更新mysql无法正常工作

时间:2013-12-23 20:45:42

标签: php

嗨,我建立了一个维护个人电脑的网站,如果有人进入我的网站并试图回答他,答案将发送给所有访客,而不仅仅是指定的人,请帮助,下面的代码请帮助我,请参阅以下代码:

<html>
<head>
<meta charset='utf-8'>
</head>
<body >
</body>
</html>
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$con=mysql_connect("localhost","root","root");
// Check connection
if (!$con) 
{
die("can not connect" . mysql_error()); 
}
mysql_select_db('newone') or die("can not find db"); 
if(isset($_GET['edit']))
{
$user_id=$_GET['edit'];
echo "$user_id";
$res=mysql_query("SELECT * FROM newone WHERE user_id='$user_id' ");
}
if(isset($_POST['save']))
{
$sql=mysql_query("UPDATE  newone  set  user_notes ='$user_notes' ,                             user_answer='$user_answer' where user_id='$user_id' ");
$res=mysql_query($sql) or die("count update".mysql_error());
echo "<meta http-equiv=\"REFRESH\"content=\"0;url=justtry2.php\">";
}
echo "<table border='2' heigh='1740' width='1340' bgcolor='C8B478'>
<tr>
<th>الملاحظات</th>
<th>الجواب</th>
<th>المشكله</th>
<th>نوع اخر للعطل</th>
<th>نوع العطل</th>
<th>البريد الاكتروني</th>
<th>موقع اخر</th>
<th>الموقع</th>
<th>الاسم</th>
<th>التاريخ والوقت</th>
<th>الرقم</th>
</tr>";
while($row=mysql_fetch_array($res))
{
echo "<form method='post'  action='justtry2.php'>";
echo "<tr>";
echo "<td> <input type=text  name='user_notes'  ></td>";
echo "<td><input type=text   name='user_answer' > </td>";
echo "<td>" . $row['user_problem'] . "</td>";
echo "<td>" . $row['user_ectt'] . "</td>";
echo "<td>" . $row['user_type'] . "</td>";
echo "<td>" . $row['user_email'] . "</td>";
echo "<td>" . $row['user_ect'] . "</td>";
echo "<td>" . $row['user_location'] . "</td>";
echo "<td>" . $row['user_name'] . "</td>";
echo "<td>" . $row['join_date'] . "</td>";
echo "<td>" . $row['user_id'] . "</td>";
echo  "<td><input type='submit' name='save'  value='save'></td>"; 
echo "</tr>";
echo "</form>";
}
echo "</table>";
?>

2 个答案:

答案 0 :(得分:1)

您的PHP代码从根本上被破坏了:

$sql=mysql_query("UPDATE  newone  set  user_notes ='$user_notes' ,                             user_answer='$user_answer' where user_id='$user_id' ");
$res=mysql_query($sql)

由于您在第一行调用mysql_query(),$sql是QUERY RESULT,而不是实际的查询字符串。您不能使用查询结果句柄来执行其他查询

可能你应该

$sql = "UPDATE blah blah blah";
$result = mysql_query($sql) or die(mysql_error());

代替。

您也可以SQL injection attacks

答案 1 :(得分:0)

您还需要将您的php变量与Post请求相关联。 例如:

$user_answer=$_POST["user_answer"];
相关问题
最新问题