Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End How do i update the table that doesn't have primary key?

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • June 1, 2014 at 7:31 pm #171541
    PHP Strome the Front
    Participant

    I need to update my table which don’t have primary key can you say how do i update using this PDO wrapper class
    http://www.imavex.com/php-pdo-wrapper-class/

    June 1, 2014 at 8:41 pm #171548
    __
    Participant

    primary keys are for identifying records, so, without a primary key, it is not possible to identify specific records. If you need to, then you should change your DB design so it uses primary keys.

    Otherwise, your updates would apply to any records that match your where clause. In some cases, this might match the specific record you want; in others, it might match several.

    If you need a more specific answer, you’ll need to share your DB schema (you can use show create table your_table_name_goes_here;)

    June 1, 2014 at 10:19 pm #171549
    PHP Strome the Front
    Participant

    Yes it only contains one row not more than that…i want to update that table…Can it be done using that PDO wrapper class?

    You know if i use run (in that PDO wrapper class) there is high chance of sql injection, isn’t it?

    June 1, 2014 at 11:40 pm #171551
    __
    Participant

    it only contains one row not more than that…i want to update that table…Can it be done using that PDO wrapper class?

    If you want to update all records in a table, you can simply leave out the where clause. In reading your class, it would appear that you could do (not tested):

    $db->update( 'table_name',['field_name'=>'new value'],'true' );

    if i use run …there is high chance of sql injection, isn’t it?

    Maybe high. Maybe none at all. The risk of injection has to do with the way you provide untrusted (i.e., user-submitted) data, not which functions you use to do it. It’s easier to make a mistake with the run method, but it is possible to do in other methods. For example:

    $db->update( 'table_name',['col'=>'value'],"col2={$_POST['user_input']}" );

    Here, using user-supplied data directly in the $where argument makes it impossible to safeguard against injection attacks (or, simple errors). If you need to do something like this, you should do:

    $sanitized_user_input = $db->quote( $_POST['user_input'] );
$db->update( 'table_name',['col'=>'value'],"col2=$sanitized_user_input" );

    There’s no single, all-encompassing solution. You must understand where the risk comes from: what it is that actually causes the problem. Never Trust User Input.

    June 2, 2014 at 1:20 am #171554
    PHP Strome the Front
    Participant

    traq you are really great you always help with best solution. Thanks infinite times

    June 2, 2014 at 11:11 am #171599
    __
    Participant

    no problem, glad I could help.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • The forum ‘Back End’ is closed to new topics and replies.