更新mysql数据库时清空查询未定义变量

时间:2014-08-01 19:28:28

标签: php database object mysqli

我正在尝试设置一个可以更新我的产品的表单。 代码读取数据确定,但$ update正在获取阻止更新执行任何操作的错误。

错误是:
未定义的变量:更新
mysqli :: query():空查询(提交表单后)

请帮忙!谢谢。     
//include database configuration file
    include("config.php");
    $mysqli->set_charset("utf8");

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Edit Page</title>
</head>
<body>
<?php
    if(isset($_POST['Submit'])){//if the submit button is clicked

    $updateproductname = $_POST['updateproductname'];
    $updatesku = $_POST['productsku'];
    $updateproductoriginal = $_POST['updateoriginalname'];
    $updatedescshort = $_POST['updatedescshort'];

    $update = $mysqli->query("UPDATE testproducts". 
                    "SET product_sku=$updatesku, product_name=$updateproductname, 'product_originalname'='$updateproductoriginal', 'product_description_short='$updatedescshort' ".
                    "WHERE product_id = '$id' ");
    $mysqli->query($update) or die("Cannot update");//update or error
    }
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
?>
<h2>Update Record <?php echo $id;?></h2>
<form action="" method="post">
<?php


    while ($row = $result->fetch_assoc()) {?>

<table border="0" cellspacing="10">
<tr>
<td>Product Name:</td> <td><input type="text" name="updateproductname" value="<?php echo $row['product_name']; ?>"></td>
</tr>
<tr>
<td>Product Original Name:</td> <td><input type="text" name="updateoriginalname" value="<?php echo $row['product_originalname']; ?>"></td>
</tr>
<tr>
<td>Product SKU:</td> <td><input type="text" name="productsku" value="<?php echo $row['product_sku']; ?>"></td>
</tr>
<tr>
<td>ShortDescription:</td> <td><input type="text" name="updatedescshort" size="100" value="<?php echo $row['product_description_short']; ?>"></td>
</tr>
<tr>
<td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
</tr>
</table>
<?php   
}
    ?>
</form>
<?php
    if($update){//if the update worked

    echo "<b>Update successful!</b>";



}  
?>
</body>
</html>

2 个答案:

答案 0 :(得分:0)

a)您容易受到SQL injection attacks

的攻击

b)阅读mysqli_query()的文档。该函数接受查询STRING,并返回RESULT HANDLE。然后,您将获取该结果句柄并尝试重新查询它。如果您在所有的mysqli电话上遇到错误的错误处理,那么您已经看过了。

答案 1 :(得分:0)

移动更新后,

能够更新记录并选择代码到html顶部

<?php
    if(isset($_POST['Submit'])){//if the submit button is clicked
    // Check connection

    $productname = $_POST['updateproductname'];
    $productoriginal = $_POST['updateoriginalname'];
    $sku = $_POST['productsku'];
    $descshort = $_POST['updatedescshort'];


    $mysqli->query("UPDATE testproducts ".
                            "SET product_name='$productname',product_originalname='$productoriginal', product_sku='$sku', product_description_short='$descshort'".

                            " WHERE product_id='$id'");

    }
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
//$query=getenv(QUERY_STRING);
//parse_str($query);
//$ud_title = $_POST['Title'];
//$ud_pub = $_POST['Publisher'];
//$ud_pubdate = $_POST['PublishDate'];
//$ud_img = $_POST['Image'];
$mysqli->close();
?>