这是我在页面purchase_form1
上的php代码<?php
include_once("includes/form_functions.php");
$id = 0;
if (isset($_GET['id']) && ($_GET['id'] != ''))
{
$id = (int)htmlspecialchars($_GET['id']);
}
$query = "SELECT * from db_purchase_form where id = $id";
$result = mysql_query($query);
$has_data = false;
while($row = mysql_fetch_row($result))
{
$has_data = true;
$product_name = $row[1];
$choice_actor = $row[2];
$user_name = $row[3];
$user_email = $row[4];
$vdo_script = $row[5];
$hrt_msg = $row[6];
$portApproval = $row[7];
$delivery = $row[8];
$net_price = $row[9];
}
if(isset($_POST['submit']))
{
if ($has_data == true)
{
$sql = "UPDATE db_purchase_form SET ";
$sql .= "db_product_name = '" . $product_name . "', ";
$sql .= "db_actor = '" . $choice_actor . "', ";
$sql .= "db_user_name = '" . $user_name . "', ";
$sql .= "db_user_email = '" . $user_email . "', ";
$sql .= "db_vdo_script = '" . $vdo_script . "', ";
$sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
$sql .= "db_port_approval = '" . $portApproval . "', ";
$sql .= "db_delivery = '" . $delivery . "', ";
$sql .= "db_price = '" . $net_price . "', ";
$sql .= "db_date_time = NOW() ";
$sql .= "WHERE id = '{$id}'";
}
else
{ // validation for form purchaseform and insert into DB if all is good.
if(empty($message)) // $,message i used for errors. This line means if all validations above are okay
{
$insert = // INSERT INTO MYSQL DB
$result = mysql_query($insert);
if($result)
{
$lastInsertedId = mysql_insert_id();
$timestamp = time();
header('Location:purchase_form1_conf.php?'.http_build_query(array('id' => $lastInsertedId,'time' => $timestamp,'hash' => sha1('some-generated-key'.$timestamp.$lastInsertedId))));
}
else
{
$message = "The data cannot be inserted.";
$message .= "<br />" . mysql_error();
}
}
页面下方的是表单
的HTML代码 <?php //here i display errors
if(!empty($message))
{
echo "<p style='color:red; font-weight:bold;'>" . $message . "</p>";
}
?>
<form id="PurchaseForm" name="PurchaseForm" method="post" action="purchase_form1.php?id=<?php echo $id;?>"> //this is starting of form.
// actual html form, set for fields using php, the form is very long
<input type="submit" name="submit" value="Buy Now" class="button3">
</form>
现在我将数据发送到purchase_form1_conf.php。 purchase_form1_conf.php是显示页面,它显示表格数据,如果用户点击编辑按钮,他会回到purchase_form1.php。
PHP CODE FOR purchase_form1_conf.php
<?php require_once("includes/connection.php"); ?>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : null;
$time = $_GET['time'];
if($_GET['hash'] != sha1('some-generated-key'.$time.$id))
die('URL was tampered with');
//if(time() - $time > 300)
//die('URL was only valid for 5 minutes');
//}
//if (isset($_GET['id']))
//{
//$lastInsertedId = $_GET['id'];
//}
//$id = $_SESSION['last_id'];
//$query = "SELECT * FROM db_purchase_form WHERE id=$lastInsertedId";
//$result = mysql_query($query);
//while($row = mysql_fetch_row($result))
if ($id)
{
$query = "SELECT * FROM db_purchase_form WHERE id=$id";
$result = mysql_query($query);
while($row = mysql_fetch_row($result))
{
$product_name = $row[1];
$choice_actor = $row[2];
$user_name = $row[3];
$user_email = $row[4];
$vdo_script = $row[5];
$hrt_msg = $row[6];
$portApproval = $row[7];
$delivery = $row[8];
$net_price = $row[9];
}
}
?>
//现在我显示我从数据库中获取的值AS $ [1],2这样,在这个页面上有两个按钮,一个是编辑按钮,另一个是PAYPAL,但它不是表格,它只是显示从数据库中提取的值的DIV,
编辑按钮的代码
<a href="purchase_form1.php?id=<?php echo $id; ?>" class="button4">Edit</a>
IT请买家购买_form1.php。
现在问题是什么?
当用户在purchase_form1.php页面上时,他会看到一个新表格。这次的网址是, http://site.com/purchase_form1.php
他填写来自,点击提交,如果错误,他会显示错误消息,他会删除错误并再次单击提交然后他将被带到下一页,即purchase_form1_conf.php。 < / p>
下一页的网址是
似乎都很好。现在当他看到表单并且他想要更改值时,他会在编辑时clikcs,并且他被带到表单页面的早期页面,而url是 http://site.com/purchase_form1.php?id=54
在两个页面中查看id = 54。直到这里看起来都很完美。
现在实际问题, 当他在这个页面上buy_form1.php时,他编辑了表单,点击了提交,URL没有变化,DB也没有更新,没有任何反应。
相反会发生什么?数据库应该更新,用户将再次使用新数据进入下一页。但事实并非如此。
答案 0 :(得分:2)
我看不到你在执行更新声明的位置。
$sql = "UPDATE db_purchase_form SET ";
$sql .= "db_product_name = '" . $product_name . "', ";
$sql .= "db_actor = '" . $choice_actor . "', ";
$sql .= "db_user_name = '" . $user_name . "', ";
$sql .= "db_user_email = '" . $user_email . "', ";
$sql .= "db_vdo_script = '" . $vdo_script . "', ";
$sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
$sql .= "db_port_approval = '" . $portApproval . "', ";
$sql .= "db_delivery = '" . $delivery . "', ";
$sql .= "db_price = '" . $net_price . "', ";
$sql .= "db_date_time = NOW() ";
$sql .= "WHERE id = '{$id}'";
**mysqli_query($conexionObj, $sql);**
答案 1 :(得分:0)
改进update语句中where子句的以下代码
$sql = "UPDATE db_purchase_form SET ";
$sql .= "db_product_name = '" . $product_name . "', ";
$sql .= "db_actor = '" . $choice_actor . "', ";
$sql .= "db_user_name = '" . $user_name . "', ";
$sql .= "db_user_email = '" . $user_email . "', ";
$sql .= "db_vdo_script = '" . $vdo_script . "', ";
$sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
$sql .= "db_port_approval = '" . $portApproval . "', ";
$sql .= "db_delivery = '" . $delivery . "', ";
$sql .= "db_price = '" . $net_price . "', ";
$sql .= "db_date_time = NOW() ";
$sql .= "WHERE id = $id ";