未定义的索引:在第28行的C:\ xampp \ htdocs \ xampp \ Project中提交 更新记录时出错:您的SQL语法有错误;检查 手册,对应右边的MySQL服务器版本 要在
附近使用的语法
<form action="Customer.php" method="post">
<div>
<form>
Phone No <input type="number" placeholder="Search" name="phoneno" />
First Name <input type="text" name="FirstName" />
Last Name<input type="text" name="LastName" />
Address<input type="text" name="Address" />
Customer ID<input type="number" name="CustomerID" />
<input type="Submit" name="Submit" value="Add_Customer" style="font-size:20px" onClick="insert()">
<input type="Submit" name="Update" value="Update_Customer" style="font-size:20px" onClick="update()">
</form>
</div>
&#34; Customer.php&#34;
<?php
$dbhost="127.0.0.1";
$dbname="info";
$dbuser="root";
$dbpsd="";
$link = mysqli_connect("$dbhost", "$dbuser", "$dbpsd", "$dbname");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$phoneno = isset($_POST['phoneno']) ? $_POST['phoneno']:'';
$FirstName = isset($_POST['FirstName']) ? $_POST['FirstName']:'';
$LastName = isset($_POST['LastName']) ? $_POST['LastName']:'';
$Address = isset($_POST['Address']) ? $_POST['Address']:'';
$CustomerID = isset($_POST['CustomerID']) ? $_POST['CustomerID']:'';
if($_POST['Submit'] == 'Add_Customer'){
$sql = "INSERT INTO clientinfo(phoneno, FirstName, LastName,Address,CustomerID) values ('$phoneno', '$FirstName', '$LastName','$Address','$CustomerID')";
echo "<span>Data Inserted successfully...!!</span>";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
}
if($_POST['Update'] == 'Update_Customer'){
$sql="UPDATE clientinfo SET phoneno='$phoneno',FirstName='$FirstName',LastName='$LastName',Address='$Address',CustomerID='$CustomerID' WHERE phoneno='$phoneno' ";
if (mysqli_query($link, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($link);
}
}
mysqli_close($link);
?>
答案 0 :(得分:1)
使用预准备语句会更好,因此没有人可以在SQL中注入任何内容。所以出于安全考虑,你应该尝试这样的事情:
$sql="UPDATE clientinfo SET phoneno=?,FirstName=?,LastName=?,Address=?,CustomerID=? WHERE phoneno=?";
// execute UPDATE
if ($stmt = $mysqli->prepare($sql)) {
$stmt->bind_param("s", $phoneno);
$stmt->bind_param("s", $FirstName);
$stmt->bind_param("s", $LastName);
$stmt->bind_param("s", $Address);
$stmt->bind_param("i", $CustomerID);
$stmt->bind_param("s", $phoneno);
/* execute query */
$stmt->execute();
/* close statement */
$stmt->close();
}
这很可能也会解决您的问题,这可能很容易因为带有引号或其他奇怪字符的输入。
如果这不能解决您的问题,您应该发布表格结构,以查看您的查询不正确的原因。