updateAll() 与使用 save() 时不同，它不会自动将字符串值括在引号中.你必须自己做这件事.来自 文档:-

updateAll() does not automatically wrap string values in quotes unlike when using save(). You have to do this yourself. From the docs:-

应使用 DboSource::value() 手动引用文字值.

Literal values should be quoted manually using DboSource::value().

您需要在调用 $this->request->data 中的每个字符串值中使用类似数据源的 value() 方法的引号括起来 >updateAll():-

You need to wrap each string value in $this->request->data with quotes using something like the datasource's value() method before calling updateAll():-

$db = $this->getDataSource();
$value = $db->value($value, 'string');

建议不要只是将 $this->request->data 传递给 updateAll() ，因为有人可能会将数据注入您的数据库.而是根据您的请求数据构建一个新的保存数据数组，并根据需要包装字符串.例如:-

It is advisable to not just pass $this->request->data to updateAll() anyway as someone could inject data into your database. Instead build a new array of save data from your request data and wrap strings as appropriate. For example:-

$user=$this->request->data[User]
$data = array(
    'username' => $db->value($user['username'], 'string'),
    'password' => $db->value($user['password'], 'string'),
    'email' => $db->value($user['email'], 'string'),
    'phone' => $db->value($user['phone'], 'string'),
    'address' => $db->value($user['address'], 'string'),
    'location' => $db->value($user['location'], 'string'),
    'pincode' => $db->value($user['pincode'], 'integer')
);
$this->User->updateAll($data, array("User.id" => $v));

更新

作为使用 updateAll() 的替代方法，您***使用 save() 来完成您在此处所做的工作.只要您的保存数据包含记录的主键(eg User.id)，它就会执行 UPDATE 而不是 INSERT:-

As an alternative to using updateAll() you would be better to use save() for what you are doing here. As long as your save data contains the record's primary key (e.g. User.id) it will perform an UPDATE rather than an INSERT:-

$this->request->data['User']['id'] = $v;
$this->User->save($this->request->data);

save() 将为您处理所有字符串，因此您无需自己将它们用引号括起来.

save() will handle all the strings for you so there is no need for wrapping them in quotes yourself.