UPDATE查询无效

时间:2013-08-09 11:24:41

标签: php mysql

这是我在页面purchase_form1

上的php代码
<?php
include_once("includes/form_functions.php");
$id = 0;
if (isset($_GET['id']) && ($_GET['id'] != ''))
{
$id = (int)htmlspecialchars($_GET['id']);
}
$query  = "SELECT * from db_purchase_form where id = $id";
$result = mysql_query($query);
$has_data = false;
while($row = mysql_fetch_row($result))
{
    $has_data = true;
    $product_name = $row[1];
    $choice_actor = $row[2];
    $user_name = $row[3];
    $user_email = $row[4];
    $vdo_script = $row[5];
    $hrt_msg = $row[6];
    $portApproval = $row[7];
    $delivery = $row[8];
    $net_price = $row[9];
}
if(isset($_POST['submit']))
{
    if ($has_data == true)
    {
        $sql  = "UPDATE db_purchase_form SET ";
        $sql .= "db_product_name = '" . $product_name . "', ";
        $sql .= "db_actor = '" . $choice_actor . "', ";
        $sql .= "db_user_name = '" . $user_name . "', ";
        $sql .= "db_user_email = '" . $user_email . "', ";
        $sql .= "db_vdo_script = '" . $vdo_script . "', ";
        $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
        $sql .= "db_port_approval = '" . $portApproval . "', ";
        $sql .= "db_delivery = '" . $delivery . "', ";
        $sql .= "db_price = '" . $net_price . "', ";
        $sql .= "db_date_time = NOW() ";
        $sql .= "WHERE id = '{$id}'";
    }
    else
    { // validation for form purchaseform and insert into DB if all is good.

            if(empty($message)) // $,message i used for errors. This line means if all validations above are okay
        {
            $insert = // INSERT INTO MYSQL DB
            $result = mysql_query($insert);
            if($result)
            {
                $lastInsertedId =  mysql_insert_id();
                $timestamp = time();
                      header('Location:purchase_form1_conf.php?'.http_build_query(array('id' => $lastInsertedId,'time' => $timestamp,'hash' => sha1('some-generated-key'.$timestamp.$lastInsertedId))));
            }
            else
            {
                $message = "The data cannot be inserted.";
                $message .= "<br />" . mysql_error();
            }
                    }
页面下方的

是表单

的HTML代码
             <?php  //here i display errors
                        if(!empty($message))
                        {
                            echo "<p style='color:red; font-weight:bold;'>" . $message . "</p>";
                        }
             ?>
                    <form id="PurchaseForm" name="PurchaseForm" method="post" action="purchase_form1.php?id=<?php echo $id;?>"> //this is starting of form.
                   // actual html form, set for fields using php, the form is very long 
                   <input type="submit" name="submit" value="Buy Now" class="button3">
                </form>

现在我将数据发送到purchase_form1_conf.php。 purchase_form1_conf.php是显示页面,它显示表格数据,如果用户点击编辑按钮,他会回到purchase_form1.php。

PHP CODE FOR purchase_form1_conf.php

<?php require_once("includes/connection.php"); ?>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : null;
$time = $_GET['time'];
if($_GET['hash'] != sha1('some-generated-key'.$time.$id))
die('URL was tampered with');
//if(time() - $time > 300)
//die('URL was only valid for 5 minutes');

//}
//if (isset($_GET['id']))
//{
//$lastInsertedId = $_GET['id'];
//}
//$id = $_SESSION['last_id'];
//$query  = "SELECT * FROM db_purchase_form WHERE id=$lastInsertedId";
//$result = mysql_query($query);
//while($row = mysql_fetch_row($result))

if ($id)
{
    $query  = "SELECT * FROM db_purchase_form WHERE id=$id";
    $result = mysql_query($query);
    while($row = mysql_fetch_row($result))
    {
        $product_name = $row[1];
        $choice_actor = $row[2];
        $user_name = $row[3];
        $user_email = $row[4];
        $vdo_script = $row[5];
        $hrt_msg = $row[6];
        $portApproval = $row[7];
        $delivery = $row[8];
        $net_price = $row[9];
    }
}
?>

//现在我显示我从数据库中获取的值AS $ [1],2这样,在这个页面上有两个按钮,一个是编辑按钮,另一个是PAYPAL,但它不是表格,它只是显示从数据库中提取的值的DIV,

编辑按钮的代码

<a href="purchase_form1.php?id=<?php echo $id; ?>" class="button4">Edit</a>

IT请买家购买_form1.php。

现在问题是什么?

当用户在purchase_form1.php页面上时,他会看到一个新表格。这次的网址是, http://site.com/purchase_form1.php

他填写来自,点击提交,如果错误,他会显示错误消息,他会删除错误并再次单击提交然后他将被带到下一页,即purchase_form1_conf.php。 < / p>

下一页的网址是

http://site.com/purchase_form1_conf.php?id=54&time=1376047215&hash=cbaaabbcf8b20de044b9dd105cae60d1f1ab5b92

似乎都很好。

现在当他看到表单并且他想要更改值时,他会在编辑时clikcs,并且他被带到表单页面的早期页面,而url是 http://site.com/purchase_form1.php?id=54

在两个页面中查看id = 54。直到这里看起来都很完美。

现在实际问题, 当他在这个页面上buy_form1.php时,他编辑了表单,点击了提交,URL没有变化,DB也没有更新,没有任何反应。

相反会发生什么?数据库应该更新,用户将再次使用新数据进入下一页。但事实并非如此。

2 个答案:

答案 0 :(得分:2)

我看不到你在执行更新声明的位置。

    $sql  = "UPDATE db_purchase_form SET ";
    $sql .= "db_product_name = '" . $product_name . "', ";
    $sql .= "db_actor = '" . $choice_actor . "', ";
    $sql .= "db_user_name = '" . $user_name . "', ";
    $sql .= "db_user_email = '" . $user_email . "', ";
    $sql .= "db_vdo_script = '" . $vdo_script . "', ";
    $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
    $sql .= "db_port_approval = '" . $portApproval . "', ";
    $sql .= "db_delivery = '" . $delivery . "', ";
    $sql .= "db_price = '" . $net_price . "', ";
    $sql .= "db_date_time = NOW() ";
    $sql .= "WHERE id = '{$id}'";
    **mysqli_query($conexionObj, $sql);**

答案 1 :(得分:0)

改进update语句中where子句的以下代码

     $sql  = "UPDATE db_purchase_form SET ";
    $sql .= "db_product_name = '" . $product_name . "', ";
    $sql .= "db_actor = '" . $choice_actor . "', ";
    $sql .= "db_user_name = '" . $user_name . "', ";
    $sql .= "db_user_email = '" . $user_email . "', ";
    $sql .= "db_vdo_script = '" . $vdo_script . "', ";
    $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
    $sql .= "db_port_approval = '" . $portApproval . "', ";
    $sql .= "db_delivery = '" . $delivery . "', ";
    $sql .= "db_price = '" . $net_price . "', ";
    $sql .= "db_date_time = NOW() ";
    $sql .= "WHERE id = $id ";