编辑:我重写了我的问题以包含更多细节:
以下是生成用户数据库结果页面的代码快照:
userdetails.php
$currenttechnicians = "SELECT * FROM ahsinfo ORDER BY FirstName";
$currenttechniciansresults = sqlsrv_query($conn,$currenttechnicians) or die("Couldn't execut query");
while ($techniciandata=sqlsrv_fetch_array($currenttechniciansresults)){
echo "<tr align=center>";
echo "<td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=hidden name=\"ID\" value=";
echo $techniciandata['ID'];
echo ">";
echo "<input type=textbox name=\"FirstName\" value=";
echo $techniciandata['FirstName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"LastName\" value=";
echo $techniciandata['LastName'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox size=40 name=\"SIPAddress\" value=";
echo $techniciandata['SIPAddress'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
echo "<input type=textbox name=\"MobileNumber\" value=";
echo $techniciandata['MobileNumber'];
echo "> ";
echo "</td><td height=35 background=largebg.gif style=text-align: center valign=center>";
?>
这是处理表单提交的代码:(再次,只是更新数据库的SQL查询。我删除了数据库连接字符串。)
edituserdetails.php
<?PHP
//Add the new users details to the database
$edituser = " UPDATE ahsinfo SET FirstName='{$_POST['FirstName']}', LastName='{$_POST['LastName']}', SIPAddress='{$_POST['SIPAddress']}', MobileNumber='{$_POST['MobileNumber']}' WHERE ID='{$_POST['ID']}' ";
$editresult = sqlsrv_query($conn,$edituser) or die("Couldn't execute query to update database");
?>
我正在尝试用userdetails.php页面上的任何更改来更新整个数据库(它是一个小型数据库)。
答案 0 :(得分:1)
您的字符串值周围缺少引号,并在其中一个POST变量上使用大括号而不是括号:
UPDATE ahsinfo
SET FirstName="{$_POST['FirstName']}",
LastName="{$_POST['LastName']}",
EmailAddress="{$_POST['EmailAddress']}",
MobileNumber="{$_POST['MobileNumber']}"
WHERE ID={$_POST['ID']}
如果您检查了代码中的错误,就会发现这一点。
仅供参考,您对SQL injections
持开放态度