以下 PHP脚本应更新 MySQL 数据库中的多行,但提交后,尺寸输入字段中的更新值为空。
第一次在表中所有值都正确显示,但在提交后,size字段为空,似乎没有传输值。
有没有人有任何想法?
<?php
$host="localhost"; // Host name
$username="dbu"; // Mysql username
$password="mypw"; // Mysql password
$db_name="mydb"; // Database name
$tbl_name="files"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
// Count table rows
$count=mysql_num_rows($result);
?>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="500" border="0" cellspacing="1" cellpadding="0" class="table">
<tr>
<td align="left"><strong>Id</strong></td>
<td align="left"><strong>Name</strong></td>
<td align="left"><strong>Size</strong></td>
<td align="left"><strong>Type</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center">
<?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?>
</td>
<td align="center">
<input name="name[]" type="text" id="name" value="<?php echo $rows['name']; ?>">
</td>
<td align="center">
<input name="size[]" type="text" id="size" value="<?php echo $rows['size']; ?>">
</td>
<td align="center">
<input name="type[]" type="text" id="type" value="<?php echo $rows['type']; ?>">
</td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
// Check if button name "Submit" is active, do this
//if($Submit){
if(isset($_POST['Submit'])){
for($i=0;$i<$count;$i++){
$sql1="UPDATE $tbl_name SET size='$size[$i]' WHERE id='$id[$i]'";
$result1=mysql_query($sql1);
}
}
if($result1){
header("location:index_table.php");
}
mysql_close();
?>
答案 0 :(得分:0)
同时提交ID。您可以隐藏它,因为前端用户不需要(通常)这样做。
<input name="id[]" type="hidden" id="name" value="<?php echo echo $rows['id']; ?>">
count()函数来确定提交的行数isset()之外,我更改了它并将其放入mysql_real_escape_string阻止某些SQL注入您的PHP代码:
if(isset($_POST['Submit'])){
$count = count($_POST["id"]);
for($i=0;$i<$count;$i++){
$size = mysql_real_escape_string($_POST["size"][$i]);
$id = mysql_real_escape_string($_POST["id"][$i]);
$sql1="UPDATE $tbl_name SET size='$size' WHERE id='$id'";
$result1=mysql_query($sql1);
} /* END OF FOR LOOP */
if($result1){
header("location:index_table.php");
}
mysql_close();
} /* END OF ISSET */
mysqli_* prepared statement instead已弃用的mysql_*来阻止SQL injection 答案 1 :(得分:0)
<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="500" border="0" cellspacing="1" cellpadding="0" class="table">
<tr>
<td align="left"><strong>Id</strong></td>
<td align="left"><strong>Name</strong></td>
<td align="left"><strong>Size</strong></td>
<td align="left"><strong>Type</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)) {
?>
<tr>
<td align="center">
<?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?>
<input name="id[]" type="hidden" id="name" value="<?php echo $rows['id']; ?>">
</td>
<td align="center">
<input name="name[]" type="text" id="name" value="<?php echo $rows['name']; ?>">
</td>
<td align="center">
<input name="size[]" type="text" id="size" value="<?php echo $rows['size']; ?>">
</td>
<td align="center">
<input name="type[]" type="text" id="type" value="<?php echo $rows['type']; ?>">
</td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
// Check if button name "Submit" is active, do this
//if($Submit){
if(isset($_POST['Submit'])){
for($i=0;$i<$count;$i++){
$sql1="UPDATE $tbl_name SET size='{$_POST['size'][$i]}' WHERE id='{$_POST['id'][$i]}'";
$result1 = mysql_query($sql1);
}
}
if(isset($result1)) {
header("location:index_table.php");
}
mysql_close();
?>