表单编辑正在删除我的条目

时间:2014-10-20 17:03:44

标签: php sql

所以我有一个表单来编辑条目,这些条目填充了已经从数据库输入的内容。当我进行编辑时,它正在保存并将我重定向回列表页面而没有任何错误,但它没有改变任何内容。我猜测它在哪里拉取价值感到困惑。

这是使用值填充表单的SQL查询(此部分有效):

    <?php

// query db
$gigid = $_GET['gigid'];
$con = mysqli_connect("***********","***********","***********","***********");
$result = mysqli_query($con, "SELECT * FROM gigs WHERE gigid=$gigid") or die(mysqli_error()); 
$row = mysqli_fetch_array($result);
mysqli_close($con);

// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
        $gig_name = $row['gig_name'];
        $gig_type = $row['gig_type'];
        $gig_date = $row['gig_date'];
        $gig_customer = $row['gig_customer'];
        $gig_venue = $row['venue_name'];
        $gig_fee = $row['gig_fee'];
        $gig_status = $row['gig_status'];   
 }
 ?>

以下是表格的摘录:

  <form class="form-horizontal" id="create-ticket" method='post' action='edit_gig_process.php?       gigid=<?php echo $_GET['gigid']; ?>'>
  <fieldset>
    <legend>Edit Gig Information</legend>

        <input type="hidden" class="input-xxlarge" id="gig_date_created" name="gig_date_created">
        <input type="hidden" class="input-xxlarge" id="userid" name="userid">

<div class="control-group">
      <label class="control-label" for="gigid">Gig ID</label>
      <div class="controls">
        <input type="text" name="gigid" disabled="disabled" value="<?php echo $_GET['gigid']; ?>"      />
      </div>
</div>  

<div class="control-group">
      <label class="control-label" for="gig_name">Gig Name (Required)</label>
      <div class="controls">
        <input type="text" class="input-xxlarge" id="gig_name" value="<?php echo        $row['gig_name']; ?>" name="gig_name">

      </div>
</div>

这是更新查询的摘录:

$gigid = $_GET['gigid'];

  $sql= "UPDATE gigs set 
  gig_name='$gig_name',
  gig_type='$gig_type', 
  gig_customer='$gig_customer', 
  gig_date='$gig_date_created', 
  gig_start_time='$gig_start_time', 
  gig_end_time='$gig_end_time',     
  gig_fee='$gig_fee', 
  gig_status='$gig_status', 
  venue_name='$venue_name', 
  venue_address='$venue_address', 
  venue_contact='$venue_contact',
  WHERE 
  gigid='$gigid'";

  header('Location: http://managegigs.com/cp/my-gigs.php');

  mysqli_close($con);

1 个答案:

答案 0 :(得分:0)

您没有运行更新查询,您的更新只是一个字符串。

之后

$sql= "UPDATE gigs set 

  gig_name='$gig_name',
  gig_type='$gig_type', 
  gig_customer='$gig_customer', 
  gig_date='$gig_date_created', 
  gig_start_time='$gig_start_time', 
  gig_end_time='$gig_end_time',     
  gig_fee='$gig_fee', 
  gig_status='$gig_status', 
  venue_name='$venue_name', 
  venue_address='$venue_address', 
  venue_contact='$venue_contact'
  WHERE 
  gigid='$gigid'";

添加:

mysqli_query($con,$sql);

另外,至少改变一下:

$gigid = $_GET['gigid'];

添加:

$gigid = mysqli_real_escape_string($gigid);

直接让它有点安全。将$ _GET直接放入DB是危险的。

Uploadpart in complete: 

$gig_name = $_POST['gig_name'];
// fetch all $_POST(ed) data
// and secure with
$gig_name = mysqli_real_escape_string($con,$gig_name);


$gigid = $_GET['gigid'];
$gigid = mysqli_real_escape_string($con,$gigid);
  $sql= "UPDATE gigs set 
  gig_name='$gig_name',
  gig_type='$gig_type', 
  gig_customer='$gig_customer', 
  gig_date='$gig_date_created', 
  gig_start_time='$gig_start_time', 
  gig_end_time='$gig_end_time',     
  gig_fee='$gig_fee', 
  gig_status='$gig_status', 
  venue_name='$venue_name', 
  venue_address='$venue_address', 
  venue_contact='$venue_contact'
  WHERE 
  gigid='$gigid'";
mysqli_query($con,$sql);

  header('Location: http://managegigs.com/cp/my-gigs.php');

  mysqli_close($con);
相关问题
最新问题