So I've recently switched to using PEDO instead of mysqli I now have to attach important values with mysqli There is a question about doing so I escaped the keys and values opened through it and used them in my questions, now I want to do the same thing in the pedo but it is not working and I do not know if it Why is my code:
foreach ($ Key $> $ userdata as $ value) {$ sql = $ this- & gt; Db- & gt; Prepare ("UPDATE` users` SET: key =: value WHERE` id` =: userid "); $ Sql- & gt; Execution (array ('key' = & gt; $ key; 'value' = & gt; $ value, 'user id' = & gt; $ userid)); } There is more code to see that it requires updating and other types of input which requires more recognition but this is the main query that I used but without compulsion . Is it possible with PWO and binding parameters and prices? This is an error I get:
SQLSTATE [42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; Check the manual related to your MySQL server version for the correct syntax to use the nearby 'username' = 'sjerdus' WHERE`Id` = '2' < P> You have this error because you have tried to update the dynamically named field SET: key = ... can not work because when the parameter is replaced with its value, it will be saved by PDO (and the quote L).
If you want to keep a variable field name that will be updated, you will need to manually insert the name of the field, but you have to check for yourself security.
Try doing something like this:
<$ Sql = $ this-> Db- & gt; Prepare ("Set Up User" SET "$ field." = "Value WHERE id id =: User ID"); $ Sql- & gt; Execution (array ('value' = & gt; $ value, 'user id' = & gt; $ userid));
No comments:
Post a Comment