1. 首頁
  2. 問答
  3. 將MySQL整數IN參數轉換爲0

將MySQL整數IN參數轉換爲0

2012-06-04 63 views
-1

我有一個MySQL存儲例程,它具有INTEGER類型的IN參數(IN p_user_id INTEGER)。如果用戶正在創建新用戶,那麼我將p_user_id作爲「'傳遞,否則如果用戶正在更新用戶,則傳遞正在編輯的用戶的user_id。我的問題是,當p_user_id進來時,它被轉換爲0.在PHP將值發送給MySQL(並且值爲'')之前,我已經將用戶標識轉移出來並將其轉出在MySQL例程開始時,p_user_id現在爲0.我可以得到一些關於如何處理這個問題的見解,這樣我可以讓p_user_id IN參數爲NULL。提前致謝!將MySQL整數IN參數轉換爲0

PHP代碼:

<?php 
session_start(); 

$functionCalled = $_GET['function']; 

function userMaintMerge() 
{ 
    $userMaintUserId = $_GET['userMaintUserId']; 
    $userMaintStep = $_GET['userMaintStep']; 
    $userMaintFirstName = $_GET['userMaintFirstName']; 
    $userMaintMI = $_GET['userMaintMI']; 
    $userMaintLastName = $_GET['userMaintLastName']; 
    $userMaintUserType = $_GET['userMaintUserType']; 
    $userMaintSchoolId = $_GET['userMaintSchoolId']; 
    $userMaintGrade = $_GET['userMaintGrade']; 
    $userMaintLogin = $_GET['userMaintLogin']; 
    $userMaintLogin = $_GET['userMaintPassword1']; 

    $mysqli = new mysqli($_SESSION['dbaddress'],$_SESSION['user'],$_SESSION['dbpword'],$_SESSION['database']); 
    if ($mysqli->connect_errno) 
    { 
     echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; 
    } 
    if (!$SelectUser = $mysqli->query("call MergeUser('$userMaintUserId','$userMaintStep','$userMaintFirstName','$userMaintMI','$userMaintLastName','$userMaintUserType','$userMaintSchoolId','$userMaintGrade','$userMaintLogin','$userMaintPassword1',@error)")) 
    { 
     echo "CALL failed: (" . $mysqli->errno . ") " . $mysqli->error; 
    } 
} 
?>

MySQL的存儲程序:

CREATE DEFINER=`root`@`localhost` PROCEDURE `MergeUser`(IN p_user_id  INTEGER 
,IN p_step   VARCHAR(10) 
,IN p_first_name VARCHAR(100) 
,IN p_mi   VARCHAR(5) 
,IN p_last_name VARCHAR(100) 
,IN p_user_type INTEGER 
,IN p_school_id VARCHAR(25) 
,IN p_grade  VARCHAR(2) 
,IN p_login  VARCHAR(25) 
,IN p_password  VARCHAR(25) 
,OUT p_error  VARCHAR(1) 
) 
BEGIN 

    insert into rjh_log values ('',p_user_id,sysdate()); 

    IF p_step = 'add' THEN 

     INSERT INTO USERS 
        (USER_ID 
        , LOGIN 
        , FIRST_NAME 
        , MI 
        , LAST_NAME 
        , USER_TYPE_ID 
        , GRADE 
        , SCHOOL_ID 
        , PASSWORD 
        , ACTIVE_FLAG 
        ) 
      VALUES (NULL 
        , p_login 
        , p_first_name 
        , p_mi 
        , p_last_name 
        , p_user_type 
        , p_grade 
        , p_school_id 
        , p_password 
        , 'Y' 
        ) ; 

    ELSE 

     UPDATE USERS 
      SET LOGIN = p_login 
      , FIRST_NAME = p_first_name 
      , MI = p_mi 
      , LAST_NAME = p_last_name 
      , USER_TYPE_ID = p_user_type 
      , GRADE = p_grade 
      , SCHOOL_ID = p_school_id 
      , PASSWORD = p_school_id 
     WHERE USER_ID = p_user_id; 

    END IF; 

END

來源

2012-06-04 Ryan

+0

發佈您的代碼。某處,該字符串被轉換爲一個int值,任何不以數值開頭的字符串都將轉換爲0. –

+0

@Michael我編輯了包含代碼的問題。 – Ryan

+0

你不是逃避你的查詢參數;考慮使用準備好的語句或正確的轉義來避免sql注入漏洞 –

回答

0 
$userMaintUserId = ($_GET['userMaintUserId'] == "" ? "NULL" : $_GET['userMaintUserId']); 
$userMaintStep = ($_GET['userMaintStep'] == "" ? "NULL" : $_GET['userMaintStep']); 
$userMaintFirstName = ($_GET['userMaintFirstName'] == "" ? "NULL" : $_GET['userMaintFirstName']); 
$userMaintMI = ($_GET['userMaintMI'] == "" ? "NULL" : $_GET['userMaintMI']); 
$userMaintLastName = ($_GET['userMaintLastName'] == "" ? "NULL" : $_GET['userMaintLastName']); 
$userMaintUserType = ($_GET['userMaintUserType'] == "" ? "NULL" : $_GET['userMaintUserType']); 
$userMaintSchoolId = ($_GET['userMaintSchoolId'] == "" ? "NULL" : $_GET['userMaintSchoolId']); 
$userMaintGrade = ($_GET['userMaintGrade'] == "" ? "NULL" : $_GET['userMaintGrade']); 
$userMaintLogin = ($_GET['userMaintLogin'] == "" ? "NULL" : $_GET['userMaintLogin']); 
$userMaintLogin = ($_GET['userMaintPassword1'] == "" ? "NULL" : $_GET['userMaintPassword1']);

來源

2012-06-04 02:19:55 Sebas

相關問題

 相關問題