所以我必须创建一个php页面来批准/拒绝数据库中特定行所获取的一些信息。如果看到该信息的管理员批准它,他会添加一些额外的值并更新数据库中的特定行(这些额外的值在批准之前为0),但它最终不起作用。我认为问题在于提交表单重定向到的approve.php文件,我认为它不会读取管理员输入的值。
这是表格(lecturermeet.php):
<div class="wrapper col3">
<div class="container">
<h1>Pending Meeting Submissions</h1>
<?php
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("dissdb") or die(mysql_error());
$statuscheck = 0;
$result = mysql_query("SELECT status FROM meeting WHERE status = '$statuscheck'");
if ($result != NULL) {
$result = mysql_query("SELECT id,username,date,subject,report FROM meeting WHERE status = '$statuscheck'");
while ($row = mysql_fetch_assoc($result)){
$uploader = $row['username'];
$date = $row['date'];
$subject = $row['subject'];
$report = $row['report'];
$id = $row['id'];
echo ' <font size=6> <p>Meeting: #' .$id. ' </font><br><br>Submitted by: '.$uploader.'<br>Date: ' .$date. '<br>Subject: ' .$subject. '<br>Report: ' .$report. '<br> <br></p>' ;
$showbuttons = 1;
if($showbuttons == 1) : ?>
<form>
Meeting #:
<input type="number" name="id" id="id" value='$id' min="1" max="20">
</form>
<form>
Project Progression Status (between 1 and 6):
<input type="number" name="progress" id="progress" min="1" max="6">
</form>
<form>
<br> Effort Shown (between 1 and 6):
<input type="number" name="effort" id="effort" min="1" max="6">
</form>
<form>
<br> Dissertation Projection (between 1 and 6):
<input type="number" name="projection" id="projection" min="1" max="6">
</form>
<form>
<br> Lecturer Satisfaction (between 1 and 6):
<input type="number" name="satisfaction" id="satisfaction" min="1" max="6">
</form>
<form>
<br> Overall (between 1 and 10):
<input type="number" name="mark" id="mark" min="1" max="10">
<br><br><br></form>
<form action="approve.php" method="post"
enctype="multipart/form-data">
<input type="submit" name="approve" value="Approve">
</form>
<label for="rejectinfo"><br><br><br>Rejection comments:</label>
<textarea name="rejectinfo" cols="60" rows="7" id="rejectinfo" ></textarea>
<p><form action="reject.php" method="post"
enctype="multipart/form-data">
<input type="submit" name="reject" value="Reject">
<br><br></form></p>
<?php endif;
}} ?>
</div>
</div>
以下是表单重定向到的approve.php,以便更新特定的行:
<?php
require "config.php";
require "lecturerarea.php";
$id = $_POST['id'];
$progress = $_POST['progress'];
$effort = $_POST['effort'];
$projection = $_POST['projection'];
$satisfaction = $_POST['satisfaction'];
$mark = $_POST['mark'];
$status = 1;
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("dissdb") or die(mysql_error());
mysql_query("UPDATE meeting SET 'progress'='$progress', 'effort'='$effort',
'projection'='$projection', 'satisfaction'='$satisfaction', 'mark'='$mark', 'status'='$status' WHERE id = '$id'");
echo "The meeting submission is approved! <br> Redirecting now ....";
header("Refresh: 3; lecturerarea.php");
?>
答案 0 :(得分:2)
从列名称周围删除引号。这些不是正确的identifiers。
即:SET 'progress'='$progress'
应该读作(使用反引号示例)
SET `progress`='$progress' // etc.
或删除引号并为其他人执行相同操作。
SET progress='$progress' // etc.
开启error reporting后,就会发出信号。
error_reporting(E_ALL);
ini_set('display_errors', 1);
同样or die(mysql_error())到mysql_query()。
您还有多个<form></form>代码。将所有内容放在一个<form>...</form>中,您需要指定方法。
<form method="post">
<form>默认为GET。
用于数据库插入的所有变量都是$_POST。
这等于GET方法
<form>
<br> Overall (between 1 and 10):
<input type="number" name="mark" id="mark" min="1" max="10">
<br><br><br></form>
并且不会在DB中输入。
它应该读作
<form method="post">
<br> Overall (between 1 and 10):
<input type="number" name="mark" id="mark" min="1" max="10">
<br><br><br></form>
并为其他人做同样的事。
对于headers already sent,请从echo上方移除header,或者如果您希望它回显消息,请使用元刷新。
理想情况下,这就是你应该做的事情:
<form action="approve.php" method="post" enctype="multipart/form-data">
Meeting #:
<input type="number" name="id" id="id" value='$id' min="1" max="20">
Project Progression Status (between 1 and 6):
<input type="number" name="progress" id="progress" min="1" max="6">
<br> Effort Shown (between 1 and 6):
<input type="number" name="effort" id="effort" min="1" max="6">
<br> Dissertation Projection (between 1 and 6):
<input type="number" name="projection" id="projection" min="1" max="6">
<br> Lecturer Satisfaction (between 1 and 6):
<input type="number" name="satisfaction" id="satisfaction" min="1" max="6">
<br> Overall (between 1 and 10):
<input type="number" name="mark" id="mark" min="1" max="10">
<br><br><br>
<input type="submit" name="approve" value="Approve">
<label for="rejectinfo"><br><br><br>Rejection comments:</label>
<textarea name="rejectinfo" cols="60" rows="7" id="rejectinfo" ></textarea>
<input type="submit" name="reject" value="Reject">
<br><br>
</form>
<强> 旁注:
您现有的代码向SQL injection开放 使用prepared statements或PDO with prepared statements。
答案 1 :(得分:0)
好的,你得到了错误,因为当你点击提交批准时你只需要获取该表格的值,所以如果你想要投影的数据和其他人做出类似的事情。
<form action="approve.php" method="post"
enctype="multipart/form-data">
<input type="submit" name="approve" value="Approve">
<br> Dissertation Projection (between 1 and 6):
<input type="number" name="projection" id="projection" min="1" max="6">
</form>
其他输入。