- This topic is empty.
-
AuthorPosts
-
June 1, 2014 at 7:31 pm #171541PHP Strome the FrontParticipant
I need to update my table which don’t have primary key can you say how do i update using this PDO wrapper class
http://www.imavex.com/php-pdo-wrapper-class/June 1, 2014 at 8:41 pm #171548__Participantprimary keys are for identifying records, so, without a primary key, it is not possible to identify specific records. If you need to, then you should change your DB design so it uses primary keys.
Otherwise, your updates would apply to any records that match your
where
clause. In some cases, this might match the specific record you want; in others, it might match several.If you need a more specific answer, you’ll need to share your DB schema (you can use
show create table your_table_name_goes_here;
)June 1, 2014 at 10:19 pm #171549PHP Strome the FrontParticipantYes it only contains one row not more than that…i want to update that table…Can it be done using that PDO wrapper class?
You know if i use run (in that PDO wrapper class) there is high chance of sql injection, isn’t it?
June 1, 2014 at 11:40 pm #171551__Participantit only contains one row not more than that…i want to update that table…Can it be done using that PDO wrapper class?
If you want to update all records in a table, you can simply leave out the
where
clause. In reading your class, it would appear that you could do (not tested):$db->update( 'table_name',['field_name'=>'new value'],'true' );
if i use
run
…there is high chance of sql injection, isn’t it?Maybe high. Maybe none at all. The risk of injection has to do with the way you provide untrusted (i.e., user-submitted) data, not which functions you use to do it. It’s easier to make a mistake with the
run
method, but it is possible to do in other methods. For example:$db->update( 'table_name',['col'=>'value'],"col2={$_POST['user_input']}" );
Here, using user-supplied data directly in the
$where
argument makes it impossible to safeguard against injection attacks (or, simple errors). If you need to do something like this, you should do:$sanitized_user_input = $db->quote( $_POST['user_input'] ); $db->update( 'table_name',['col'=>'value'],"col2=$sanitized_user_input" );
There’s no single, all-encompassing solution. You must understand where the risk comes from: what it is that actually causes the problem. Never Trust User Input.
June 2, 2014 at 1:20 am #171554PHP Strome the FrontParticipanttraq you are really great you always help with best solution. Thanks infinite times
June 2, 2014 at 11:11 am #171599__Participantno problem, glad I could help.
-
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.