如果我点击添加链接,我必须在表格中输入数据,当我点击编辑链接时我必须更新现有数据。
$ _ POST在任一条件下接收数据。但根据天气情况,我的查询应该执行EDIT(更新)或添加(插入)。
我很困惑我应该怎么做。
这是代码的一部分。 (目前EDIT也运行插入查询,因为它总是在其他部分进行)
if ($count==0)
{
if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
//if($addval == 1)
{
mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"');
$addval=1;
}
else
//if ($addval == 1)
{
mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
}
header('Location:'.$page);
}
}
完整的代码是
<!DOCTYPE html>
<html>
<head>
<title>List of users</title>
</head>
<body>
<?php
$page='index.php';
$addval=6;
mysql_connect("localhost","root","") or die (mysql_error());
mysql_select_db("list") or die (mysql_error());
if (empty($_POST) === false)
{
$count=0;
$fname= $_POST['fname'];
$lname= $_POST['lname'];
$srno= $_POST['SRNO'];
$address=$_POST['address'];
$comments=$_POST['comments'];
$email=$_POST['email'];
$phone=$_POST['phone'];
if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true)
{
echo '<h3>All fields are mandatory</h3>';
}
else
{
if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
{
echo '<h3>This is not a valid e-mail address.</h3><br />';
$count=$count+1;
}
if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
{
echo '<h3>Name should contain character only!</h3><br />';
$count=$count+1;
}
if( !is_numeric($phone) )
{
echo '<h3>Please enter a valid phone number</h3><br />';
$count=$count+1;
}
if ($count==0)
{
if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
//if($addval == 1)
{
mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"');
$addval=1;
}
else
//if ($addval == 1)
{
mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
}
header('Location:'.$page);
}
}
}
if(isset($_GET['delete']))
{
mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
header('Location:'.$page);
}
if(isset($_GET['edit']))
{
$getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));
echo '<table border=0>';
while ($get_row=mysql_fetch_assoc($getedit))
{
echo '<form method="POST" action="">';
echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
echo '</form>';
}
echo '</table>';
}
if(isset($_GET['add']))
{
echo '<table border=0>';
echo '<form method="POST" action="">';
echo '<tr><td>Sr.No:</td><td><input type="text" name="SRNO" readonly="readonly"></td></tr>';
echo '<tr><td>First Name:</td><td><input type="text" name="fname"></td></tr>';
echo '<tr><td>Last Name:</td><td><input type="text" name="lname"></td></tr>';
echo '<tr><td>Phone No:</td><td><input type="text" name="phone"></td></tr>';
echo '<tr><td>E-mail address:</td><td><input type="text" name="email"</td></tr>';
echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
echo '</form>';
echo '</table>';
}
echo '<a href=index.php?add=add>Add new entry...</a>';
$get=mysql_query('SELECT SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');
if (mysql_num_rows($get)==0)
{
echo 'There are no entries';
}
else
{
echo '<table border=0 cellspacing=25 cellpadding=1>';
echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';
while($get_row=mysql_fetch_assoc($get))
{
echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';
}
echo '</table>';
}
?>
</body>
</html>
答案 0 :(得分:1)
if (mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
是针对数据库检查值的错误方法 请阅读mysql_query()的手册条目,了解实际返回此功能的内容
更不用说你的代码对SQL注入是开放的了
此外,您必须打开错误报告,以获得变量名称中所有拼写错误的通知:
error_reporting(E_ALL);
位于所有脚本的顶部
答案 1 :(得分:-1)
我试图修改代码...希望这个帮助..请尝试
<!DOCTYPE html>
<html>
<head>
<title>List of users</title>
</head>
<body>
<?php
$page='index.php';
$addval=6;
mysql_connect("localhost","root","welcome") or die (mysql_error());
//mysql_select_db("list") or die (mysql_error());
if (empty($_POST) === false)
{
$count=0;
$fname= $_POST['fname'];
$lname= $_POST['lname'];
$srno= $_POST['SRNO'];
$address=$_POST['address'];
$comments=$_POST['comments'];
$email=$_POST['email'];
$phone=$_POST['phone'];
if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true)
{
echo '<h3>All fields are mandatory</h3>';
}
else
{
if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
{
echo '<h3>This is not a valid e-mail address.</h3><br />';
$count=$count+1;
}
if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
{
echo '<h3>Name should contain character only!</h3><br />';
$count=$count+1;
}
if( !is_numeric($phone) )
{
echo '<h3>Please enter a valid phone number</h3><br />';
$count=$count+1;
}
if ($count==0)
{
if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
// condition for update
if(isset($_GET['edit']))
{
mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"');
$addval=1;
}
//condition for add
else if(isset($_GET['add']))
{
mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
}
header('Location:'.$page);
}
}
}
if(isset($_GET['delete']))
{
mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
header('Location:'.$page);
}
if(isset($_GET['edit']))
{
$getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));
echo '<table border=0>';
while ($get_row=mysql_fetch_assoc($getedit))
{
echo '<form method="POST" action="">';
echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
echo '</form>';
}
echo '</table>';
}
if(isset($_GET['add']))
{
echo '<table border=0>';
echo '<form method="POST" action="">';
echo '<tr><td>Sr.No:</td><td><input type="text" name="SRNO" readonly="readonly"></td></tr>';
echo '<tr><td>First Name:</td><td><input type="text" name="fname"></td></tr>';
echo '<tr><td>Last Name:</td><td><input type="text" name="lname"></td></tr>';
echo '<tr><td>Phone No:</td><td><input type="text" name="phone"></td></tr>';
echo '<tr><td>E-mail address:</td><td><input type="text" name="email"</td></tr>';
echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
echo '</form>';
echo '</table>';
}
echo '<a href=index.php?add=add>Add new entry...</a>';
$get=mysql_query('SELECT SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');
if (mysql_num_rows($get)==0)
{
echo 'There are no entries';
}
else
{
echo '<table border=0 cellspacing=25 cellpadding=1>';
echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';
while($get_row=mysql_fetch_assoc($get))
{
echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';
}
echo '</table>';
}
?>