PHP MySQL语句不更新数据库

时间:2014-04-13 22:02:45

标签: php mysql sql database mysqli

经过大量编辑和检查教程网站。代码当前未从数据库调用信息,单击“批准”按钮时,不编辑数据库。我有一个名为Reg_ID的列标识符,可以指定您选择编辑的数据列。表单正在提交,只是清除我输入的信息而不存储数据。

此文件名为Approve Deny Prayer Request。

<?php
$DB_HOST = "XXXXXXX";
$DB_NAME = "XXXXXXX";
$DB_PASS = "XXXXXXX";
$DB_USER = "XXXXXXX";

$link = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($link->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}

$query = "SELECT * FROM Request";
$result = mysqli_query($link,$query); //<----- Added link
$row = mysqli_fetch_array($result);

if(isset($_POST['add'])){

$id = mysqli_real_escape_string($link,$_POST['id']);
$firstname = mysqli_real_escape_string($link,$_POST['first']);
$lastname = mysqli_real_escape_string($link,$_POST['last']);
$phone = mysqli_real_escape_string($link,$_POST['phone']);

$query2=mysqli_query($link,"UPDATE Request SET Reg_F_Name='$firstname',     Reg_L_Name='$lastname',Reg_Request='$phone' WHERE id='$id'" );

if($query2){
header("Location: fbcaltusprayerorg.ipagemysql.com");
}

} // brace if(isset($_POST['add']))

?>

<form action="" method="post">

<table>
<input type="hidden" name="id" value="<? echo "$row[Reg_ID]" ?>">

<tr>
<td>First Name:</td>
<td><input type="text" name="first" value="<? echo "$row[Reg_F_Name]" ?>"></td>
</tr>

<tr>
<td>Last Name:</td>
<td><input type="text" name="last" value="<? echo "$row[Reg_L_Name]" ?>"></td>
</tr>

<tr>
<td>Prayer Request:</td>
<td><input type="text" name="phone" value="<? echo "$row[Reg_Request]" ?>"></td>
</tr>

</table>
<input name="add" type="submit" id="add" value="Approve Prayer Request">

</form>

2 个答案:

答案 0 :(得分:5)

首先,您的初始代码不包含开始<form>标记;已包括在内。

您尝试运行代码的方式是让您对SQL injection开放。

现在,您需要做什么。

  • 创建名为id的列,并根据需要将其设置为AUTO_INCREMENT,但不是必需的;只要有一些与之相关的数据并且拥有唯一的名称/ id。
  • 创建名为/ id
    • 的隐藏字段

然后使用UPDATE以及SET和WHERE子句。

旁注: 这会自动将您重定向到您已调用的网页文件名。

在此示例中,我使用了header("Location: http://www.example.com/update.php");

将DB凭据替换为您自己的凭据。

<?php
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";

$link = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($link->connect_errno > 0) {
  die('Connection failed [' . $db->connect_error . ']');
}

$query = "SELECT * FROM Request";
$result = mysqli_query($link,$query); //<----- Added link
$row = mysqli_fetch_array($result);

if(isset($_POST['add'])){

$id = mysqli_real_escape_string($link,$_POST['id']);
$firstname = mysqli_real_escape_string($link,$_POST['first']);
$lastname = mysqli_real_escape_string($link,$_POST['last']);
$phone = mysqli_real_escape_string($link,$_POST['phone']);

$query2=mysqli_query($link,"UPDATE Request SET Reg_F_Name='$firstname', Reg_L_Name='$lastname',Reg_Request='$phone' WHERE id='$id'" );

if($query2){
header("Location: http://www.example.com/update.php");
}

} // brace if(isset($_POST['add']))

?>

<form action="" method="post">

<table>
<input type="hidden" name="id" value="<? echo "$row[id]" ?>">

<tr>
<td>First Name:</td>
<td><input type="text" name="first" value="<? echo "$row[Reg_F_Name]" ?>"></td>
</tr>

<tr>
<td>Last Name:</td>
<td><input type="text" name="last" value="<? echo "$row[Reg_L_Name]" ?>"></td>
</tr>

<tr>
<td>Prayer Request</td>
<td><input type="text" name="phone" value="<? echo "$row[Reg_Request]" ?>"></td>
</tr>

</table>
<input name="add" type="submit" id="add" value="Approve Prayer Request">

</form>

答案 1 :(得分:-3)

使用sql语句更新数据库的调用在哪里?

我有一个函数,通常我只是为了更新数据库。我还确保为每个表添加列,如UpdateDtTm,并将其添加到我的更新结束。这样你知道你将总是在更新语句上更新一些东西。另外,请确保使用密钥和唯一ID,以确保只更新所需的行。

另外,请尝试使用此语法

$query2 = "Update Request set Reg_F_Name = $row[Reg_F_Name], Reg_L_Name = $row['Reg_L_Name],    Reg_Request = $row['Reg_Request'], UpdateDtTM = Now() where <A UNIQUE KEY ROW> = <UNIQUE ID>. 

 $result = db_update ("updating request in some location", $sql,"update");


 function db_update($function_name,$sql,$type) {

    // Get access to PHP global variables
    global $database;
    //if the database value is not pulled from the global array make sure
    //the system has it based on the Session value set on load
    if (! $database) {
        $database = $_SESSION['database'];
    }

    // Now authenticate the user with the database
    $db = db_connect($database);
    // Run SQL Query
mysql_query($sql);
// Mysql won't return a $result for UPDATE, so have to test with mysql_affected_rows
// mysql also won't do an update if the values are the same, so you could
// possibly have an instance where nothing is change and this fails
// got around this by adding an updated column that is increased by 1 everytime
// an update is performed.  this ensures that you always have something updated
if ( mysql_affected_rows()==0 ) {

    // Unable to update
    $error = "db_update error<br>$sql<br>".mysql_errno()." - ".mysql_error();
    database_error($error,$sql);

    // Exit the function after error
    exit;

}

// Do nothing for this guy
// We don't need to return anything
return;

}

相关问题
最新问题