问题描述
SQL查询:
SQL Query: UPDATE 'cake'.'users' AS 'User' SET 'User'.'username' = paul, 'User'.'password' = eben, 'User'.'email' = [email protected], 'User'.'phone' = 87665r5, 'User'.'address' = 23lsdhf, 'User'.'location' = lskjaflasi, 'User'.'pincode' = 867567 WHERE 'User'.'id' = 1
我的代码是
if($this->request->data)
{$User=$this->request->data[User];
$this->User->updateAll($User,array("User.id" => $v));}
如何更新整个表单?
推荐答案
updateAll()
不会自动将字符串值换成引号,而不像使用 save()
。你必须自己这样做。从: -
updateAll()
does not automatically wrap string values in quotes unlike when using save()
. You have to do this yourself. From the docs:-
您需要用 $ this-> request-> data
像调用 updateAll()
之前的数据源的 value()
方法: -
You need to wrap each string value in $this->request->data
with quotes using something like the datasource's value()
method before calling updateAll()
:-
$db = $this->getDataSource();
$value = $db->value($value, 'string');
建议不要传递 $ this-> request-> ; data
到 updateAll()
无论如何,有人可以将数据注入数据库。而是从请求数据构建一个新的保存数据数组,并适当地包装字符串。例如: -
It is advisable to not just pass $this->request->data
to updateAll()
anyway as someone could inject data into your database. Instead build a new array of save data from your request data and wrap strings as appropriate. For example:-
$user=$this->request->data[User]
$data = array(
'username' => $db->value($user['username'], 'string'),
'password' => $db->value($user['password'], 'string'),
'email' => $db->value($user['email'], 'string'),
'phone' => $db->value($user['phone'], 'string'),
'address' => $db->value($user['address'], 'string'),
'location' => $db->value($user['location'], 'string'),
'pincode' => $db->value($user['pincode'], 'integer')
);
$this->User->updateAll($data, array("User.id" => $v));
更新
作为使用 updateAll()
的替代方法,你最好使用 save()
这里。只要保存数据包含记录的主键( User.id
),它将执行 UPDATE
而不是
INSERT
: -
As an alternative to using updateAll()
you would be better to use save()
for what you are doing here. As long as your save data contains the record's primary key (e.g. User.id
) it will perform an UPDATE
rather than an INSERT
:-
$this->request->data['User']['id'] = $v;
$this->User->save($this->request->data);
save因此,您不需要自己将它们包装在引号中。
save()
will handle all the strings for you so there is no need for wrapping them in quotes yourself.
这篇关于错误:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法有错误;检查手册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!