嘿我正在尝试使用我拥有的表格更新表格:
<?php
include ('includes/header.php');
require ('../db_con.php');
// Check for a valid document ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_docs.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
exit();
}
$q = "SELECT * FROM cats WHERE cat_id = $id";
$r = mysqli_query($dbc, $q);
?>
<form method="post" action="actions/update_cat.php">
<input type="hidden" name="cat_id" value="<? echo $id ?>" />
<input type="text" name="cat_name" />
<br><br>
<input type="text" name="cat_color" />
<br><br>
<input type="text" name="cat_icon" />
<br><br>
<input type="submit" value="submit" />
</form>
当我将其提交到我的动作脚本时,我知道它会传递输入表单中的值,但这是我的动作脚本 - 在任何人指出它之前,还没有防止SQL注入的措施:
<?php
require ('../../db_con.php');
$cat_id = $_POST['cat_id'];
$cat_name = $_POST['cat_name'];
$cat_color = $_POST['cat_color'];
$cat_icon = $_POST['cat_icon'];
$q = "UPDATE cats SET cat_name='cat_name', cat_color='cat_color', cat_icon='cat_icon' WHERE cat_id='cat_id'";
if (mysqli_query($dbc, $q)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($dbc);
}
mysqli_close($dbc);
?>
所以它向我报告已成功更新,但它没有更新表格?
答案 0 :(得分:3)
您的查询在...中没有动态值
GetName