PDO bindValue适用于其他输入,为什么不这个?

时间:2022-07-28 10:52:46

I'm building a form where users can update attributes of books. There's a dynamically generated HTML form where users can enter new values for things like "Title", "Author", and "Description" that looks some thing like this:

我正在构建一个用户可以更新书籍属性的表单。有一个动态生成的HTML表单,用户可以在其中为“标题”,“作者”和“描述”之类的内容输入新值,看起来像这样:

echo "<form id=changerform name=changerform action=updatesubmit.php method=post>";
echo "<span id=titlebox>Title: <input class=attributefield style='border:none' type=text size=100 id=Title value='".$item['Title']."' />Change This?</span> <br>";
echo "<span id=authorbox>Author: <input class=attributefield style='border:none' type=text id=Author value='".$item['Author']."' />Change This?</span><br>";
echo "<span id=description>Description: <textarea class=attributefield style='border:none' rows=9 cols=100 name=Description id=Description >".$item['Description']."</textarea></span>";
echo "<input type='hidden' id='bookidfield' name='bookidfield' value = '".$toChange."' />";

This form is handled by some php that looks like this:

这个表单由一些看起来像这样的php处理:

        while($nowfield = current($_POST)){

    $col = key($_POST);

    switch($col){
        case 'Title':
        $qstring = 'UPDATE Mainbooks SET Title = :slug WHERE ItemID LIKE :bookid;';
        break;

        case 'Author':
        $qstring = 'UPDATE Mainbooks SET Author = :slug WHERE ItemID LIKE :bookid;';
        break;

        case 'Description':
        $qstring = "UPDATE Mainbooks SET Description = :slug WHERE ItemID LIKE :bookid;";
        break;

        default:
        echo "Invalid input";
        break;

        }//end switch

    $upquery = $safelink->prepare($qstring);
    $upquery->bindValue(':slug', $nowfield, PDO::PARAM_STR);
    $upquery->bindValue(':bookid', $_POST['bookidfield'], PDO::PARAM_INT);
    $upquery->execute();

next($_POST);





} //end while

I've organized it as a switch statement because there's code in the form that only passes fields that have been changed through in post (with the exception of the 'bookidfield' input, which has the unique key for each item in it.) With the switch, only the necessary queries run.

我已经将它组织为switch语句,因为表单中的代码只传递已经在post中更改过的字段(除了'bookidfield'输入,其中包含每个项目的唯一键。)交换机,只运行必要的查询。

The 'title' and 'author' fields work fine; they update without issue to the new values. The 'description' field, though, always updates to the value of the 'bookidfield.' I can fix it if I go in and manually change the ':bookid' parameter to the id of the book I want.

'title'和'author'字段工作正常;他们更新时没有问题到新值。但是,“描述”字段始终更新为“bookidfield”的值。我可以修复它,如果我进去并手动将':bookid'参数更改为我想要的书的ID。

If I var_dump(_$POST) it seems to come through with the right key values, like so:

如果我var_dump(_ $ POST)它似乎通过正确的键值,如下所示:

    array(4) { ["Title"]=> string(22) "Gross Boogers and Such" ["Author"]=> string(14) "Franny Panties" ["Description"]=> string(55) "This is the value I want to change the description to!!" ["bookidfield"]=> string(3) "184" }

But in my SQL table, it will change the title of book 184 to "Gross Boogers and Such" and the author to "Franny Panties," but it will change the description to "184." It's got to have something to do with my use of bindValue(), right? Or does it have to do with my loop? Is it how the form is named? I've been looking at it too long to see whatever it is.

但是在我的SQL表中,它将把书184的标题改为“Gross Boogers and Such”,将作者改为“Franny Panties”,但它会将描述改为“184”。它必须与我使用bindValue()有关,对吗?或者它与我的循环有关?表单是如何命名的?我一直在看它太长时间看它是什么。

Thanks *, you guys are great.

谢谢*,你们很棒。

2 个解决方案

#1


1  

Your problem is, when the $col is different to Title, Author or Description, in other words, when the switch executes the default case you are executing the previous query with $nowfield = 184. You must not execute the query.

问题是,当$ col与Title,Author或Description不同时,换句话说,当开关执行默认情况时,您正在使用$ nowfield = 184执行上一个查询。您不能执行查询。

When switch execute the default case, you must "jump" to the next value, skipping the query execution.

当switch执行默认情况时,您必须“跳转”到下一个值,跳过查询执行。

default:
    echo "Invalid input";
    next($_POST);
    continue 2;
    break;

#2


0  

Your HTML is broken for the Description <textarea>. You have...

您的HTML因描述

<textarea ... name=Description id=Description />".$item['Description']."</textarea>
<!--                                          ^ there's your problem -->

Where it should be

它应该在哪里

<textarea ... name=Description id=Description>".$item['Description']."</textarea>

As mentioned in my comment, the way you're generating HTML is bound to lead to problems. I suggest you take this approach...

正如我的评论中所提到的,您生成HTML的方式必然会导致问题。我建议你采取这种方法......

// leave the PHP context
?>
<form id="changerform" action="updatesubmit.php" method="post">
    <span id="titlebox">
        Title:
        <input class="attributefield" type="text" id="Title" value="<?= htmlspecialchars($item['Title']) ?>">
        Change This?
    </span>
    <!-- you get the idea -->
</form>

#1


1  

Your problem is, when the $col is different to Title, Author or Description, in other words, when the switch executes the default case you are executing the previous query with $nowfield = 184. You must not execute the query.

问题是,当$ col与Title,Author或Description不同时,换句话说,当开关执行默认情况时,您正在使用$ nowfield = 184执行上一个查询。您不能执行查询。

When switch execute the default case, you must "jump" to the next value, skipping the query execution.

当switch执行默认情况时,您必须“跳转”到下一个值,跳过查询执行。

default:
    echo "Invalid input";
    next($_POST);
    continue 2;
    break;

#2


0  

Your HTML is broken for the Description <textarea>. You have...

您的HTML因描述

<textarea ... name=Description id=Description />".$item['Description']."</textarea>
<!--                                          ^ there's your problem -->

Where it should be

它应该在哪里

<textarea ... name=Description id=Description>".$item['Description']."</textarea>

As mentioned in my comment, the way you're generating HTML is bound to lead to problems. I suggest you take this approach...

正如我的评论中所提到的,您生成HTML的方式必然会导致问题。我建议你采取这种方法......

// leave the PHP context
?>
<form id="changerform" action="updatesubmit.php" method="post">
    <span id="titlebox">
        Title:
        <input class="attributefield" type="text" id="Title" value="<?= htmlspecialchars($item['Title']) ?>">
        Change This?
    </span>
    <!-- you get the idea -->
</form>