Tim*_*one 1 php mysql sql insert
我有这个代码从'jobseeker'表中选择所有字段,并且它应该通过将userType设置为'admin'来更新'user'表,其中userID = $ userID(此userID是我的用户)数据库).然后该语句应该将这些值从'jobseeker'表中插入'admin'表中,然后从'jobseeker表中删除该用户.sql表很好,我的语句正在将userType更改为admin并从'jobseeker'表中获取用户...但是,当我进入数据库(通过phpmyadmin)时,管理员已被添加,没有任何详细信息.任何人都可以解释为什么$ userData没有从'jobseeker'表中传递用户的详细信息并将它们插入'admin'表中?
这是代码:
<?php
include ('../database_conn.php');
$userID = $_GET['userID'];
$query = "SELECT * FROM jobseeker WHERE userID = '$userID'";
$result = mysql_query($query);
$userData = mysql_fetch_array ($result, MYSQL_ASSOC);
$forename = $userData ['forename'];
$surname = $userData ['surname'];
$salt = $userData ['salt'];
$password = $userData ['password'];
$profilePicture = $userData ['profilePicture'];
$sQuery = "UPDATE user SET userType = 'admin' WHERE userID = '$userID'";
$rQuery = "INSERT INTO admin (userID, forename, surname, salt, password, profilePicture) VALUES ('$userID', '$forename', '$surname', '$salt', '$password', '$profilePicture')";
$pQuery = "DELETE FROM jobseeker WHERE userID = '$userID'";
mysql_query($sQuery) or die (mysql_error());
$queryresult = mysql_query($sQuery) or die(mysql_error());
mysql_query($rQuery) or die (mysql_error());
$queryresult = mysql_query($rQuery) or die(mysql_error());
mysql_query($pQuery) or die (mysql_error());
$queryresult = mysql_query($pQuery) or die(mysql_error());
mysql_close($conn);
header ('location: http://www.numyspace.co.uk/~unn_v002018/webCaseProject/index.php');
?>
首先,永远不要SELECT *在某些代码中使用:如果表结构发生变化(从不说永远),它会咬你(或者必须维护这个应用程序的人).
您可以考虑使用直接INSERT获取其值的值SELECT:
"INSERT INTO admin(userID, forename, ..., `password`, ...)
SELECT userID, forename, ..., `password`, ...
FROM jobseeker WHERE userID = ..."
您不必通过PHP来执行此操作.
(请注意使用上面mysql_real_escape_string这个答案的早期版本中依赖的示例.使用mysql_real_escape_string不是一个好主意,尽管它可能比将参数直接放入查询字符串要好一些.)
我不确定你使用的是哪个MySQL引擎,但你也应该考虑在一个事务中做这些语句(你需要InnoDB而不是MyISAM).
另外,我建议使用mysqli和准备语句来绑定参数:这是一种更加清晰的方式,不必转义输入值(以避免SQL注入攻击).
编辑2:
(如果它们打开,你可能想要关闭魔术引号.)
$userID = $_GET['userID'];
// Put the right connection parameters
$mysqli = new mysqli("localhost", "user", "password", "db");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
// Use InnoDB for your MySQL DB for this, not MyISAM.
$mysqli->autocommit(FALSE);
$query = "INSERT INTO admin(`userID`, `forename`, `surname`, `salt`, `password`, `profilePicture`)"
." SELECT `userID`, `forename`, `surname`, `salt`, `password`, `profilePicture` "
." FROM jobseeker WHERE userID=?";
if ($stmt = $mysqli->prepare($query)) {
$stmt->bind_param('i', (int) $userID);
$stmt->execute();
$stmt->close();
} else {
die($mysqli->error);
}
$query = "UPDATE user SET userType = 'admin' WHERE userID=?";
if ($stmt = $mysqli->prepare($query)) {
$stmt->bind_param('i', (int) $userID);
$stmt->execute();
$stmt->close();
} else {
die($mysqli->error);
}
$query = "DELETE FROM jobseeker WHERE userID=?";
if ($stmt = $mysqli->prepare($query)) {
$stmt->bind_param('i', (int) $userID);
$stmt->execute();
$stmt->close();
} else {
die($mysqli->error);
}
$mysqli->commit();
$mysqli->close();
编辑3:我没有意识到你userID是一个int(但这可能是因为你说它在注释中自动递增):将它转换为int和/或不要将它用作字符串( (也就是引号)WHERE userID = '$userID'(但同样,不要直接在查询中插入变量,无论是从DB还是请求参数读取).
| 归档时间: |
|
| 查看次数: |
17489 次 |
| 最近记录: |