我的表没有更新

时间:2014-01-17 15:22:11

标签: php mysql

我的表没有更新,MySql没有给出错误,任何人都可以帮我查找错误吗?这是我的代码:

<?php
$con = mysql_connect('localhost','root','','add');

if(mysqli_connect_errno()){
    echo "Cannot connect to MySql: " . mysqli_connect_error();
    }
$bd1 = $_POST['bd1'];
$bd2 = $_POST['bd2'];
$bd3 = $_POST['bd3'];
$bd = $bd1 . '-' . $bd2 . '-' . $bd3;
$a = ($_FILES["photo"]["name"]);
    $query = "UPDATE add.tblmembers SET
    firstName='" . $_POST['fname'] . "',lastName='" . $_POST['lname'] . "',middleName='" . $_POST['shadow'] . "',birthday=" . $bd . ",motherChapter='" . $_POST['pob'] . "',address='" . $_POST['address'] . "',photo=" . $a . ",id_num=" . $_POST['idnum'] . "
    WHERE id_num='" . $_POST['idnum'] . "'";
    if(!mysqli_query($con,$query)){
        echo 'Error' . mysqli_error();
    }
header("Location: show all.php");
mysqli_close($con);
?>

提前致谢。 :)

2 个答案:

答案 0 :(得分:1)

1.您不能混用mysqlimysql

2.标题中的URL必须为url_encode() ed 

header("Location: show%20all.php");

3.您可以使用sql注入,使用mysqli预处理语句或至少mysql_real_escape_string()

4.本周错误。

photo=" . $a . ",id_num=" .` (either wrong concatenation or missing quotes)

如果id_num是整数,也不要在引号中设置它。生日,如果是datetime或除整数之外的其他任何内容,请将其设置为引号

5.无需更新完全匹配的ID,但最后最好使用LIMIT 1以避免意外更新超过1行

更新:尝试线路意图:

$query = "UPDATE
            add.tblmembers
          SET
            firstName     = '" . mysqli_real_escape_string($con, $_POST['fname']) . "', 
            lastName      = '" . mysqli_real_escape_string($con, $_POST['lname']) . "', 
            middleName    = '" . mysqli_real_escape_string($con, $_POST['shadow']) . "', 
            birthday      = '" . mysqli_real_escape_string($con, $bd) . "', 
            motherChapter = '" . mysqli_real_escape_string($con, $_POST['pob']) . "', 
            address       = '" . mysqli_real_escape_string($con, $_POST['address']) . "', 
            photo         = '" . mysqli_real_escape_string($con, $a) . "
          WHERE
            id_num  =  " . intval($_POST['idnum']) . "
          LIMIT 1";

您可以更好地查看代码的质量和突出显示。

答案 1 :(得分:1)

您正在使用mysqli。你应该用mysqli连接数据库 替换

$con = mysql_connect('localhost','root','','add');

if(mysqli_connect_errno()){
    echo "Cannot connect to MySql: " . mysqli_connect_error();
    }

通过

$con = mysqli_connect("localhost","root","","add") or die("Error " . mysqli_error($con));

你应该在这里改变(在mysqli_error函数中传递$ con):

if(!mysqli_query($con,$query)){
        echo 'Error' . mysqli_error();
    }

通过

if(!mysqli_query($con,$query)){
    echo 'Error' . mysqli_error($con);
}
相关问题
最新问题