我几乎没有编程经验并尝试过第一个项目,我对如何更新数据库感到困惑,所以我点击编辑并将正确的记录加载到编辑屏幕update.php
当我点击更新时,我收到来自updated.php的消息,说数据库已经更新,但数据库没有更新,当我显示它们与更新前的记录相同时,提前感谢你所有的帮助。
以下代码:
update.php
$objConnect = mysql_connect("localhost","username","password") or die(mysql_error());
$objDB = mysql_select_db("teldirdb");
$id = $_GET['id'];
$strSQL = "SELECT * FROM teldir where id = '$id' ";
$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
$objResult = mysql_fetch_array($objQuery)
?>
<form id="FormName" action="updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">
<tr>
<td width="150" align="right"><label for="fname">fname</label></td>
<td><input name="fname" maxlength="30" type="text" value="<?=$objResult["fname"];?>"> </td>
</tr>
<tr>
<td width="150" align="right"><label for="lname">lname</label></td>
<td><input name="lname" maxlength="30" type="text" value=" <?=$objResult["lname"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="tel">tel</label></td>
<td><input name="tel" maxlength="15" type="text" value="<?=$objResult["tel"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="adress1">adress1</label></td>
<td><input name="adress1" maxlength="30" type="text" value="<?=$objResult["adress1"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="adress2">adress2</label></td>
<td><input name="adress2" maxlength="30" type="text" value="<?=$objResult["adress2"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="pcode">pcode</label></td>
<td><input name="pcode" maxlength="8" type="text" value="<?=$objResult["pcode"];?>"> </td>
</tr>
<tr>
<td width="150" align="right"><label for="email">email</label></td>
<td><input name="email" maxlength="30" type="text" value="<?=$objResult["email"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="lastcontactdate">lastcontactdate</label></td>
<td><input name="lastcontactdate" maxlength="30" type="text" value="<?=$objResult["lastcontactdate"];?>"></td>
</tr>
<tr>
<td colspan="2" align="center"><input name="" type="submit" value="Update"></td>
</tr>
</table>
</form>
updated.php
<?php
header('Refresh: 5; URL=view11.php');
$objConnect = mysql_connect("localhost","root","2fudge") or die(mysql_error());
$objDB = mysql_select_db("teldirdb");
$id = $_REQUEST['id'];
$fname = trim(mysql_real_escape_string($_POST["fname"]));
$lname = trim(mysql_real_escape_string($_POST["lname"]));
$tel = trim(mysql_real_escape_string($_POST["tel"]));
$adress1 = trim(mysql_real_escape_string($_POST["adress1"]));
$adress2 = trim(mysql_real_escape_string($_POST["adress2"]));
$pcode = trim(mysql_real_escape_string($_POST["pcode"]));
$email = trim(mysql_real_escape_string($_POST["email"]));
$lastcontactdate = trim(mysql_real_escape_string($_POST["lastcontactdate"]));
$rsUpdate = mysql_query("UPDATE teldir
SET fname = '$fname', lname = '$lname', tel = '$tel', adress1 = '$adress1', adress2 = '$adress2', pcode = '$pcode', email = '$email', lastcontactdate = '$lastcontactdate'
WHERE id = '$id' ");
if($rsUpdate) { echo "Successfully updated"; } else { die('Invalid query: '.mysql_error()); }
答案 0 :(得分:0)
您的表单不会发送id参数。尝试在表单中添加以下行:
<input type="hidden" name="id" value="<?= $id ?>" />
或者,改变
<form id="FormName" action="updated.php" ...
到
<form id="FormName" action="updated.php?id=<?= $id ?>" ...
截至目前,您的查询评估为
(...) WHERE id=''
这是一个有效的SQL查询(因此没有出现错误)但没有实现(更具体地说,更改了没有设置id的行中的数据)
答案 1 :(得分:0)
您的问题是,表单中没有字段id
,因此$_REQUEST['id']
中没有updated.php
,导致查询
UPDATE teldir ... WHERE id = ''
在表单中添加一个带有id的隐藏字段:
<input name="id" type="hidden" value="<?=$objResult["id"];?>
然后等待被黑客攻击......; - )
说真的,查看昆汀的评论。
答案 2 :(得分:0)
您确定自己获得了$ id的价值吗? 对于$ id,你使用的是$ _REQUEST ['id'],但是我没有看到你在任何地方保存/传递id值,例如你可以添加一个隐藏的字段来保存查询的id然后获得该值使用$ _POST。
答案 3 :(得分:0)
$_GET['id']
。您可以使用为mysqli和PDO提供的预准备语句。在折旧http://www.php.net/manual/en/intro.mysql.php 答案 4 :(得分:0)
<?php
$objConnect = mysql_connect("localhost","username","password") or die(mysql_error());
$objDB = mysql_select_db("teldirdb");
$id = $_GET['id'];
$strSQL = "SELECT * FROM teldir where id = ".$id." ";
$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
?>
<form id="FormName" action="updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">
<?php
while($objResult = mysql_fetch_array($objQuery)) {
?>
<tr><td><input type="hidden" name="id" value="<?=$objResult['id'];?>"></td></tr>
<tr>
<td width="150" align="right"><label for="fname">fname</label></td>
<td><input name="fname" maxlength="30" type="text" value="<?=$objResult["fname"];?>"> </td>
</tr>
<tr>
<td width="150" align="right"><label for="lname">lname</label></td>
<td><input name="lname" maxlength="30" type="text" value="<?=$objResult["lname"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="tel">tel</label></td>
<td><input name="tel" maxlength="15" type="text" value="<?=$objResult["tel"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="adress1">adress1</label></td>
<td><input name="adress1" maxlength="30" type="text" value="<?=$objResult["adress1"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="adress2">adress2</label></td>
<td><input name="adress2" maxlength="30" type="text" value="<?=$objResult["adress2"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="pcode">pcode</label></td>
<td><input name="pcode" maxlength="8" type="text" value="<?=$objResult["pcode"];?>"> </td>
</tr>
<tr>
<td width="150" align="right"><label for="email">email</label></td>
<td><input name="email" maxlength="30" type="text" value="<?=$objResult["email"];?>"></td>
</tr>
<tr>
<td width="150" align="right"><label for="lastcontactdate">lastcontactdate</label></td>
<td><input name="lastcontactdate" maxlength="30" type="text" value="<?=$objResult["lastcontactdate"];?>"></td>
</tr>
<?php } ?>
<tr>
<td colspan="2" align="center"><input name="" type="submit" value="Update"></td>
</tr>
</table>
</form>
<强> UPDATE.PHP 强>
<?php
header('Refresh: 5; URL=view11.php');
$objConnect = mysql_connect("localhost","root","2fudge") or die(mysql_error());
$objDB = mysql_select_db("teldirdb");
$id = $_REQUEST['id'];
$fname = trim(mysql_real_escape_string($_POST["fname"]));
$lname = trim(mysql_real_escape_string($_POST["lname"]));
$tel = trim(mysql_real_escape_string($_POST["tel"]));
$adress1 = trim(mysql_real_escape_string($_POST["adress1"]));
$adress2 = trim(mysql_real_escape_string($_POST["adress2"]));
$pcode = trim(mysql_real_escape_string($_POST["pcode"]));
$email = trim(mysql_real_escape_string($_POST["email"]));
$lastcontactdate = trim(mysql_real_escape_string($_POST["lastcontactdate"]));
$rsUpdate = mysql_query("UPDATE teldir SET fname = '".$fname."',
lname = '".$lname."',
tel = ".$tel.",
adress1 = '".$adress1."',
adress2 = '".$adress2."',
pcode = ".$pcode.",
email = '".$email."',
lastcontactdate = '".$lastcontactdate."' WHERE id = ".$id." ");
if($rsUpdate) {
echo "Successfully updated";
} else {
die('Invalid query: '.mysql_error());
}