更新事务后提交

时间:2015-02-11 06:40:47

标签: php mysql

我是php的新手。我创建了一个更新表单如下。我需要更新以下字段。

类别,简短说明,完整说明。 这部分发生了,如果我只更新类别字段,那么剩下的字段将变为空白。那怎么办呢?任何帮助,将不胜感激。 步骤1.在 view.php 中,当用户点击“编辑”按钮时,它将转到 updateview.php

步骤2.在 updateview.php 中,当用户更改任何字段值并按更新按钮时,它将转到 update.php

步骤3.从 update.php ,它将返回带有更新值的 view.php

由于

View.php

<table id="example" class="row-border" cellspacing="0" width="100%">
        <thead>
            <tr>
                <th>SRN</th>
                <th>Client</th>
                <th>Category</th>
                <th>Short Description</th>
                <th>Full Description</th>
                <th>Action</th>
            </tr>
        </thead>
        <tbody>
        <?php while($row = mysql_fetch_array($selectQ)){ ?>
         <tr>
            <td><?php echo $row['srn'];?></td>
            <td><?php echo $row['client'];?></td>
            <td><?php echo $row['category'];?></td>
            <td><?php echo $row['sd'];?></td>
            <td><?php echo $row['fd'];?></td>
            <td><a href="updateview.php?srn=<?php echo $row['srn']; ?>" target="_blank">Edit</a></td>
    </tr>
        <?php } ?>
        </tbody>
    </table>

dbconn.php

<?php
$username = "root";
$password = "root";
$hostname = "localhost"; 
$dbhandle = mysql_connect($hostname, $username, $password) 
  or die("Unable to connect to MySQL");
$selected = mysql_select_db("eservice",$dbhandle) 
  or die("Could not select database");
?>

updateview.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<div id="main-content">
<fieldset>
<?php
if(isset($_SESSION['example']))
{
echo $_SESSION['example'];
}
else
{
echo "Session destroyed..";
}
?>
</div>
<?php
include_once('dbconn.php');
$srn = $_GET['srn'];
$selQ = "Select * from main where srn = '".$srn."'";
$selectQ = mysql_query($selQ);
?>
<?php
      while($row = mysql_fetch_array($selectQ)){ ?>
<form action="update.php" method="post" enctype="multipart/form-data" novalidate>
<div class="item">
    <label> <span>SRN</span>
<input name="srn" type="text" id="srn" size="15" readonly="readonly" maxlength="40" value="<?php echo $row['srn']; ?>"/>
    </label>
    </div>
    <div class="item">
    <label> <span>Client</span>
     <select class="required" name="client"  value="<?php echo $row['client']; ?>" disabled="disabled"/>
                            <?php include_once('dbconn.php'); ?>
                  <option value=""><?php echo $row['client']; ?></option>
             <?php
mysql_connect ("localhost","root","");
                    mysql_select_db ("eservice");
                    $select="eservice";
                    if (isset ($select)&&$select!="")
{
                        $select=$_POST ['NEW'];
}
?>
<?php
                    $list=mysql_query("select * from client");
                    while($row_list=mysql_fetch_assoc($list))
{
?>
          <?php $ct = $row_list['cname'];?>
          <option value="<?php echo $ct; ?>"<?php if($ct==$select){ echo "selected"; } ?> > <?php echo $ct; ?></option>
          <?php } ?>
      </select>
    <input type="hidden" name="client" value = "<?php echo $row['client']; ?>" />
    </label>
</div>
    <div class="item">
    <label> <span>Category</span>
         <select class="required" name="category"  value="<?php echo $row['category']; ?>"/>
                            <?php include_once('dbconn.php'); ?>
                  <option value=""><?php echo $row['category']; ?></option>
             <?php
mysql_connect ("localhost","root","");
                    mysql_select_db ("eservice");
                    $select="eservice";
                    if (isset ($select)&&$select!="")
{
                        $select=$_POST ['NEW'];
}
?>
          <?php
                    $list=mysql_query("select * from category");
                    while($row_list=mysql_fetch_assoc($list))
}
?>
          <?php $ct = $row_list['name'];?>
          <option value="<?php echo $ct; ?>"<?php if($ct==$select){ echo "selected"; } ?> > <?php echo $ct; ?></option>
          <?php } ?>
  </select>
    </label>
</div>
<div class="item">
<label> <span>Short Description</span>
    <textarea required="required" name='sd'><?php echo $row['sd']; ?></textarea>
</div>
<div class="item">
<label> <span>Full Description</span>
    <textarea required="required" name='fd'><?php echo $row['fd']; ?></textarea>
</div>
<div class="item">
<button id='cancel' type='cancel'>Cancel</button>
<button id='send' type='submit'>Update</button>
</div>
</form>
<?php } ?>

update.php

<?php
include_once('dbconn.php');
$srn          = $_POST['srn'];
$client       = $_POST['client']; //required
$cate         = $_POST['category'];
$sd           = $_POST['sd']; //required
$fd           = $_POST['fd']; //required

$updQry = "Update main Set client = '".$client."',category = '".$cate."',sd= '".$sd."',fd= '".$fd."' where srn = '".$srn."'";
$updateQ = mysql_query($updQry);
header("Location: view.php?res=U");
?>

1 个答案:

答案 0 :(得分:0)

注意:

确保您的srn列是唯一的。 您可以通过include及其所有代码再次调用updateview.php中的数据库连接。

include_once('dbconn.php');

mysql_connect ("localhost","root","");
                    mysql_select_db ("eservice");

其中,您的dbconn.php用户名和密码都是root用户,但在updateview.php中,用户名为root,但未指明密码。你在while循环中调用它。

我认为,您的更新查询没有问题,它只使用旧的已弃用的mysql_*函数,而且很容易SQL injections。您应该使用mysqli_* prepared statementPDO代替。

建议:

我已将您的代码重做为更值得推荐的mysqli_* prepared statement。要耐心理解,但这很容易。

你的dbconn.php:

<?php

$mysqli = new mysqli("localhost", "root", "root", "eservice");

/* ESTABLISH CONNECTION */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}
?>

您的updateview.php

<form action="update.php" method="post" enctype="multipart/form-data" novalidate>

<?php
include_once('dbconn.php');
$srn = $_GET['srn'];

  if($stmt = $mysqli->prepare("SELECT srn, client, category, sd, fd FROM main WHERE srn=?")){

    $stmt->bind_param("s",$_GET["srn"]);
    $stmt->execute();
    $stmt->bind_result($srn,$client,$category,$sd,$fd);
    $stmt->fetch();
    $stmt->close();

  }

  ?>

<div class="item">
  <label> <span>SRN</span>
  <input name="srn" type="text" id="srn" size="15" readonly="readonly" maxlength="40" value="<?php echo $srn; ?>"/>
  </label>
</div>

<div class="item">
  <label> <span>Client</span>    
  <select class="required" name="client"/>
  <?php

    if($stmt = $mysqli->prepare("SELECT cname FROM client")){

      $stmt->execute();
      $stmt->bind_result($cname);

      while($stmt->fetch()){

        ?>
          <option value="<?php echo $cname; ?>" <?php if($cname==$client){ echo "selected"; } ?>> <?php echo $cname; ?> </option>
        <?php

      } /* END OF WHILE LOOP */

      $stmt->close();

    } /* END OF PREPARED STATEMENT OF CLIENT */

  ?>
  </select>
  </label>
</div>

<div class="item">
  <label> <span>Category</span>      
  <select class="required" name="category"/>
  <?php

    if($stmt = $mysqli->prepare("SELECT name FROM category")){

      $stmt->execute();
      $stmt->bind_result($name);

      while($stmt->fetch()){

        ?>
          <option value="<?php echo $name; ?>" <?php if($name==$category){ echo "selected"; } ?>> <?php echo $name; ?> </option>
        <?php

      } /* END OF WHILE LOOP */

      $stmt->close();

    } /* END OF PREPARED STATEMENT OF CATEGORY */

  ?>
  </select>
  </label>
</div>

<div class="item">
<label> <span>Short Description</span>
    <textarea required="required" name='sd'><?php echo $sd; ?></textarea>
</div>
<div class="item">
<label> <span>Full Description</span>
    <textarea required="required" name='fd'><?php echo $fd; ?></textarea>
</div>
<div class="item">
<button id='cancel' type='cancel'>Cancel</button>
<button id='send' type='submit'>Update</button>
</div>
</form>

update.php

<?php

    include('dbconn.php');

    $stmt = $mysqli->prepare("UPDATE main SET client=?, category=?, sd=?, fd=? WHERE srn=?");

    $stmt->bind_param('sssss', $_POST["client"], $_POST["category"], $_POST["sd"], $_POST["fd"], $_POST["srn"]);

    $stmt->execute();

?>