Question

我有一个MYSQL表，每行都有编辑链接和删除按钮。编辑链接转到具有表单的edit_movie.php。我的问题是表单没有显示任何要更新/编辑的数据。如何从单击的行中获取id或者要写入哪些函数来获取它。表单只是空白，没有填写任何字段。

有人可以帮忙，我会非常开心！现在已经和这个问题待了3天而且无法让它发挥作用。我是PHP初学者......

我知道我正在使用过时的mysql函数，我需要修改SQL注入，一旦我开始工作，我就会这样做。

表格信息：

表1名称：电影
字段：id（主键，AI），title，release_year，genre_id，director

表2名称：类别
字段：genre_id（主键，AI），流派

他们在genre_id之间有外来关系。

这是index.php文件中的代码

    <?php

require('movie.inc.php');

if ( isset($_GET['delete']) && isset($_GET['id']) ){
   if ( delete_movie_by_id($_GET['id']) ){ //it's 100% safe
       die('Movie has been removed. Refresh the page now'); // or the like
   } else {
      echo 'Sorry movie could not be deleted'; // could not - handle here
   }
}
    include 'add_movie.php';
?>
<!DOCTYPE html>
<html>
<head>

<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />

</head>
<body>

<table>
 <tr>
  <th>Title</th>
  <th>Release year</th>
  <th>Genre</th><th>Director</th>
  <th>Update</th>
  <th>Delete</th>
 </tr>

  <?php  foreach (get_all_movies() as $index => $row) : ?>
   <tr>
     <td><?php echo $row['title'];?></td>
     <td><?php echo $row['release_year']; ?></td>
     <td><?php echo $row['genre'];?></td>
     <td><?php echo $row['director'];?></td>
     <td><a href='<?php printf('edit_movie.php?edit=%s', $row['id']);?>'>Edit</a></td>
     <td>
      <form action="index.php" method="GET">
              <input type="hidden" name="delete" value="yes" />
              <input type="hidden" name="id" value="<?php echo $row['id'];?>" /> 
              <input type="submit" value="Delete" />
      </form>
      </td>
    </tr>
    <?php endforeach; ?>
    </table>

</body>
</html>

以下是edit_movie.php代码：

 <?php

    require 'connect.inc.php';
    require_once('movie.inc.php');

    ?>

    <!DOCTYPE html>

    <html>

    <head>

    <title>My movie library</title>
    <meta charset="utf-8" />
    <link rel="stylesheet" href="mall.css" />

    </head>

    <body>

    <h1>Edit movie</h1>
    <div id="form_column">
    <form action="edit_movie.php" method="post">
    <input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
    Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
    Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
    Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
    Select genre:
    <br>
    <br> <input type="radio" name="genre_id" value="1" checked />Action<br>
    <br> <input type="radio" name="genre_id" value="2" />Comedy<br>
    <br> <input type="radio" name="genre_id" value="3" />Drama<br>
    <br> <input type="radio" name="genre_id" value="4" />Horror<br>
    <br> <input type="radio" name="genre_id" value="5" />Romance<br>
    <br> <input type="radio" name="genre_id" value="6" />Thriller<br><br>
    <input type="submit" value="Update movie" />
    </form>
    </div>



    </body>

    </html>

这是movie.inc.php文件

<?php

require_once('connect.inc.php');


function get_all_movies(){

   $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";

   $result = mysql_query($query);

   if ( ! $result ){ 
     return false;
   } else {
     $return = array();

     while ($row = mysql_fetch_assoc($result)){

        $return[] = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
     }
       return $return;
   }
}


function delete_movie_by_id($id){
   return mysql_unbuffered_query(sprintf("DELETE FROM `movies` WHERE id='%s' LIMIT 1", mysql_real_escape_string($id)));
}

if ( isset($_POST['delete'], $_POST['id']) ){

   delete_movie_by_id($_POST['id']); 
}


?>

Answer 1

在edit_movie.php中，看起来你实际上看不到电影通过视图的形式。您需要movie.inc.php：

中需要这样的内容

function get_movie_to_edit($id) {

     $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id WHERE id = $id";

     $result = mysql_query($query);

     if ( ! $result ){ 
         return false;
     } else {

         while ($row = mysql_fetch_assoc($result)){

                $return = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
         }
             return $return;
     }
}

然后在edit_movie.php中你需要调用这个函数。有点像...

if(isset($_GET['edit'])) {
    $movie = get_movie_to_edit($_GET['edit']);
}

当然，正如您所提到的，您需要清理大量代码以防止注入，并检查一个场景，例如，您到达edit_movie.php并且ID ro编辑不存在，但这是基本要点。

然后，您还可以在edit_movie.php中修改表单中的值以反映新数组：

<form action="edit_movie.php" method="post">
<input type="hidden" name="id" value="<?php echo $movie['id']; ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php echo $movie['title']; ?>" /> <br>
.... the rest of your form inputs
</form>

<强>更新对于流派单选按钮...

<input type="radio" name="genre_id" value="1"<?php if($movie['genre'] == 1) { echo ' checked'; } ?> />Action<br>
<input type="radio" name="genre_id" value="2"<?php if($movie['genre'] == 2) { echo ' checked'; } ?> />Comedy<br>
.... and so on

按ID获取MYSQL行并在表单中编辑和更新？

1 个答案: