PHP MySQL Update Query无法使用vars

问题描述：

$ID = trim($_GET["uid"]);
$Name = trim($_GET["name"]);

$result = $mysqli->query("UPDATE `Benutzer` SET `R_NAME`='$Name' WHERE `ID` = '$ID'");

The Result returns fine, but the Database is not updated. If I replace the vars with static values the Database IS updated.

答

Follow these steps:

Remove "trim" & use "mysql_escape_string".
Echo Check the values of Name & ID. Once you are getting them then follow up with the 3rd step.
Concatinate the sql string as shown by removing the tild operators:

$result = $mysqli->query("UPDATE Benutzer SET R_NAME ='".$Name."' WHERE ID = '".$ID."'");

答

Use mysqli prepare statement.

$stmt = $mysqli->prepare("UPDATE Benutzer SET R_NAME = ? WHERE ID = ?");
$stmt->bind_param($Name,$ID);
$stmt->execute(); 
$stmt->close();

答

What we pass in the query arguments is a string or we can say query in the form of string. you can change the query like below.

$result = $mysqli->query("UPDATE `Benutzer` SET `R_NAME`='".$Name."' WHERE `ID` = '".$ID."'");