我正在尝试制作一个使用下拉列表,单选按钮,文本字段,文本区域和隐藏值(时间)的表单,然后从该表单中获取该信息并更新SQL数据库。
我的表单在下面,它都正确加载,但我有更新值的问题,并试图找出如何使单选按钮和下拉列表工作,因为我不能使值PHP代码,需要通过价值。我在网上找到的所有内容都是如何进行用户输入内容的文本字段。
当我选择更新时,它只提交数据但没有任何变化。在我的update.php上,我在最后有一个sanitize函数,我不确定如何传递变量。我是否创建了一个名为$ var的数组并将所有变量输入其中或一次传递每个变量?
我一直在网上搜索“如何”,目前我正在阅读两本书,但他们没有详细介绍,所以感谢您的帮助。
control.php
<?php
session_start();
if( !isset($_SESSION['myusername']) ){ header("Location: login.php"); }
?>
<?php
require("../../system/templates/includes/constants.php");
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if(!$connection) { die("Database connection failed: " .mysql_error()); }
$db_select = mysql_select_db(DB_NAME,$connection);
if(!$db_select) { die("Database selection failed: " . mysql_error()); }
?>
<form method="post" action="update.php">
<select name="name" required="true" value="<?php echo $row['name']; ?>">
<?php
$query="SELECT id, name FROM modules";
$result=mysql_query($query);
while ($row=mysql_fetch_array($result)) {
echo "<option value=\"" . $row['id'] . "\">" . $row['name'] . "</option>";
}
?>
</select>
<br />
Select Status:
Red <input type="radio" value="red" name="status" />
Yellow <input type="radio" value="yellow" name="status" />
Green <input type="radio" checked="checked" value="green" name="status" />
<br />
Reason:
<br />
<select name="reason" required="true">
<option value="0" selected="selected" value="">Select Reason</option>
<option value="ONLINE">Online</option>
<option value="MAINTENANCE">Maintenance</option>
<option value="ERROR">Error</option>
<option value="OFFLINE">Offline</option>
<option value="">No Reason</option>
</select>
<br />
ETA:
<br />
<input type="text" name="eta" value="<?php echo $row['eta']; ?>" maxlength="8" />
<br />
Description:
<br />
<textarea rows="5" cols="30" name="explanation" wrap="hard" required="true" maxlength="320" value="<?php echo $row['description']; ?>" /></textarea>
<br />
<div align="right">
<input name="update" type="submit" value="Update"/>
<input type="hidden" name="last_updated" value="<?php $mysqldate = date ('H:i'); $phpdate = strtotime ( $mysqldate );?> />
</form>
update.php
<?php
print_r(_POST);
if(isset($POST['update']))
{
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if(! $connection)
{
die('Could not connect: ' .mysql_error());
}
$name = $POST['name'];
$status = $POST['status'];
$reason = $POST['reason'];
$eta = $POST['eta'];
$description = $POST['description'];
$last_updated = $POST['last_updated'];
$updated_by = $POST['updated_by'];
$sql = "UPDATE module SET status = $status , reason = $reason , eta = $eta , description = $description , last_updated = $last_updated , updated_by = $updated_by WHERE name = $name";
mysql_select_db('status');
$retval = mysql_query ( $sql, $connection);
if (!retval)
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully";
mysql_close($connection);
} else {
// not sure what to do here
}
function sanitizeString($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = satnizeString($var);
return $var;
}
header("Location: control.php");
?>
一如既往,我非常感谢任何人都可以提供帮助。我还处于学习这个阶段的早期阶段,这个网站和社区对我的帮助远远超过我迄今为止阅读的任何书籍/教程。
答案 0 :(得分:0)
您的SQL语句需要每个参数的引号。
$sql = "UPDATE module SET status = '$status' , reason = '$reason' , eta = '$eta' , description = '$description' , last_updated = '$last_updated' , updated_by = '$updated_by' WHERE name = '$name' ";
对于sanitizeString()函数,它一次只需要一个字符串。也许像下面这样的东西可能简单而干净:
$params = array($name, $status, $reason); // put all your params in here
foreach ($params as &$p) { // the '&' before $p is essential, so do not forget it
$p = sanitizeString($p);
}
希望它有所帮助。