具有多列的 PHP MySQL 更新集查询

2022-01-17 00:00:00 sql-update sql php mysql

我已经用逗号和AND"语句尝试了这个查询,如下图所示.我收到语法错误

I've tried this query with both commas and "AND" statements as pictured below. I get a syntax error

出了点问题.您的 SQL 语法有误;查看与您的 MySQL 服务器版本相对应的手册,以了解在 ' 附近使用的正确语法,可以 24/7 全天候通过电话和电子邮件回答任何问题并为您提供帮助 ' 在第 1 行

Something went wrong.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'are available 24/7 by phone and email to answer any questions and to assist you ' at line 1

每次我尝试这个查询:

$sql = mysql_query("UPDATE general
    SET bookabandheading = $_POST[bookabandheading 
    AND bookaband = $_POST[bookaband]
    AND contactus = $_POST[contactus]
    AND aboutuslisten = $_POST[aboutuslisten]
    AND contactusheading = $_POST[contactusheading]
    AND nightclubsheading = $_POST[nightclubsheading]
    AND acousticheading = $_POST[acousticheading]
    AND schoolsheading = $_POST[schoolsheading]
    AND privateheading = $_POST[privateheading]
    AND concertsheading = $_POST[concertsheading]
    AND festivalsheading = $_POST[festivalsheading]
    AND submissions = $_POST[submissions]
    AND interns = $_POST[interns]
    AND managementbio = $_POST[managementbio]
    AND latestnews = $_POST[latestnews]
    AND artistofthemonth = $_POST[artistofthemonth]
    AND artistofthemonthphoto = $_POST[artistofthemonthphoto]
    AND artistofthemonthid = $_POST[artistofthemonthid]
    AND listentoourartists = $_POST[listentoourartists]
    AND musicianswanted = $_POST[musicianswanted]
    AND aboutus = $_POST[aboutus]
    AND bshowcases = $_POST[bshowcases]
    AND bandavails = $_POST[bandavails]");

查询在另一个 VPS 上的不同数据库中工作,但我只是迁移了服务器,它不再工作.非常感谢任何帮助!

The query worked in a different database on another VPS, but I just migrated servers and it no longer works. Any help is greatly appeciated!

推荐答案

虽然主要问题是您在 bookamandheading 之后错过了右括号,但我仍然建议您重构此请求,例如:

While the main problem is that you missed the closing bracket after bookamandheading, still I would like to advise you to refactor this request for example like this:

$keys = array("bookabandheading", "bookaband", "contactus", "aboutuslisten",
              "contactusheading", "nightclubsheading", "acousticheading",
              "schoolsheading", "privateheading", "concertsheading",
              "festivalsheading", "submissions", "interns", "managementbio",
              "latestnews", "artistofthemonth", "artistofthemonthphoto",
              "artistofthemonthid", "listentoourartists", "musicianswanted",
              "aboutus", "bshowcases", "bandavails");
$set = array();
foreach ($keys as $key) {
    $set[] = sprintf(" %s = '%s' ", $key, mysql_escape_string($_POST[$key]));
}
$sql = mysql_query("UPDATE general SET " . implode(", ", $set));

通过转义输入更容易维护,也更安全.

It is much easier to maintain and also a bit more secure by escaping the input.

更新:添加 where 语句示例

Update: add where statement example

$where = array();
$where[] = sprintf(" some_string = '%s' ", mysql_escape_string($some_string));
$where[] = sprintf(" some_integer = %d ", $some_integer);
$where = " WHERE " . implode(" AND ", $where);
$sql = mysql_query("UPDATE general SET " . implode(", ", $set) . " " . $where);

相关文章