 
  technical support with the following information: ' . mysqli_error());
  }

  mysqli_query($con,"UPDATE donors set organization = '$organization', firstname =  
  '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch',
  gender = '$gender', emailaddress = '$emailaddress', jobtitle = '$jobtitle', company   
  ='$company', businessphone = '$businessphone', homephone = '$homephone', 
  mobilephone = '$mobilephone', faxnumber = '$faxnumber', address = '$address', city = 
  '$city', state = '$state', zippostal = '$zippostal', country = '$country',
  note = '$note' WHERE donorid= '$donorid'");

また、準備済みステートメントの実行方法を学ぶことも有益です - http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

参照 - http://php.net/manual/en/mysqlinfo.api.choosing.php
またはhttp://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated

編集
どうやら、クエリで変数を使用する前に変数を設定していないようです。注: ユーザー入力は必ずサニタイズしてください。見るmysqli_real_escape_string()

//Put this after $con = mysqli_connect(), but before mysqli_query()
$organization = mysqli_real_escape_string($_POST['organization']);
$firstname = mysqli_real_escape_string($_POST['firstname']);
$lastname = mysqli_real_escape_string($_POST['lastname']);
....
$donorid = mysqli_real_escape_string($_POST['donorid']);
// need to add the rest of your form inputs

EDIT 2
更新されたスクリプトにはいくつかの問題があります - organization = $_POST['$organization'], $firstname = $_POST['$firstname']mysql_error()など。次のコード編集を使用してみてください。

 <?php 
 $dbserver = "";
 $dblogin = "";
 $dbpassword = "";
 $dbname = "";

 $con = mysqli_connect("$dbserver","$dblogin","$dbpassword","$dbname");
 if (!$con)
 {
 die('Could not connect to the mySQL server please contact technical support with  
 the following information: ' . mysqli_connect_errno());
 }

 $organization = mysqli_real_escape_string($_POST['organization']);
 $firstname = mysqli_real_escape_string($_POST['firstname']);
 $lastname = mysqli_real_escape_string($_POST['lastname']);
 $rank = mysqli_real_escape_string($_POST['rank']);
 $branch= mysqli_real_escape_string($_POST['branch']);
 $gender= mysqli_real_escape_string($_POST['gender']);
 $emailaddress = mysqli_real_escape_string($_POST['emailaddress']);
 $donorid = mysqli_real_escape_string($_POST['donorid']);

 // make the query a variable so we can print out if it fails
 $query = "UPDATE donors SET organization = '$organization', firstname = '$firstname', lastname = '$lastname', rank = '$rank', branch = '$branch', gender = '$gender', emailaddress = '$emailaddress' WHERE donorid = '$donorid'";

 $sql = mysqli_query($con,$query) or die('There was a problem with your mySQL query please contact technical support with the following information: ' . mysqli_error());

 // troubleshooting for development only     
 if(mysqli_affected_rows($sql) < 1){
   die('There was a problem with your mySQL query : ' . $query);}

 mysqli_close($con);
 header( 'Location: http://localhost/moddonor.php' ) ;
于 2013-03-24T04:02:32.273 に答える
0

エラーについては触れませんでしたが、

たとえば、一重引用符(')を使用して値をラップする必要があると思います

組織を設定=$Organization

になります

組織を設定='$Organization'

于 2013-03-24T04:01:05.190 に答える