无法更新我的数据库内容

时间:2015-02-23 14:58:55

标签: php mysql

我正在开发一个应用程序,我需要使用表单和UPDATE查询来更新我的数据库内容。由于我是编程新手,所以犯了一些错误。 UPDATE查询无效。我也通过echo $ sql检查,仍然无法正常工作。有人帮我解决这个问题

    <?php require_once ('config.php');?>

<div class="navigation">
    <a href="proj.php" class="addbtn"><img src="back.png"  value="Back" name="submit" class="reportbtn"></img></a>
</div>
<?php
if(isset($_POST['submit']))
{
     $getid     =   $_GET['id'];
     $var = $row['id'];

    $sql = "UPDATE nifty SET date = '$_POST[date]', bs = '$_POST[bs]', entrypoint = '$_POST[entrypoint]', exitpoint = '$_POST[exitpoint]', pl = '$_POST[pl]', WHERE id = ".$getid;        
    echo $sql;
   $query = mysql_query($sql);
     echo "<script type='text/javascript'>
alert('Updations made successfully');
</script>";
}
$sql1   = 'SELECT * FROM nifty WHERE id = "'.$getid.'"';
$query  = mysql_query($sql1);
    while($row = mysql_fetch_array($query, MYSQL_ASSOC))
    {
            $date   =       $row['date'];
        $bs =       $row['bs'];
        $entrypoint      =  $row['entrypoint'];
        $exitpoint       =  $row['exitpoint'];
        $pl =   $row['pl'];
    }
?>
<form name="testform" method="post" action="test1.php">

    Date :<input type= "text" name="date" value="<?php echo $date ?>"><br><br>
    Buy/Sell :<input type= "text" name="bs" value="<?php echo $bs ?>"><br><br>
    Entrypoint :<input type= "text" name="entrypoint" value="<?php echo $entrypoint ?>"><br><br>
    Exitpoint :<input type="date" name="exitpoint" value="<?php echo $exitpoint ?>"><br><br>
    P/L:<input type= "text" name="pl" value="<?php echo $pl ?>"><br><br>
    <input type="text" name="id" value="<?php echo $getid; ?>"/><br>
    <input type='submit' name='submit' class="reportbtn" value='submit'/>
</table>
</form>

3 个答案:

答案 0 :(得分:1)

学习如何摆脱SQL注入。

以下更新查询将起作用。

$sql = "UPDATE nifty SET date = '$_POST[date]', bs = '$_POST[bs]', entrypoint = '$_POST[entrypoint]', exitpoint = '$_POST[exitpoint]', pl = '$_POST[pl]' WHERE id = '$getid'";

答案 1 :(得分:0)

照顾好您的$sql变量。

$_POST[data]应为$_POST['data']

试试这样:

    $sql ='UPDATE nifty SET date = "'.$_POST["date"].'", bs = "'.$_POST["bs"].'", entrypoint = "'.$_POST["entrypoint"].'", exitpoint = "'.$_POST["exitpoint"].'", pl = "'.$_POST["pl"].'", WHERE id = '.$getid;

请注意,您很容易受到SQL注入攻击,您无法对用户数据输入进行任何验证。

答案 2 :(得分:0)

你必须注意你的编码风格

POST方法$ _POST ['data']

您必须更改以下代码:

$sql = "UPDATE nifty SET date = $_POST['date'], bs = $_POST['bs'], entrypoint = $_POST['entrypoint'], exitpoint = $_POST['exitpoint'], pl = $_POST['pl'] WHERE id = $getid ";

实施例: 更新查询是这样的:

UPDATE Customers SET ContactName='Alfred Schmidt', City='Hamburg' WHERE CustomerName='Alfreds Futterkiste';

更多了解here

相关问题
最新问题