我有一个网络程序,允许管理员更新用户的信息......话虽如此,我只想要更新的列确实已经'更新'...
我已经对此进行了相当多的研究,似乎所有方法都使用过时的查询,它们没有利用prepare语句来逃避输入......
有人可以帮我说说吗?
基本上在伪代码中:
Update FIRSTNAME if $editedUserdata['firstname'] != FIRSTNAME, LASTNAME if $editedUserData['lastname']!= LASTNAME ...等...
这是我对邮政编码的看法......
$password = sha1($password);
$editedUserData = array(
'firstname' => $firstname,
'lastname' => $lastname,
'username' => $username,
'password' => $password,
'cellphone' => $cellphone,
'security_level' => $seclvl,
'email' => $email,
'direct_phone' => $direct,
'ext_num' => $extension,
'is_active' => $userflag
);
那应该是这样的
$query = $this->db->prepare('UPDATE FIRSTNAME if(?) IS NOT FIRSTNAME, LASTNAME if(?) IS NOT LASTNAME, USERNAME if (?) IS NOT USERNAME.... VALUES (:firstname, :lastname, :username).....' …