Question

嗨我在php中的begginer我创建记录列表之后，如果用户想要更新记录比我重定向用户在另一个页面更新表单是这样的，当我重定向在这个表单上我得到id但是当我我提交此表单我没有进入我的更新查询表单逻辑中的错误

<?php include 'header.php'; ?>
<?php 
include 'sidebar.php';  

$settings_id = isset($_REQUEST['settings_id']) ? $_REQUEST['settings_id'] : 0;

$selectdata = "SELECT * FROM settings 
                 WHERE settings_id = ".$_REQUEST['settings_id'];
$res = mysql_query($selectdata);
if($row = mysql_fetch_array($res))
{
 $settings_id = $row['settings_id'];
 $value       = $row['settings_value'];
}

if(isset($_REQUEST['submit']))
{
  $ph          = isset($_REQUEST['phone_no']) ? $_REQUEST['phone_no'] : '';
  $settings_id = isset($_REQUEST['settings_id']) ? $_REQUEST['settings_id'] : '';

  echo $update = "UPDATE settings
               SET settings_value = '".$ph."'
            WHERE settings_id = ".$_REQUEST['settings_id'];

  $updateRes = mysql_query($update);
  if(!$updateRes)
  {
    echo "Update Fail";
  }
  else
  {
    header("Location:settingsedit.php?settings_id=".$_REQUEST['settings_id']);
  }
} 

?>

<head>
  <script src="dist/js/sweetalert.min.js"></script>
  <link rel="stylesheet" type="text/css" href="dist/css/sweetalert.css">
</head>
<!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
  <!-- Content Header (Page header) -->
  <section class="content-header">
    <h1>
      Settings
      <small>Settings</small>
    </h1>
    <ol class="breadcrumb">
      <li><a href="#"><i class="fa fa-dashboard"></i> Home</a></li>
      <li class="active">Change Password</li>
    </ol>
  </section>
  <!-- Main content -->
  <section class="content">
    <!-- Default box -->
    <div class="box">
        <div class="box box-primary">
          <!-- form start -->
          <form role="form" action="settingsedit.php" method="POST">
            <div class="box-body">
              <div class="form-group">
                <label for="exampleInputEmail1">Phone Number</label>
                <input type="text" class="form-control" id="exampleInputEmail1" name="phone_no" value="<?php echo $value; ?>">
              </div>
                <div class="box-footer">
                <button type="submit" name="submit" class="btn btn-primary">Update</button>
            </div>
          </form>
    </div><!-- /.box-body -->
  </section><!-- /.content -->
</div><!-- /.content-wrapper -->

<?php include 'footer.php';

Answer 1

请在此表单的输入隐藏字段中设置您的ID并获取ID表单请求像是

<input type="hidden" value="<? echo $id; ?>" name="settings_id"/>

Answer 2

您的表单如何？您应该使用prepared statements来阻止SQL injection。

编辑

2 个答案: