通过mysql在PHP中更新表单

时间:2013-09-02 23:10:28

标签: php html mysql sql forms

我正在构建一个用户可以更新或删除现有联系人的列表。我创建了index.php,它成功地将联系人发送到数据库。 list.php显示从表中的index.php输入的联系人列表。现在,用户应该删除或编辑每个联系人。

不幸的是,我的edit_user.php在点击Edit后返回错误:您的SQL语法中有错误;检查与MySQL服务器版本对应的手册,以便在第1行的''附近使用正确的语法。 另外,当我在list.php中点击Edit时,我希望edit_user.php显示带有预填充联系信息的编辑表单。

我是网络开发的新手。对不起,代码太多了。请帮我发现我的错误。 这是config.php 

<?php

$dbhost = 'mysql51-031.wc2.dfw1.stabletransit.com';
$dbuser = '549359_sargis';
$dbpass = '********';
$dbname = '549359_sargis';
$table  = 'Contacts';

$connection = mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
$select_db = mysql_select_db($dbname,$connection) or die(mysql_error());


?>

这是我的list.php 

<?php
include("config.php");
?>

<html>
<head>
    <title>Contact List</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
                <a href="index.php">Create New Contact</a><hr/>

</head>
<body>
    <?php

    $result = mysql_query("SELECT * FROM Contacts", $connection);
    $num_rows = mysql_num_rows($result);

    if($num_rows > 0)
    {

        echo "<center><h1>Contact List: (Updated)</h1><table border = '1'>";
            echo "<thead>";
                echo "<tr>";
                    echo "<th> Firstname </th>";
                    echo "<th> Lastname </th>";
                    echo "<th> Email </th>";
                    echo "<th> Phone </th>";
                    echo "<th> Date </th>";
                    echo "<th> Action </th>";
                echo "</th>";
            echo "</thead>";

            echo "<tbody>";

            $query = mysql_query("SELECT * FROM Contacts");
            while($record = mysql_fetch_array($query))
            {
                echo "<tr>";
                echo "<td>" . $record['firstname'] . "</td>";
                echo "<td>" . $record['lastname'] . "</td>";
                echo "<td>" . $record['email'] . "</td>";
                echo "<td>" . $record['phone_number'] . "</td>";
                echo "<td>" . $record['timesstamp'] . "</td>";
                echo "<td align='center'>"; ?>
                <a href="edit_user.php"><input type="hidden" name="id" value="<?php echo $id; ?>" />Edit</a>
                <?php echo "| <a href='list.php?action=delete&id=$id'>Delete</a></td>";
                echo "</tr>";
            }

            echo "</table>";
            echo "</center>";
    }
    else
        echo "<center><h4>No contacts found.</h4></center>";

    ?>

</body>
</html>

这是edit_user.php 

<?php
include("config.php");
?>

<html>
<head>
    <title>Edit User</title>
            <link rel="stylesheet" type="text/css" href="style.css" />

</head>


<?php

if(isset($_POST['submit']))
//if (isset($_POST))
{
        $id = intval($_POST['id']);
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $email = $_POST['email'];
        $phonenumber = $_POST['phonenumber'];

            $sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);
            //$sql = "UPDATE Contacts SET firstname='$firstname', lastname='$lastname', email='$email', phone_number='$phonenumber', timesstamp =NOW() WHERE id=$id";
            //print_r($_POST).'<br />';echo $sql;exit;
            $result = mysql_query($sql);

            if($result) 
            {
                header("Location: list.php");
            } 
            else 
            {
                echo "There was a problem with the query: ".mysql_error().".";
            }
}


?>
<body>
            <form action="edit_user.php?id=<?php echo $id;?>" method="POST">
                <div>
                    First name: <input type ='text' id='firstname' name='firstname' value="<?php echo $firstname; ?>"/><br />
                    Last name: <input type = 'text' id='lastname' name='lastname'value="<?php echo $lastname; ?>"/><br />
                    Email: <input type = 'text' id='email' name='email' value="<?php echo $email; ?>"/><br />
                    Phone Number: <input type = 'text' id='phone_number' name='phonenumber' value="<?php echo $phonenumber; ?>"/><br />
                    <input type = 'submit' name = 'submit' value='Update' />
                </div>
            </form>
</body>
</html>

2 个答案:

答案 0 :(得分:0)

通常,此错误是由于无法在SQL语句中转义无效字符而导致的。

但有些事我建议改变。

首先移动

$id = $_POST['id'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$phonenumber = $_POST['phonenumber'];

到AFTER 

if(isset($_POST['submit'])) {

另外,只是为了踢,改变:

$id = $_POST['id'];

为:

$id = intval($_POST['id']);

然后在您的SQL语句中,将其更改为:

$sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);

答案 1 :(得分:0)

您似乎有一个链接编辑:

<a href="edit_user.php?id=<? echo $record['id']; ?>" > Edit </a>

在这种情况下,id是get参数而不是POST参数....

所以在edit_user.php中,它应该是:

$id = $_GET['id'];
相关问题
最新问题