如何更新此表？使用Php / Mysql

Question

“inc / q / prof.php”中的代码：

<?php
// Insert Comments into Database that user provides
$comm = mysql_real_escape_string($_POST['addComment']);

// following line has changed:
$pID4 = filter_var( $_POST['pID'], FILTER_SANITIZE_STRING );

$commentDetail = $_POST['addComment'];
$username = "###";
$password = "###";
$pdo4 = new PDO('mysql:host=localhost;dbname=####', $username, $password);
$pdo4->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sth4 = $pdo4->prepare('
INSERT INTO Comment (info, pID, cID) VALUES(?,?,?) 
SELECT Comm.cID
FROM Professor P, Comment Comm, Course Cou 
WHERE P.pID = Comm.pID
AND Cou.cID = Comm.cID;
'); 
$sth4->execute(array($commentDetail, $pID4, $cID ));


?>

HTML

<form action='inc/q/prof.php' method='post'>
                    <input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
                <input type='hidden' name='pID' value='<?php echo $pID4; ?>'>

                </form>

表格：

仍然收到错误 - 我仍然收到错误：You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Comm.cID FROM Professor P, Comment Comm, Course Cou WHERE P.pID = Comm.p' at line 2\PDOStatement->execute(Array) #1

Answer 1

您可以将它们作为两个隐藏的输入字段传递。您好像已经拥有pID：

<input type="hidden" name="pID" value="<?php echo $pID4 ?>" />

另外，请确保您实际发布了正确的字段和值。将以下内容添加到 prof.php ：

的顶部

print_r($_POST);

我的猜测是你实际上没有为$_POST['pID']

传递任何内容

Answer 2

它与清除URL无关;在echo之后你缺少一个分号，将pID插入到隐藏字段中。所以你只是传递pID一个空值，因为PHP不会执行。此外，您没有任何courseinfoDD输入，因此它当然会在您的新行中输入null。