更新记录php mysql时出错

时间:2015-04-17 18:15:29

标签: php mysql

  

未定义的索引:在第28行的C:\ xampp \ htdocs \ xampp \ Project中提交   更新记录时出错:您的SQL语法有错误;检查   手册,对应右边的MySQL服务器版本   要在

附近使用的语法
<form action="Customer.php" method="post">
    <div>
    <form>
        Phone No <input type="number"  placeholder="Search"  name="phoneno" />
        First Name <input type="text" name="FirstName" />
        Last Name<input type="text" name="LastName" />
        Address<input type="text" name="Address" />
        Customer ID<input type="number" name="CustomerID" />
        <input type="Submit"  name="Submit" value="Add_Customer"  style="font-size:20px" onClick="insert()">
        <input type="Submit"  name="Update" value="Update_Customer"  style="font-size:20px" onClick="update()"> 
     </form>    
     </div>

&#34; Customer.php&#34;

<?php

    $dbhost="127.0.0.1";
    $dbname="info";
    $dbuser="root";
    $dbpsd="";

    $link = mysqli_connect("$dbhost", "$dbuser", "$dbpsd", "$dbname");

    if($link === false){
        die("ERROR: Could not connect. " . mysqli_connect_error());
    }
    $phoneno = isset($_POST['phoneno']) ? $_POST['phoneno']:'';
    $FirstName = isset($_POST['FirstName']) ? $_POST['FirstName']:'';
    $LastName = isset($_POST['LastName']) ? $_POST['LastName']:'';
    $Address = isset($_POST['Address']) ? $_POST['Address']:'';
    $CustomerID = isset($_POST['CustomerID']) ? $_POST['CustomerID']:'';

    if($_POST['Submit'] == 'Add_Customer'){

         $sql = "INSERT INTO clientinfo(phoneno, FirstName, LastName,Address,CustomerID) values ('$phoneno', '$FirstName', '$LastName','$Address','$CustomerID')";
         echo "<span>Data Inserted successfully...!!</span>";

        if(mysqli_query($link, $sql)){
            echo "Records added successfully.";
        } else{
            echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
        }
    }


     if($_POST['Update'] == 'Update_Customer'){

        $sql="UPDATE clientinfo SET phoneno='$phoneno',FirstName='$FirstName',LastName='$LastName',Address='$Address',CustomerID='$CustomerID' WHERE phoneno='$phoneno' ";

        if (mysqli_query($link, $sql)) {
            echo "Record updated successfully";
        } else {
            echo "Error updating record: " . mysqli_error($link);
        }
    }    
    mysqli_close($link);
?>

1 个答案:

答案 0 :(得分:1)

使用预准备语句会更好,因此没有人可以在SQL中注入任何内容。所以出于安全考虑,你应该尝试这样的事情:

$sql="UPDATE clientinfo SET phoneno=?,FirstName=?,LastName=?,Address=?,CustomerID=? WHERE phoneno=?";

// execute UPDATE
if ($stmt = $mysqli->prepare($sql)) {
    $stmt->bind_param("s", $phoneno);
    $stmt->bind_param("s", $FirstName);
    $stmt->bind_param("s", $LastName);
    $stmt->bind_param("s", $Address);
    $stmt->bind_param("i", $CustomerID);
    $stmt->bind_param("s", $phoneno);

    /* execute query */
    $stmt->execute();

    /* close statement */
    $stmt->close();
}

这很可能也会解决您的问题,这可能很容易因为带有引号或其他奇怪字符的输入。

如果这不能解决您的问题,您应该发布表格结构,以查看您的查询不正确的原因。