This is the page that uses this code.我有一个php页面,它从包含电子邮件地址的dbms中提取数据。这有效。然后显示电子邮件地址和其他存储的dbms数据。然后,用户可以选择在名为emailselected的php页面中设计的字段中放置“X”。这也有效。我现在想要根据存储的电子邮件地址使用新字段更新dbms,但更新语句不起作用。请帮忙。代码列在这里:
include("db.php");
if (isset($_POST['ssubmit']))
{
$id_save = $test['id'];
$emailselected_save = $_POST['emailselected'];
$email_save = $test['email'];
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
if (!$result) {
die('What?: ' . mysql_error());
}
$num = mysql_affected_rows();
printf("Updated %d rows\n", $num);
echo "<input type='button' value='Email(s) sent' onclick='goBack()' />";
mysql_close($conn);
} else {echo "hello";}
?>
<form method='post'>
<div id='headd'>
<br />
<input type='button' value='Close this window without Sending' onclick='goBack()' />
<input type='submit' name='ssubmit' id='ssubmit' value='Send Email Now!!!' />
<p>Place an "X" in the emails you wish to send!!!</p>
</div>
<br /><br/>
<?php
include("db.php");
$result = mysql_query("SELECT * FROM emails WHERE unsubscribe != 'x' ORDER BY lastname ASC");
while($test = mysql_fetch_array($result))
{
?>
<table border='1' width='78%'>
<tr align=\"left\">
<td width='4%'><font color='black'><input type='text' size='1' id='emailselected' name='emailselected' /></font></td>
<td width='15%'><font color='black'><?php echo $test['lastname']?></font></td>
<td width='15%'><font color='black'><?php echo $test['firstname']?></font></td>
<td width='40%'><font color='black'><?php echo $test['email']?></font></td>
<td width='4%'><font color='black'><?php echo $test['id']?></font></td>
</tr>
</table>
<?php
}
?>
</form>
答案 0 :(得分:0)
错误是:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
应该是:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = '$id_save'");
您的代码容易受到SQL注入攻击。因此您应该过滤数据。但我只想切换到PDO并使用准备好的语句。