编辑了数据库中的所有条目[php]

时间:2014-01-12 11:37:48

标签: php mysql database

我在编辑数据库中的数据时遇到问题。我只想编辑一个条目,但在单击编辑后,它显示我的数据库中的所有数据都已编辑。

eventlist.php

<?php

$con=mysqli_connect("localhost","root","root","chess");

$result = mysqli_query($con,"select * from events");

//echo "<a href='dashboard.php'>Home</a><br>";
echo "<table border=1 id='hor-minimalist-a' width='100%'>";
echo "<tr align='center'><td><b>Date</b></td><td><b>Event</b></td><td><b>Special Note</b></td><td colspan='2'>Options</td></tr>";

$a=0;
while($row = mysqli_fetch_array($result))
  {
  if($a%2==0){
    echo "<tr bgcolor='#b2d5ff' width='100'>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"  
  . "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}
else{
    echo "<tr>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"  
  . "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}

$a++;


}
echo '</table>';
echo "<center><a href='addevent.php'><button type='submit' class='button'>Add New</button></a></center>";


?>


editevent.php

<?php

while($row = mysqli_fetch_array($result))
{
    echo "ID: <input type='text' name='id' value='$row[id]'><br/>";
    echo "Date: <input type='text' name='date' value='$row[date]'><br/>";
    echo "Event: <textarea type='text' name='event'>".$row['event']."</textarea><br/>";
    echo "Note: <input type='text' name='note' value='$row[note]'><br/>";
}
?>


updateevent.php

<?php

$id = $_POST['id'];
$date = $_POST['date'];
$event = $_POST['event'];
$note = $_POST['note'];

$con = mysqli_connect("localhost","root","root","chess");
mysqli_query($con,"update events set date='$date', event='$event', note='$note' where id = id");

header('location: eventlist.php');

?>

1 个答案:

答案 0 :(得分:2)

"update events set date='$date', event='$event', note='$note' where id = id"

where id = id对所有行都适用,因此所有行都会更新。你可能想写where id = $id

另请注意,您的查询对SQL注入是开放的。请改用预备语句。