php mysql使用输入选项查询多个更新行

时间:2013-02-18 18:42:33

标签: php mysql rows option 

        <form method="post" action="">
        &nbsp;  &nbsp;<input id="bfolder" name="movefolder" type="submit" value="Move to folder:"><br><br>
        </form>

      $userfile = $user_data['username'];


      $sql2 = mysql_query("SELECT `id`, `username`, LEFT(`title`, 15) as `title`, LEFT(`description`, 40) as `description`, `folder_name`, `file`, `code`, `type`, `size`, `date` FROM `files` WHERE `username` = '$userfile' AND `folder_name` = '' ORDER BY id DESC $limit"); 


        while ($query_row = mysql_fetch_array($sql2)) {
            $fileuser = $query_row['username'];
            $filetitle = $query_row['title'];
            $filecode = $query_row['code'];
            $filedesc = $query_row['description'];
            $filefile = $query_row['file'];
            $filesize = $query_row['size'];
            $filedate = $query_row['date'];
            $filetype = $query_row['type'];

        if (in_array($filetype, $allowed_image) === true) {
        if (empty($filetype) === false) {
            if (strlen($filetitle) < 15) {
                    echo "<div id='imageshowsearch'><span id='linkstylerename'><a href='http://localhost/edu/1111111111111/filerename.php?rename=". $filecode . "'>Edit</a></span><span id='deletefile'><a href='http://localhost/edu/1111111111111/delete_image.php?deletefile=". $filecode . "'>X</a></span><div id='linkstyle'><strong><a href='http://localhost/edu/1111111111111/userdownload.php?code=". $filecode . " '><img src='files/thumbs/" . $filecode . "/" . $filefile . "' alt=" . $filetitle . ">" . $filetitle . "</strong></div></a>";
                    ?>
        <select name="folder_option" class="select_folder">
        <option>Choose a folder:</option>
    <?php  
    $mysql_folder = mysql_query("SELECT `folder_name`, `code` FROM `files` WHERE `username` = '$userfile' AND `folder_name` > '' GROUP BY `folder_name` ORDER BY `folder_name` ASC"); 

    while ($query_row = mysql_fetch_array($mysql_folder)) {
            $filefolder = $query_row['folder_name'];
            $filecode = $query_row['code'];
            echo '<option value="' . $filecode . '">' . $filefolder . '</option>';
            }

            if (isset($_POST['movefolder'])) {
                foreach ($query_row as $key) {
                mysql_query("UPDATE `files` SET `folder_name` = " . $_POST['folder_name'] . " WHERE `username` = '$userfile' AND `code` = '$filecode'");

               //these query not update selected 'folder_name' in database for each file 
                }
            }


    ?>
        </select>

在一个页面中,我有10张带有名称的图片,并选择选项从while循环中的mysql数据库创建'folder_name'。我必须用选定的选项'folder_name'更新mysql数据库。这些图片没有文件夹名称,但必须有这些选项才能选择文件夹并更新数据库中的数据。

1 个答案:

答案 0 :(得分:1)

如果您想引用<select name="folder_option" class="select_folder">,则需要将<select name="folder_name" class="select_folder">更改为$_POST['folder_name']

更重要的是,您的SQL容易受到XSS攻击。在引用SQL中的任何值之前,您绝对需要清除$_POSTmysql_*函数都已被弃用。我建议您立即使用PDO

相关问题
最新问题