通过表单批准行 - 获取空白页面

时间:2014-01-22 18:56:08

标签: php mysql forms

我想显示“已批准”列为“否”的所有条目的列表,然后在其旁边放置一个按钮,单击该按钮会将“已批准”更改为“是”。我通过代码检查器运行了这个并用括号等修复了一些问题。它现在告诉我没有错误,所以其他东西只是没有使用它。这可能是我想念的小事(我希望)。任何人都可以帮我找到/理解这部分是不正确的......和/或是否有更好的方法来实现我想要的东西?

<?php
  //select the database to write to
  $unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
    //While loop to cycle through the rows
    while($row = mysql_fetch_assoc($unapprovedsires)){
        $sirename = $row['sirename'];
        echo $sirename;}
?>
<ul class="admin-fields">
<?php
    foreach($row as $field){
        if(empty($field)){
            echo "....";
        }
        print '<li>' .$field.' </li>';
    }//End For Each Loop
    //print $sirename;
?>
        </ul>
<p>
 <?php
    if(isset($_POST['approve'])){
    mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '.$sirename.'") or die ("Something went wrong");
}
  ?>
    <ul>
        <li>

<form method="post">
    <input type="hidden" name="sirename" value="$sirename" />
    <button name="approve" id="approve" type="submit">Approve Sire</button>
</form>
           </li>
   </ul>

1 个答案:

答案 0 :(得分:1)

正如我作为评论所提到的,您需要使用echo语句将$sirename包装在PHP标记中。您也没有将$_POST['sirename']传递到您的脚本中。否则默认为$sirename中的原始mysql_fetch_assoc()

警告:您设置脚本的方式,您很容易受到注入攻击。这只是向您展示如何传入变量的示例。请参阅:How can I prevent SQL injection in PHP? 

<?php
  //select the database to write to
  $unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
    //While loop to cycle through the rows
    while($row = mysql_fetch_assoc($unapprovedsires)){
        $sirename = $row['sirename'];
        echo $sirename;}
?>
<ul class="admin-fields">
<?php
    while($row = mysql_fetch_assoc($unapprovedsires)){
        if(empty($row['sirename']))
            echo "....";
        else
            print '<li>' .$row['sirename'].' </li>';
    }
    //print $sirename;
?>
        </ul>
<p>
<?php
    if(isset($_POST['approve'])){
        $sirename = mysql_real_escape_string($_POST['sirename']);
        mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '$sirename'") or die ("Something went wrong");
    }
?>
    <ul>
        <li>
            <form method="post" method="<?php echo $_SERVER[PHP_SELF]; ?>">
                <input type="hidden" name="sirename" value="<?php echo $sirename; ?>" />
                <input type="submit" name="approve" id="approve" value="Approve Sire" />
            </form>
       </li>
</ul>
相关问题
最新问题