PHP表单不是编辑MySQL表数据
我有一个PHP表单,在输入中显示MySQL Table行的列数据。例如,每列都放入单独的输入值。我这样做是因为我希望用户能够编辑特定行的列数据。用户应该能够编辑其中一个输入值,点击提交按钮,MySQL表格中该行的列数据将被更改。目前,当我点击提交时,我收到错误Could not edit job position:。即使我将输入值保持不变,也会发生这种情况。
以下是完整PHP页面的图片:
更多信息:在照片中,您可以看到每个表行都有一个编辑和删除链接。表行代表MySQL表行。单击编辑链接时,我的PHP表单将显示在底部,其中包含标题,说明,模型,品牌,年份和价格列的输入。这些输入包含该表行的每列的值。
这是我的完整PHP页面代码:
<!DOCTYPE html>
<head>
<title>GBM Trailer Service Ltd. ::: Used Units Management</title>
</head>
<body>
<?php
$dbLink = new mysqli('dacom', 'ksbm', 'Kiaer', 'kabm');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
//Up and Down Arrow Links: PHP Code
$conn = new mysqli('dsm', 'kam', 'Kfr', 'kcm');
// if an arrow link was clicked...
if ($_GET['dir'] && $_GET['id']) {
// make GET vars easier to handle
$dir = $_GET['dir'];
// cast as int and couple with switch for sql injection prevention for $id
$id = (int) $_GET['id'];
// decide what row we're swapping based on $dir
switch ($dir) {
// if we're going up, swap is 1 less than id
case 'up':
// make sure that there's a row above to swap
$swap = ($id > 1)? $id-- : 1;
break;
// if we're going down, swap is 1 more than id
case 'down':
// find out what the highest row is
$sql = "SELECT count(*) FROM used_trailers";
$result = mysqli_query($conn, $sql) or die();
$r = mysqli_fetch_row($result);
$max = $r[0];
// make sure that there's a row below to swap with
$swap = ($id < $max)? $id++ : $max;
break;
// default value (sql injection prevention for $dir)
default:
$swap = $id;
} // end switch $dir
// swap the rows. Basic idea is to make $id=$swap and $swap=$id
$sql = "UPDATE used_trailers SET orderid = CASE orderid WHEN $id THEN $swap WHEN $swap THEN $id END WHERE orderid IN ($id, $swap)";
$result = mysqli_query($conn, $sql) or die;
} // end if GET
// set a result order with a default (sql infection prevention for $sortby)
$sortby = ($_GET['sortby'] == 'title')? $_GET['sortby'] : 'orderid';
// Delete link: PHP Code
// delete from table
if ($_GET['del'] == 'true') {
// cast id as int for security
$id = (int) $_GET['id'];
// delete row from table
$sql = "DELETE FROM used_trailers WHERE orderid = '$id'";
$result = mysqli_query($conn, $sql) or die();
// select the info, ordering by usort
$sql = "SELECT orderid, title FROM used_trailers ORDER BY orderid";
$result = mysqli_query($conn,$sql) or die();
// initialize a counter for rewriting usort
$job_pos_sortt = 1;
// while there is info to be fetched...
while ($r = mysqli_fetch_assoc($result)) {
$job_poss = $r['orderid'];
// update the usort number to the one in the next number
$sql = "UPDATE used_trailers SET orderid = '$job_pos_sortt' WHERE title = '$job_poss'";
$update = mysqli_query($conn, $sql) or die();
// inc to next avail number
$job_pos_sortt++;
} // end while
} // end if del
// Connect to the database
$dbLink = new mysqli('da.com', 'am', 'aer', 'kabm');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Query for a list of all existing files
$sql = 'SELECT * FROM used_trailers ORDER BY orderid';
$result = $dbLink->query($sql);
// Check if it was successfull
if($result) {
// Make sure there are some files in there
if($result->num_rows == 0) {
echo '<p>There are no files in the database</p>';
}
else {
// Print the top of a table
echo '<table width="100%" border="1">
<tr valign="middle" align="center">';
echo "<td>Order</td>";
echo "<td>Title</td>";
echo '<td valign="middle"><b>Description</b></td>
<td valign="middle"><b>Model</b></td>
<td valign="middle"><b>Make</b></td>
<td valign="middle"><b>Year</b></td>
<td valign="middle"><b>Price</b></td>
<td valign="middle"><b>Photo 1</b></td>
<td valign="middle"><b>Photo 2</b></td>
<td valign="middle"><b>Photo 3</b></td>
<td valign="middle"><b>Photo 4</b></td>
<td valign="middle"><b>Photo 5</b></td>
<td valign="middle"><b>PDF</b></td>
<td valign="middle"><b>Edit/Delete</b></td>
</tr>';
// Print each file
while($row = $result->fetch_assoc()) {
echo "
<tr valign='middle' align='center'>
<td align = 'center' valign = 'center'><a style='color:black;' href='{$_SERVER['PHP_SELF']}?dir=up&id={$row['orderid']}'>/\</a>
<a style='color:black;' href='{$_SERVER['PHP_SELF']}?dir=down&id={$row['orderid']}'>\/</a></td>
<td valign='middle'>{$row['title']}</td>
<td valign='middle'>{$row['description']}</td>
<td valign='middle'>{$row['model']}</td>
<td valign='middle'>{$row['make']}</td>
<td valign='middle'>{$row['year']}</td>
<td valign='middle'>{$row['price']}</td>
<td valign='center'><img width=100 height=100 src=images/{$row['photo']}></td>
<td valign='center'><img width=100 height=100 src=images/{$row['photo1']}></td>
<td valign='center'><img width=100 height=100 src=images/{$row['photo2']}></td>
<td valign='center'><img width=100 height=100 src=images/{$row['photo3']}></td>
<td valign='center'><img width=100 height=100 src=images/{$row['photo4']}></td>
<td valign='center'><a target='_blank' href='downloadfile.php?id={$row['id']}'>{$row['name']}</a></td>
<td align = 'center' valign = 'center'><b><a href='pdfget.php?orderid={$row['orderid']}' style='color:black;'>Edit</a> <a href='{$_SERVER['PHP_SELF']}?del=true&id={$row['orderid']}' style='color:black;' onclick='return show_confirm();'>Delete</a></b></td>
</tr>";
}
// Close table
echo '</table>';
}
// Free the result
$result->free();
}
else
{
echo 'Error! SQL query failed:';
echo "<pre>{$dbLink->error}</pre>";
}
// Close the mysql connection
$dbLink->close();
?>
<?php
if (isset($_GET["orderid"])) {
$sn = (int)($_GET["orderid"]);
if(isset($_POST['update']))
{
$job_pos_sort = $_POST['orderid'];
$job_pos = $_POST['title'];
$job_pose = $_POST['description'];
$job_pose1 = $_POST['make'];
$job_pose2 = $_POST['model'];
$job_pose3 = $_POST['year'];
$job_pose4 = $_POST['price'];
$dbhost = 'daom';
$dbuser = 'keabm';
$dbpass = 'Kaer';
$dbname = 'keagbm';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
if(! $conn )
{
die('Could not connect: ' . mysqli_error());
}
$sql = "UPDATE used_trailers SET title='$job_pos', description='$job_pose', make='$job_pose1', model='$job_pose2', year='$job_pose3', price='$job_pose4' WHERE orderid=$job_pos_sort";
$retval = mysqli_query($conn, $sql);
if(! $retval )
{
die(mysqli_error($conn) . "update failed");
}
echo "Edited job position successfully. <br />\n";
echo "Click <a style='color:black;' href='managecareers.php'>here</a> to refresh the page";
}
else
{
$job_posname = "SELECT title FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname);
$array=mysqli_fetch_assoc($query);
$job_posname=stripslashes($array['title']);
$job_posname1 = "SELECT description FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname1);
$array=mysqli_fetch_assoc($query);
$job_posname1=stripslashes($array['description']);
$job_posname2 = "SELECT make FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname2);
$array=mysqli_fetch_assoc($query);
$job_posname2=stripslashes($array['make']);
$job_posname3 = "SELECT model FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname3);
$array=mysqli_fetch_assoc($query);
$job_posname3=stripslashes($array['model']);
$job_posname4 = "SELECT year FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname4);
$array=mysqli_fetch_assoc($query);
$job_posname4=stripslashes($array['year']);
$job_posname5 = "SELECT price FROM used_trailers WHERE orderid = $sn";
$query=mysqli_query($conn, $job_posname5);
$array=mysqli_fetch_assoc($query);
$job_posname5=stripslashes($array['price']);
?>
<div align="center">
<p style="position:relative; left:-11px;">Edit Job Position</p>
<form method="post" action="">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td><input name="job_pos_sort" type="hidden" id="job_pos_sort" value="<?php echo $sn;?>"></td>
</tr>
<tr>
<td width="100" style="color:white;">Job Position:</td>
<td><input name="job_pos" type="text" id="job_pos" value="<?php echo $job_posname;?>"><span id="measure"></span></td>
<td><input name="description" type="text" id="description" value="<?php echo $job_posname1;?>"></td>
<td><input name="make" type="text" id="make" value="<?php echo $job_posname2;?>"></td>
<td><input name="model" type="text" id="model" value="<?php echo $job_posname3;?>"></td>
<td><input name="year" type="text" id="year" value="<?php echo $job_posname4;?>"></td>
<td><input name="price" type="text" id="price" value="<?php echo $job_posname5;?>"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Edit">
</td>
</tr>
</table>
</form>
</div>
<?php
}
}
else {
}
?>
</body>
</html>
非常感谢所有帮助。谢谢你的帮助。
1 个答案:
答案 0 :(得分:0)
您需要在查询中将数据放在引号中:
$sql = "UPDATE used_trailers SET title='$job_pos', description='$job_pose', make='$job_pose1', model='$job_pose2', year='$job_pose3', price='$job_pose4' WHERE orderid=$job_pos_sort";
此外,您应该从输入中转义任何数据库参数,否则它们将破坏您的查询 - mysqli_real_escape_string() for mySQL或pg_escape_string() for Postgres:
$job_pos_sort = mysqli_real_escape_string($_POST['orderid']);
$job_pos = mysqli_real_escape_string($_POST['title']);
$job_pose = mysqli_real_escape_string($_POST['description']);
$job_pose1 = mysqli_real_escape_string($_POST['make']);
$job_pose2 = mysqli_real_escape_string($_POST['model']);
$job_pose3 = mysqli_real_escape_string($_POST['year']);
$job_pose4 = mysqli_real_escape_string($_POST['price']);
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?