我几乎尝试了所有的东西,但我无法让这个简单的更新查询起作用。
数组显示:
Array ( [pSelect] => 102 [budget] => 44 [submit] => submit )
所以我可以得出结论,它确实获取了ID并从输入字段budget接收了值。
<form action="test.php" method="post" action="test.php">
<select name = 'pSelect' id = 'pSelect'>
<?php
$result = mysql_query
("SELECT ID, Project, Projectnummer, Klant, Budget
FROM tblproject
WHERE Status = '1'
ORDER BY Klant ASC
");
while($row1 = mysql_fetch_array($result))
{
$pID = $row1['ID'];
echo "<option value=\"" . $row1['ID'] . "\"";
if (isset($_POST['pSelect']) && $row1['ID'] == $_POST['pSelect'])
{
echo " selected='selected'";
}
echo ">" . $row1['Klant'] ." ". $row1['Project'] ." ". $row1['Projectnummer'] . "</option>";
echo "<br />";
}
?>
</select>
<input type="text" name="budget" />
<?php
if (isset($_POST['submit']))
{
$ID = $_POST['pSelect'];
$budget = $_POST['budget'];
mysql_query
(" UPDATE tblproject SET Budget = '$budget',WHERE ID = '$ID'");
}
print_r($_POST);
?>
<input type="submit" name="submit" value="submit" />
</form>
答案 0 :(得分:1)
试试这个
mysql_query("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."' ");
答案 1 :(得分:0)
试试这个
UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."'
答案 2 :(得分:0)
如史蒂文所述,Budget = '$budget',
请拜托,请...如果您不打算使用Prepared Statements / Parameterised Queries,您至少可以在查询的所有参数上使用mysql_real_escape_string()函数吗? e.g:
$query = sprintf("
UPDATE tblproject SET
Budget = '%s'
WHERE ID = '%s'",
mysql_real_escape_string($budget),
mysql_real_escape_string($ID));
);
mysql_query($query);
替代方案是在某个时候在您的应用程序中导致SQL注入问题的人。
答案 3 :(得分:0)
试试这个UPDATE查询:
mysql_query ("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."'");