php - 什么可以使更新查询不更新但返回成功

标签 php mysql

我用这个类来执行查询 - 插入、删除、删除创建等,但是这次我创建了一个方法来在提交更新后更新表,令我惊讶的是,它返回了成功但实际上并没有更新数据库中的记录我很困惑,我已经调试了几个小时但无济于事 所以我决定分享我的担忧,看看我是否可以获得帮助,因为我实际上在 OOP PHP 中已经两周了

这是我的类(class)

   class queryClass extends MYSQL{ //MYSQL is for connecting to database 
        //table fields
        var $user_table = '';          //table names that will be used in all names, each query method will input its own table name

        //connect to database
            function dbconnect(){
                 MYSQL::dbconnect();
            }
          //prevent injection
       function qry($query) {
          $this->dbconnect();
         $args  = func_get_args();
          $query = array_shift($args);
          $query = str_replace("?", "%s", $query);
          $args  = array_map('mysql_real_escape_string', $args);
          array_unshift($args,$query);
          $query = call_user_func_array('sprintf',$args);
          $result = mysql_query($query) or die(mysql_error());
              if($result){
                return $result;
              }else{
                 $error = "Error";
                 return $result;
              }
             //update quote function
    function updatequote($table, $message1, $message2, $column_name1, $column_name2, $column_name3, $quote_id){
         $this->dbconnect();
         $this->quote_id = $quote_id; 
        echo $message1, $message2;

        //make sure table name is set
          $this->user_table = $table;
          $this->column_name1 = $column_name1;
           $this->column_name2 = $column_name2;
         $this->column_name3 = $column_name3;

        //execute login via qry function that prevents MySQL injections
        $result = $this->qry("UPDATE ".$this->user_table." SET ".$this->column_name2."='?', ".$this->column_name3."='?'
        WHERE ".$this->column_name1."='?';", $message1, $message2, $this->quote_id );
       // $result = mysql_query("INSERT INTO ".$this->user_table."(username, password) VALUES('$username', '$password')");
      if($result){
     $_SESSION['success'] = "The Update Was Successfully Saved";
       header('location: edit_quotes.html');

       exit();
        return true; 
    }else{
      $_SESSION['success'] = "The Update Was Not Saved".mysql_error();
       header('location: edit_quotes.html'); 
       exit();   //do something on FAILED login
        return false;
    }
        }

         //quote form
        function quoteEditorform($formname, $formclass, $formaction, $helptext, $first, $second){
            //conect to DB
            $this->dbconnect();

            echo"
    <form name=\"$formname\" method=\"post\" id=\"$formname\" class=\"$formclass\" enctype=\"application/x-www-form-urlencoded\" action=\"$formaction\">

    <h2>$helptext</h2>
    <div><label for=qoute>NGWA QUOTE 
    <input type=button value='Quote' onclick=\"wrapInTags(this.form.message1,'quote')\">insert [quote].[/quote]tags
     </label>
    <textarea name=\"message1\" cols=\"40\" rows=\"4\" onclick=\"copySelection(this)\">$first</textarea><br>
    </div>
    <div><label for=\"qoute\">ENGLISH MEANING
    <input type=button value='Meaning' onclick=\"wrapInTags(this.form.message2,'meaning')\">
    insert [meaning].[/meaning]tags
    </label>
    ".$record['meaning']."
    <textarea name=\"message2\" cols=\"40\" rows=\"4\" onclick=\"copySelection(this)\">$second</textarea></div>
    <input name=\"action\" id=\"action\" value=\"sendeditedquote\" type=\"hidden\">
    <div>

    <input name=\"submit\" id=\"submitV value=\"Save\" type=\"submit\"></div>

    </form>
    <div align=\"center\"><a href=\"edit_quotes.html?do=read_bb_codes\">Read Before Posting</a></div>
    ";    }     

        function createquotetable($tablename){
        //connect to DB
        $this->dbconnect();
        $qry = "CREATE TABLE IF NOT EXISTS ".$tablename."(
    quote_id        INT(8) NOT NULL AUTO_INCREMENT,
    ngwaquote           TEXT NOT NULL,
    meaning         TEXT NOT NULL,
    saved_date      date, 
    PRIMARY KEY (quote_id)
    ) TYPE=INNODB
        ";
        $result = $this->qry($qry);
            return;
        }

这是包含我的类文件后的 quote-editor.html

 // instantiate all other needed classes
$cleaner = new cleanPost();
$connect = new MySQL();
$connect->dbconnect();// connect to a database
$bbcode = new BBCode(); 
$log = new logmein();

    if($_REQUEST['action'] == "sendeditedquote"){
  //post all the values to the database using our main class

/*topic field checking */
        if($_REQUEST['message1'] == "" || $_REQUEST['topic'] > 600) {
        $errmsg_arr[] = 'Sorry You Can\'t Send An Empty Qoute OR quote greater than 500 characters at a time';
        $errflag = true;
                                                                    }                                           

        if($_REQUEST['message2'] == "" ) {
        $errmsg_arr[] = 'Sorry You Can\'t Update With An Empty Qoute';
        $errflag = true;
                                        }

            //If there are input validations, redirect back 
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: edit_quotes.html");
        exit();
                 }
 $log->updatequote("quotes", $_REQUEST['message1'], $_REQUEST['message2'], "quote_id", "ngwaquote", "meaning", $cleaner->clean($_GET['quote_id']));

}

当我执行查询时,成功/错误行返回更新成功,但在我显示所有可用报价的另一页上,特定报价仍未更新

有过这样经历的人请告诉我该怎么办。

被询问原始查询的行 就这个- 第一个是清理我的帖子的方法,我用它来使用 $this->qry(somequeries here)

进行查询 
function qry($query) {
              $this->dbconnect();
             $args  = func_get_args();
              $query = array_shift($args);
              $query = str_replace("?", "%s", $query);
              $args  = array_map('mysql_real_escape_string', $args);
              array_unshift($args,$query);
              $query = call_user_func_array('sprintf',$args);
              $result = mysql_query($query) or die(mysql_error());
                  if($result){
                    return $result;
                  }else{
                     $error = "Error";
                     return $result;
                  }

     //update quote function using $this->qry()
        function updatequote($table, $message1, $message2, $column_name1, $column_name2, $column_name3, $quote_id){
             $this->dbconnect();
             $this->quote_id = $quote_id; 
            echo $message1, $message2;

            //make sure table name is set
              $this->user_table = $table;
              $this->column_name1 = $column_name1;
               $this->column_name2 = $column_name2;
             $this->column_name3 = $column_name3;

            //execute login via ****qry function**** that prevents MySQL injections
            $result = $this->qry("UPDATE ".$this->user_table." SET ".$this->column_name2."='?', ".$this->column_name3."='?'
            WHERE ".$this->column_name1."='?';", $message1, $message2, $this->quote_id );
           // $result = mysql_query("INSERT INTO ".$this->user_table."(username, password) VALUES('$username', '$password')");
          if($result){
         $_SESSION['success'] = "The Update Was Successfully Saved";
           header('location: edit_quotes.html');

           exit();
            return true; 
        }else{
          $_SESSION['success'] = "The Update Was Not Saved".mysql_error();
           header('location: edit_quotes.html'); 
           exit();   //do something on FAILED login
            return false;
        }
            }

最佳答案

如果更新语句的 where 子句不匹配任何行,则 update 语句将返回成功。
然而它不会改变任何东西。
请注意,MySQL 知道值何时未真正更改,因此该语句

UPDATE table1 SET col1 = 0 WHERE col1 = 0

受影响的行数始终返回 0。

如果您想知道是否有任何更改,您需要调用:

$rows_updated = mysql_affected_rows($this->connection);
or
$rows_updated = mysqli_affected_rows($this->connection);  //if you're using mysqli

更新语句仅在发生错误时指示失败。

有关 SQL 注入(inject)的警告
我注意到您使用动态表和列名称。
如果这些值可以由用户以任何方式更改,或者通过可能受另一个可能受用户影响的 php session 影响的超全局变量传递,则存在 SQL 注入(inject)漏洞。

以下是如何确保自己免受这种情况的影响:How to prevent SQL injection with dynamic tablenames?

关于php - 什么可以使更新查询不更新但返回成功,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7912838/

上一篇:php - Mysql - 将行转换为列

下一篇:php - 通过帖子将值传递到我的其他页面时出现问题

相关文章:

php - Symfony2 和 PHPUnit - 访问 getContainer()

php - 在可调用的set_error_handler中获取产生错误的函数名称

php - 将现有站点迁移到 Drupal 之类的 CMS 或 Zend 之类的框架,或者两者都不迁移?

php - 将数据库类传递给构造函数?

mysql - Node.js mysql查询响应延迟

php - 对于登录 GET 还是 POST?

php - 使用 PHP 跨三个 MySQL 表进行更新/插入

php - "XML Parsing Error: junk after document element"

mysql - 显示用户关注相同 ID 的结果

php - PHP - MySQL 脚本非常慢

©2024 IT工具网  联系我们