发表新帖
发表新帖

Trying Update Record with PDO

前端 未结
关注
2 1985
闹比i
闹比i 2021-01-24 04:33

I updated the question code I am still having issues no errors but does not update the record. also need to figure how to write in record # updated successfully. I am stuck on t

相关标签:
2条回答
  • 灰色年华
    2021-01-24 04:45

    Your code is a mess.

    You should use HEREDOC for big queries like this. Read more about HEREDOCs over here. Furthermore getting the affected row count is done with rowCount () More on that over here

    I don't think you understand how prepared statements work either.

    I highly advice you read up some of this.

    Lastly please read up on what is wrong with $_REQUEST.

    Now for the monstrousity you've managed to produce...

    <?php


$db_host = "localhost";
$db_username = "root";
$db_pass = "";
$db_name = "test";

$db = new PDO('mysql:host='.$db_host.';dbname='.$db_name,$db_username,$db_pass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

  $id = $_REQUEST['id'];
  $lanId = $_REQUEST['lanId'];
  $name= $_REQUEST['name'];
  $department = $_REQUEST['department'];
  $manager= $_REQUEST['manager'];
  $request = $_REQUEST['request'];
  $request_description = $_REQUEST['request_description'];
  $request_comments = $_REQUEST['request_comments'];
  $status = $_REQUEST['status'];
  $comments = $_REQUEST['comments'];
  $compUser = $_REQUEST['compUser'];
  $compDt = $_REQUEST['compDt'];

$update =
<<<SQL

UPDATE requests
    SET lanID = ?,
        name = ?,
        department = ?,
        manager = ?,
        request = ?,
        request_description = ?,
        status = ?,
        comments = ?,
        compUser = ?,
        compDt = ?

        WHERE id = ?;

SQL;

$stmt = $db->prepare ($update);
$stmt->execute (array ($lanId, $name, $department, $manager, $request, $request_description,
                $status, $comments, $compUser, $compDt, $id));

echo $stmt->rowCount () . " rows were affected.";
echo "Record " . $id . " has been updated.";


?>
    0 讨论(0)
  • 无人及你
    2021-01-24 04:45

    This code is a disaster:

    $affected_rows = $db->exec("UPDATE requests SET") . 
                                               ^^---terminating your query here
                "lanId =  '" . $lanId . "', ".

    So you run a malformed query (UPDATE requests SET), which will either throw an exception of return boolean FALSE. You then concatenate a whole bunch of text (which would've been part of your query) onto that FALSE.

    And even if this code was properly structured, you'd be WIDE OPEN to sql injection attacks.

    0 讨论(0)
 看不清?
提交回复
热议问题