Mysql,更新不在数组php的地方
问题描述:
I am trying to update with 0 the rows that is not in the array I get from the xml.
$sus = array();
foreach( $xml->property as $node ) {
$sus[] = $node->suid;
}
$A = "'".implode("','",$sus)."'";
echo $A;
$sth = $dbh->prepare("UPDATE tabla SET alta = 0
WHERE suid NOT IN ($A)");
$sth->execute($sus);
When I echo $A it prints it out correctly like this: '60','62','65','73','74','79','83','90','112','124' However it does not do the update, whats wrong?
我试图用0更新我从xml获取的数组中没有的行。 p >
$ sus = array();
foreach($ xml-> property as $ node){
$ sus [] = $ node-> suid;
} \ n $ A =“'”。implode(“','”,$ sus)。“'”;
echo $ A;
$ sth = $ dbh-> prepare(“UPDATE tabla SET alta = 0 \ nWHERE suid NOT IN($ A)“);
$ sth->执行($ sus);
code> pre>
当我回显$ A时,它会将其打印出来 正确地这样:
'60','62','65','73','74','79','83','90','112','124'
然而它没有 做更新,
whats错了吗? p>
div>
答
You should start by escaping your XML values to avoid SQL injection:
$escapedValues = str_repeat('?,', count($sus) - 1) . '?';
$sth = $db->prepare("UPDATE tabla SET alta = 0 WHERE suid NOT IN ($escapedValues)"
$sth->execute($sus);