當使用prepared statements和參數,在參數之一NULL值也將被視爲NULL由MySQL服務器。
HTTP參數作爲字符串傳輸。如果沒有給出輸入控件的值,那麼鍵/值對的值將是一個空字符串(!= NULL)。但是你的腳本中仍然可以有像if(emptystring) use NULL
這樣的提示。
例如
<?php
// only for this example; otherwise leave _POST alone....
$_POST['id'] = 1;
$_POST['name'] = '';
$mysqli = new mysqli('localhost', 'localonly', 'localonly', 'test');
if ($mysqli->connect_errno) {
trigger_error(sprintf('mysqli connect error (%d) %s', $mysqli->connect_errno, $mysqli->connect_error), E_USER_ERROR);
die;
}
mysqli_report(MYSQLI_REPORT_STRICT|MYSQLI_REPORT_ALL); // that's all the "error handling" for this example....
setup($mysqli);
// even if the user didn't fill in any value, the parameters should be in the request
// as empty strings
if (!isset($_POST['name'], $_POST['id'])) {
echo 'missing POST paramete';
}
else {
// <-- maybe some plausiblity checks here anyway; e.g. some assumptions about the id you can test, leaving it out as optional for now --->
// decision point: applying trim() to _POST[name] and _then_ consider it NULL or not - you might disagree about the specifics, just an example.
$name = trim($_POST['name']);
if (0===strlen($name)) {
$name = NULL;
}
// <-- actually it would suffice to establish the databse connection here....
$stmt = $mysqli->prepare('UPDATE soFoo set name=? WHERE id=?');
$stmt->bind_param('ss', $name, $_POST['id']);
$stmt->execute();
printTable($mysqli);
}
function printTable($mysqli) {
$result = $mysqli->query('SELECT * FROM soFoo ORDER BY id');
foreach($result as $row) {
var_export($row); echo "\r\n";
}
}
function setup($mysqli) {
$mysqli->query('CREATE TEMPORARY TABLE soFoo (id int, name varchar(32), primary key(id))');
$mysqli->query("INSERT INTO soFoo (id,name) VALUES(1,'oldname1'),(2,'oldname2')");
}
打印
array (
'id' => '1',
'name' => NULL,
)
array (
'id' => '2',
'name' => 'oldname2',
)
我只是寫它基本上是這樣。我知道表單必須具有'action'和'method'屬性 –
而且沒有WHERE子句也是由於「我剛剛寫了基本的」? – VolkerK
@VolkerK現在可以嗎? –