按名称更新用户输入

时间:2015-04-05 20:09:39

标签: php sql

我试图从用户输入行(2个不同的行)创建一个更新行的脚本。

让我们说,这张桌子有' timeleft'和'用户'。用户将输入'用户'和时间,因此' timeleft'得到更新。

我已经尝试过这样做,但我不能像我刚刚学习PHP那样一周了。 

$db = mysql_connect(dbhost, dbuser,dbpass);
if($db){
    mysql_select_db(dbname);

    print('
        <form action="" method="POST">
                <div class="InputLine"><span class="CTBanForm">Nombre: </span><input type="text" name="IntroducedName" placeholder="Nombre..."></div>
                <div class="InputLine"><span class="CTBanForm">Tiempo: </span><input type="text" name="IntroducedTime" placeholder="Tiempo en numeros..."></div>
                <input type="submit" value="Borrar" name="PerformDelete">
        </form>
        ');
    if(empty($_POST['IntroducedName'])){
        echo '<div id="IDEmpty">Introduzca un nombre porfavor...</div>';
    }else if(empty($_POST['IntroducedTime'])){
        echo '<div id="IDEmpty">Introduzca un numero porfavor...</div>';
    }else{

        /* SQL STATEMENTS! */
        $IntroducedNameSQLSelect = 'SELECT '.$_POST['IntroducedName'].'" FROM CTBan_Log';

        $IntroducedTimeSQLUpdate = 'UPDATE '.$_POST['IntroducedTime'].'" FROM CTBan_Log WHERE timeleft=?';
        /* END SQL STATEMENTS! */
        if(!empty($_POST['IntroducedName'])){

            mysql_query($IntroducedNameSQLSelect);
            if(mysql_query($delete)){
                echo '<div id="Hecho"> Hecho. </div>';
            }
            else{
                echo '<div id="NoHecho"> Error, no se pudo realizar. </div>';
            }
        }
        else if(!empty($_POST['IntroducedTime'])){

            mysql_query($IntroducedTimeSQLUpdate);
            if(mysql_query($delete)){
                echo '<div id="Hecho"> Hecho. </div>';
            }
            else{
                echo '<div id="NoHecho"> Error, no se pudo realizar. </div>';
            }
        }
    }
    mysql_close($db);
}

2 个答案:

答案 0 :(得分:1)

我找到了解决方案:

我修复了SQL语句,感谢hr.anvari。我用过这个:

'UPDATE CTBan_Log SET timeleft="'.$time.'" WHERE perp_name="'.$_POST['IntroducedName'].'"'

$time = mysql_real_escape_string($_POST['IntroducedTime']); // Had to use this to get numbers passed to Mysql.

而不是这个(wth:P):

    /* SQL STATEMENTS! */
    $IntroducedNameSQLSelect = 'SELECT '.$_POST['IntroducedName'].'" FROM CTBan_Log';

    $IntroducedTimeSQLUpdate = 'UPDATE '.$_POST['IntroducedTime'].'" FROM CTBan_Log WHERE timeleft=?';
    /* END SQL STATEMENTS! */

多数民众赞成。我需要使用mysqli tho。感谢Fredy和hr.anvari(SQL)。

答案 1 :(得分:0)

首先,您应该停止使用mysql扩展,因为它已被弃用。有关详细信息,请访问:Why shouldn't I use mysql_* functions in PHP?

第二,你的问题的答案:

displayform.html:

<form action="processform.php" method="POST">
  <div class="InputLine">
    <span class="CTBanForm">Nombre: </span>
    <input type="text" name="IntroducedName" placeholder="Nombre...">
  </div>
  <div class="InputLine">
    <span class="CTBanForm">Tiempo: </span>
    <input type="text" name="IntroducedTime" placeholder="Tiempo en numeros...">
  </div>
  <input type="submit" value="Borrar" name="PerformDelete">
</form>

processform.php:

<?php

if (isset($_POST['IntroducedName']) && isset($_POST['IntroducedTime'])) {

    $mysqli = new mysqli('localhost', 'user', 'password', 'mysampledb');

    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    $stmt = $mysqli->prepare("UPDATE CTBan_Log SET timeleft=? WHERE user=?");
    // assuming user is [s]tring and timeleft is [i]nteger
    $stmt->bind_param('is', $timeleft, $user);   

    $user = $_POST['IntroducedName'];
    $timeleft = $_POST['IntroducedTime'];

    /* execute prepared statement */
    $stmt->execute();

    printf("%d Row(s) updated.\n", $stmt->affected_rows);

    /* close statement and connection */
    $stmt->close();

    /* close connection */
    $mysqli->close();
}
else{
    echo "Please go back and complete all form fields!"
}

?>
相关问题
最新问题