PHP搜索和编辑数据库

时间:2013-12-13 17:01:54

标签: php database

我有一个搜索数据库的搜索页面。一旦搜索,它会将结果显示给页面,该页面具有可以编辑条目的表单。然而,当我尝试编辑条目时,它会出现“主题编辑失败”。我看不出我做错了什么。 这是edit.php。 

 if (isset($_POST['submit']))
 {
 //form was submitted

$First_Name = mysql_real_escape_string($_POST["First_Name"]);
$Last_Name = mysql_real_escape_string($_POST["Last_Name"]);


$message = "Your details have been received";

//Database Query
$query  = "UPDATE subjects SET ";
$query .= "First_Name = '{$First_Name}'";
    $query .= "Last_Name = '{$Last_Name}'";

$query .= "LIMIT 1";

$result = mysqli_query($connect, $query);
if($result && mysqli_affected_rows($connect) == 1)
    {
        //Success
        echo "Subject Edited. ";
    }
else
    {
        //failure
        echo "Subject Editing failed. ";
    }
 }

以下是表格:

 <form action="edit.php" method ="post">

 <p>First_Name
 <?php     
 $fquery = $_GET['fquery'];
 $lquery = $_GET['lquery'];
 $fquery = htmlspecialchars($fquery);
 $lquery = htmlspecialchars($lquery);
 $fquery = mysql_real_escape_string($fquery);
 $lquery = mysql_real_escape_string($lquery);
 $raw_results = mysql_query("SELECT * FROM member
 WHERE (`First_Name` = '$fquery') AND (`Last_Name` = '$lquery')") or       die(mysql_error());

 if(mysql_num_rows($raw_results) > 0){
    $string = "";
    while($results = mysql_fetch_array($raw_results)){                 
            $string .= "<p class=\"name\">".$results['First_Name']."  "; 
         } 
    } 
else{ 
    $string = "No results"; 
} 
echo $string; ?>            
 <input type="text" name="First_Name" value ="" />
 </p> 

 <p>Last Name: 
 <?php     
 $fquery = $_GET['fquery'];
 $lquery = $_GET['lquery'];
 $fquery = htmlspecialchars($fquery);
 $lquery = htmlspecialchars($lquery);
 $fquery = mysql_real_escape_string($fquery);
 $lquery = mysql_real_escape_string($lquery);
 $raw_results = mysql_query("SELECT * FROM member
 WHERE (`First_Name` = '$fquery') AND (`Last_Name` = '$lquery')") or die(mysql_error());

 if(mysql_num_rows($raw_results) > 0){
    $string = "";
    while($results = mysql_fetch_array($raw_results)){                 
            $string .= "<p class=\"name\">".$results['Last_Name']." "; 
         } 
    } 
else{ 
    $string = "No results"; 
} 
echo $string; ?>            
 <input type="text" name="Last_Name" value ="" />
 </p>

一旦表单提交,数据库将更新查询。谢谢你的帮助!!

2 个答案:

答案 0 :(得分:0)

您的查询失败,因为您的对帐单上没有合适的分隔符。

见这里

$query  = "UPDATE subjects SET ";
$query .= "First_Name = '{$First_Name}'"; 
    $query .= ",Last_Name = '{$Last_Name}'"; //<---------- Comma added (before last name)

$query .= " LIMIT 1";//<----- Space added before LIMIT

答案 1 :(得分:0)

我想你的查询需要一个逗号和其他空格。现在你的查询看起来像这样:

UPDATE subjects SET First_Name = '{$First_Name}'Last_Name = '{$Last_Name}'LIMIT 1

当你需要它时:

UPDATE subjects SET First_Name = '{$First_Name}', Last_Name = '{$Last_Name}' LIMIT 1

您应该始终检查查询结果并记录错误。在这种情况下,您会被特别告知您的查询中存在语法错误。

你也可能很好地服务器不使用一堆字符串连接来构建你的查询,甚至可能使用参数化的预准备语句。在这种情况下,您可以像这样编写SQL:

$query = <<<EOD
UPDATE subjects
SET First_Name = ?, Last_Name = ?
LIMIT 1
EOD;

这在代码中更具可读性。

相关问题
最新问题