1. 技术文章
  2. How to add a POST request for all inputs in PDO PHP

How to add a POST request for all inputs in PDO PHP

会有一股神秘感。 提交于 2019-12-25 01:04:10

问题


I have the following PHP PDO Update script, instead of having the inputs all hardcoded I would like to get the values from POST.

How can I modify the following script to update both name and link to POST input values?

 <?php
// Connection data (server_address, database, name, poassword)
$hostdb = 'localhost';
$namedb = 'tests';
$userdb = 'username';
$passdb = 'password';

try {
  // Connect and create the PDO object
  $conn = new PDO("mysql:host=$hostdb; dbname=$namedb", $userdb, $passdb);
  $conn->exec("SET CHARACTER SET utf8");      // Sets encoding UTF-8

  // changes data in "name" si "link" colummns, where id=3
  $sql = "UPDATE `sites` SET `name`='Spanish Course', `link`='marplo.net/spaniola' WHERE `id`=3";
  $count = $conn->exec($sql);

  $conn = null;        // Disconnect
}
catch(PDOException $e) {
  echo $e->getMessage();
}

// If the query is succesfully performed ($count not false)
if($count !== false) echo 'Affected rows : '. $count;       // Shows the number of affected rows
?>

回答1:


To replace the hard-coded values with dynamic values coming from $_POST you can use prepared statements. First you need to make sure with isset that the values were sent to your script. Then you should prepared the SQL statement with placeholders and execute passing in the array with your data.

This sample script shows how it could be done: 

// Connection data (server_address, database, name, poassword)
$hostdb = 'localhost';
$namedb = 'tests';
$userdb = 'username';
$passdb = 'password';
$charset = 'utf8'; // you should be using utf8mb4 instead

if (isset($_POST['name'], $_POST['link'], $_POST['id'])) {
    // Connect and create the PDO object
    $options = [
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_EMULATE_PREPARES => false,
    ];
    $conn = new PDO("mysql:host=$hostdb;dbname=$namedb;charset=$charset", $userdb, $passdb, $options);

    // changes data in "name" si "link" colummns, where id=3
    $stmt = $conn->prepare('UPDATE `sites` SET `name`=:name, `link`=:link WHERE `id`=:id');
    $stmt->execute([
        'name' => $_POST['name'],
        'link' => $_POST['link'],
        'id' => $_POST['id'],
    ]);

    // Shows the number of affected rows
    echo 'Affected rows : '. $stmt->rowCount();
}

If you are unsure about the correct use of PDO you can take a look at this well-acclaimed PDO guide https://phpdelusions.net/pdo




回答2:


You can use the POST[''] properties to get the information from a POST request.

<?php
// Connection data (server_address, database, name, poassword)
$hostdb = 'localhost';
$namedb = 'tests';
$userdb = 'username';
$passdb = 'password';

try {
  // Connect and create the PDO object
  $conn = new PDO("mysql:host=$hostdb; dbname=$namedb; charset=utf8", $userdb, $passdb);

  // changes data in "name" is "link" colummns, where id=3
  $sql = "UPDATE `sites` SET `name`=':name', `link`=':link' WHERE `id`=3";
  $conn->prepare($sql);
  $count = $conn->exec(array('name' => $_POST['name'], 'link' => $_POST['link']));
  $conn = null;        // Disconnect
}
catch(PDOException $e) {
  echo $e->getMessage();
}

// If the query is succesfully performed ($count not false)
if($count !== false) echo 'Affected rows : '. $count;       // Shows the number of affected rows
?>

Notice that I used the prepared query statement. This provides protection from SQL Injection.



来源:https://stackoverflow.com/questions/56690184/how-to-add-a-post-request-for-all-inputs-in-pdo-php

标签
php
sql
pdo
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!