我有一个用于编辑mysql数据库中多行的代码。
问题在于,当我尝试使用filter_var来清理$_POST时
与filter_var($_POST['toode'], FILTER_SANITIZE_STRING)类似,则值变为空白,数据库中的值将被删除。使用$_POST而不使用filter_var进行清理时,它可以正常工作。
哪个可能是问题?
<?php
$host="xxx";
$username="xxx";
$password="xxx";
$db_name="xxx";
$tbl_name="xxx";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
?>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>Id</strong></td>
<td align="center"><strong>Toode</strong></td>
<td align="center"><strong>Kogus</strong></td>
</tr>
<?php
while ($rows = mysql_fetch_array($result))
{
?>
<tr>
<td align="center">
<?php $id[] = $rows['id']; ?>
<?php echo $rows['id']; ?>
</td>
<td align = "center">
<input name="toode[]" type="text" id="toode" value="<?php echo $rows['toode']; ?>">
</td>
<td align = "center">
<input name="kogus[]" type="text" id="kogus" value="<?php echo $rows['kogus']; ?>">
</td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="submit" value="Submit">
</td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
if (isset($_POST['submit']))
{
$toode = $_POST['toode'];
$kogus = $_POST['kogus'] ;
for($i = 0; $i < $count; $i++)
{
$sql1 = "UPDATE $tbl_name SET toode='$toode[$i]', kogus='$kogus[$i]' WHERE id='$id[$i]'";
$result1 = mysql_query($sql1);
}
}
if (isset($result1))
{
header("location:uus.php");
}
?>