Question

截至2014年1月20日的代码

<?php
session_start();
// connect to the database
include('connect.php');
$message = $_GET['message'];
// check if the form has been submitted then process it
if (isset($_POST['submit']))
{
// Get data from table
//set the id manually for test purposes
$id = "429";
$forename = mysql_real_escape_string(htmlspecialchars($_POST['forename']));
$surname = mysql_real_escape_string(htmlspecialchars($_POST['surname']));
$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$password = mysql_real_escape_string(htmlspecialchars($_POST['password']));
// check for empty fields and display error message
if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '')
{
$message = "Please enter data in all fields" ;
header("Location: edit.php?message=$message");
}
else
{
// save the data to the table
mysql_query("UPDATE registration SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'")
or die(mysql_error()); 
}
// redirecr and display message
$message = "Your changes have been saved";
header("Location: edit.php?message=$message");
exit;
}
$id=429;// this line could have been $id=$_SESSION['id'];
$result = mysql_query("SELECT * FROM registration WHERE id=$id LIMIT 1")
or die(mysql_error()); 
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from the table
$forename = $row['forename'];
$surname = $row['surname'];
$username = $row['username'];
$email = $row['email'];
$password = $row['password'];
//dummy echo
print $message;
}
?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">

<link rel="stylesheet" href="styles/all.css" />
<link rel="stylesheet" href="styles/forms.css" />

<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script>

<link href='//fonts.googleapis.com/css?family=Cantora+One' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'>

<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />

</head>

<div class="container">

<form action="" method="post" enctype="multipart/form-data" name="edit" id="editrecord">
<fieldset>
<legend><span class="headingreg">Edit Details</span></legend>
<div class="formreg">

<input type="hidden" name="id" value="<?php echo $id; ?>"/>

<br style="clear:left;"/>
<label for="forename">Forename</label><div><input type="text" id="forename" name="forename" class="insetedit" value="<?php echo $forename; ?>"/><br/></div>
<label for="forename">Surname</label><div><input type="text" name="surname" class="insetedit" value="<?php echo $surname; ?>"/><br/></div>
<label for="forename">Username</label><div><input type="text" name="username" class="insetedit" value="<?php echo $username; ?>"/><br/></div>
<label for="forename">Password</label><div><input type="text" name="password" class="insetedit" value="<?php echo $password; ?>"/><br/></div>
<label for="forename">email</label><div><input type="text" name="email" class="insetedit" value="<?php echo $email; ?>"/><br/></div>

<input type="submit" name="submit" class="submit2" value="submit">
</div>
</fieldset>
</form>

<br style="clear:left;"/>
<br style="clear:left;"/>

</body>
</html>

已删除的内容

我正在学习编辑和删除数据库中存储记录的教程。

http://www.falkencreative.com/forum/records/view.php

在教程中，一个页面显示数据库中的记录，另一个页面用于编辑记录：

http://www.falkencreative.com/forum/records/edit.php?id=33004

问题是显示数据库中的所有记录。我需要做哪些更改才能在单个页面上显示和编辑基于指定ID的记录？ e.g。

$ id =“429”;

最终我会使用会话，但出于测试目的，我想手动设置id。

我尝试将代码放在一个页面中，但却遇到了很多错误，例如标题已经发送。

这是edit.php页面，我试图手动设置id。

<?php
/* 
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $forename, $surname, $username, $password, $email, $error)
 {
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
 <title>Edit Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 

 <form action="" method="post">
 <input type="hidden" name="id" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>ID:</strong> <?php echo $id; ?></p>
 <strong>Forename: *</strong> <input type="text" name="forename" value="<?php echo $forename; ?>"/><br/>
 <strong>Surname: *</strong> <input type="text" name="surname" value="<?php echo $surname; ?>"/><br/>
 <strong>Username: *</strong> <input type="text" name="username" value="<?php echo $username; ?>"/><br/>
 <strong>email: *</strong> <input type="text" name="password" value="<?php echo $password; ?>"/><br/>
 <strong>password: *</strong> <input type="text" name="email" value="<?php echo $email; ?>"/><br/>
 <p>* Required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html> 
 <?php
 }


 // connect to the database
 include('connect-db.php');

 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['id']))
 {
 // get form data, making sure it is valid
 $id = "429";
 $forename = mysql_real_escape_string(htmlspecialchars($_POST['forename']));
 $surname = mysql_real_escape_string(htmlspecialchars($_POST['surname']));
 $username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
 $email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
 $password = mysql_real_escape_string(htmlspecialchars($_POST['password']));

 // check that forename/surname fields are both filled in
 if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';

 //error, display form
  renderForm($id, $forename, $surname, $username, $password, $email, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("UPDATE login SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'")
 or die(mysql_error()); 


 // once saved, redirect back to the view page
 header("Location: view.php"); 
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }
 }
 else
 // if the form hasn't been submitted, get the data from the db and display the form
 {

 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
 {
 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM login WHERE id=$id")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);

 // check that the 'id' matches up with a row in the databse
 if($row)
 {

 // get data from db
 $forename = $row['forename'];
 $surname = $row['surname'];
 $username = $row['username'];
 $email = $row['email'];
 $password = $row['password'];

 // show form
 renderForm($id, $forename, $surname, $username, $password, $email, '');
   }
 else
 // if no match, display result
 {
 echo "No results!";
 }
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
?>

view.php页面：

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>View Records</title>
</head>
<body>

<?php
/* 
VIEW.PHP
Displays all data from 'players' table
*/

// connect to the database
include('connect-db.php');

// get results from database
$result = mysql_query("SELECT * FROM login") 
or die(mysql_error());  

// display data in table
echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";

echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>ID</th> <th>Forename</th> <th>Surname</th> <th>Username</th> <th>eMail</th> <th>Password</th></tr>";

// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $result )) {

// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['id'] . '</td>';
echo '<td>' . $row['forename'] . '</td>';
echo '<td>' . $row['surname'] . '</td>';
echo '<td>' . $row['username'] . '</td>';
echo '<td>' . $row['password'] . '</td>';
echo '<td>' . $row['email'] . '</td>';
echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
echo "</tr>"; 
} 

// close table>
echo "</table>";
?>
<p><a href="new.php">Add a new record</a></p>

</body>
</html>

删除功能和错误变量

<?php
include('connect.php');
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data
$id = "429";
$forename = mysql_real_escape_string(htmlspecialchars($_POST['forename']));
$surname = mysql_real_escape_string(htmlspecialchars($_POST['surname']));
$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$password = mysql_real_escape_string(htmlspecialchars($_POST['password']));
// check empty fields
if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '')
{
// generate error message
echo 'ERROR: Please fill in all required fields!';
}
else
{
// save the data to the database
mysql_query("UPDATE registration SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'")
or die(mysql_error()); 
// Redirect
echo "Your changes have been saved";
header("Location: edit.php"); 
}
}
$id=429;// this line could have been $id=$_SESSION['id'];
$result = mysql_query("SELECT * FROM registration WHERE id=$id LIMIT 1")
or die(mysql_error()); 
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$forename = $row['forename'];
$surname = $row['surname'];
$username = $row['username'];
$email = $row['email'];
$password = $row['password'];
//dummy echo
echo 'formatting is messed up';
}
?>

Answer 1

您只需要将$_GET['id']替换为提供ID的代码。

如果您正在使用会话，请将$_GET['id']替换为$_SESSION['id']

来自edit.php文件的代码：

// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
 {
 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM login WHERE id=$id")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);

更改为：

 $id=429;// this line could have been $id=$_SESSION['id'];
 $result = mysql_query("SELECT * FROM login WHERE id=$id LIMIT 1")
    or die(mysql_error()); 
 $row = mysql_fetch_array($result);

当然，为了达到执行该代码的程度，您需要删除条件语句，因为您不再从$_GET获取信息。

我还在查询中添加了LIMIT 1，以便您只返回一条记录;你可能会这样，但如果id没有唯一索引（例如主键），它可能会返回多个记录。

此外，在此示例中，您几乎可以用mysql_替换所有已弃用的mysqli_引用。它不会像mysqli用准备好的语句那样保护你，但它仍然可以工作。

最后，renderForm函数是一个结构不良的函数。每页只能有一个<html>声明，如果多次调用该函数，它将有多个声明。

如何从数据库编辑单个记录？

1 个答案: