错误:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法有错误;检查手册
错误:SQLSTATE [42000]:语法错误或访问冲突:1064您
在您的SQL语法中有错误;检查对应于
的手册,你的MySQL服务器版本正确的语法在'@ g.com,
''user'。'phone'= 87665r5,'User'。'address'= 23lsdhf ,
'User','location''在第1行
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@g.com, 'User'.'phone' = 87665r5, 'User'.'address' = 23lsdhf, 'User'.'location' ' at line 1
SQL查询:
SQL Query:
UPDATE 'cake'.'users' AS 'User' SET 'User'.'username' = paul, 'User'.'password' = eben, 'User'.'email' = paul@g.com, 'User'.'phone' = 87665r5, 'User'.'address' = 23lsdhf, 'User'.'location' = lskjaflasi, 'User'.'pincode' = 867567 WHERE 'User'.'id' = 1
我的代码是
if($this->request->data)
{$User=$this->request->data[User];
$this->User->updateAll($User,array("User.id" => $v));}
如何更新整个表单?
updateAll()
不会自动将字符串值换成引号,而不像使用 save()
。你必须自己这样做。从文档: -
updateAll()
does not automatically wrap string values in quotes unlike when using save()
. You have to do this yourself. From the docs:-
字面值应使用DboSource :: value()手动引用。
Literal values should be quoted manually using DboSource::value().
您需要用 $ this-> request-> data
像调用 updateAll()
之前的数据源的 value()
方法: -
You need to wrap each string value in $this->request->data
with quotes using something like the datasource's value()
method before calling updateAll()
:-
$db = $this->getDataSource();
$value = $db->value($value, 'string');
建议不要传递 $ this-> request-> ; data
到 updateAll()
无论如何,有人可以将数据注入数据库。而是从请求数据构建一个新的保存数据数组,并适当地包装字符串。例如: -
It is advisable to not just pass $this->request->data
to updateAll()
anyway as someone could inject data into your database. Instead build a new array of save data from your request data and wrap strings as appropriate. For example:-
$user=$this->request->data[User]
$data = array(
'username' => $db->value($user['username'], 'string'),
'password' => $db->value($user['password'], 'string'),
'email' => $db->value($user['email'], 'string'),
'phone' => $db->value($user['phone'], 'string'),
'address' => $db->value($user['address'], 'string'),
'location' => $db->value($user['location'], 'string'),
'pincode' => $db->value($user['pincode'], 'integer')
);
$this->User->updateAll($data, array("User.id" => $v));
更新
作为使用 updateAll()
的替代方法,你最好使用 save()
这里。只要保存数据包含记录的主键( User.id
),它将执行 UPDATE 而不是
INSERT
: -
As an alternative to using updateAll()
you would be better to use save()
for what you are doing here. As long as your save data contains the record's primary key (e.g. User.id
) it will perform an UPDATE
rather than an INSERT
:-
$this->request->data['User']['id'] = $v;
$this->User->save($this->request->data);
save因此,您不需要自己将它们包装在引号中。
save()
will handle all the strings for you so there is no need for wrapping them in quotes yourself.