我有以下变量列表,我试图将这些变量传递给sql UPDATE语句。
但更新语句不起作用,我意识到sql语句没有检测到ID值。
我应该怎么做呢?
表格:
<table class="table table-striped table-bordered table-hover" id="dataTables-example" data-pagination="true">
<form name="form1" method="post" action="processUpdateAccount.php">
<thead>
<tr>
<th>Name</th>
<th>Account</th>
<th>Email Address</th>
<th>Contact</th>
<th>Country</th>
<th>Town</th>
<th>Address</th>
<th>Postal Code</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<tr class="gradeU">
<td>
<input name="userName" type="text" id="userName" value="<? echo $rowsUsers['name']; ?>" required>
</td>
<td>
<input name="userAccount" type="text" id="userAccount" value="<? echo $rowsUsers['account']; ?>" required>
</td>
<td>
<input name="userEmail" type="text" id="userEmail" value="<? echo $rowsUsers['email']; ?>" required>
</td>
<td>
<input name="userPhone" type="text" id="userPhone" value="<? echo $rowsUsers['phone']; ?>" required>
</td>
<td>
<input name="userCountry" type="text" id="userCountry" value="<? echo $rowsUsers['country']; ?>" required>
</td>
<td>
<input name="userTown" type="text" id="userTown" value="<? echo $rowsUsers['town']; ?>" required>
</td>
<td>
<input name="userAddress" type="text" id="userAddress" value="<? echo $rowsUsers['address']; ?>" required>
</td>
<td>
<input name="userPostalCode" type="text" id="userPostalCode" value="<? echo $rowsUsers['postalCode']; ?>" required>
</td>
<!-- link to updateAccount.php and send value of ID -->
<td>
<input type="submit" name="Submit" value="Update">
</td>
<input name="userId" type="hidden" id="userId" value="<? echo $rows['Id'];?>">
<input name="userPassword" type="hidden" id="userPassword" value="<? echo $rows['password'];?>">
</form>
</tr>
</tbody>
</table>
processUpdateAccount.php
if (isset($_POST['userId']) > 0)
{
// query db
$Id = $_POST['userId'];
$name = $_POST['userName'];
$account = $_POST['userAccount'];
$email = $_POST['userEmail'];
$phone = $_POST['userPhone'];
$country = $_POST['userCountry'];
$town = $_POST['userTown'];
$address = $_POST['userAddress'];
$postalCode = $_POST['userPostalCode'];
$password = $_POST['userPassword'];
$sql="UPDATE users SET email='$email', password='$password', account='$account', phone='$phone', country='$country', town='$town', address='$address', postalCode='$postalCode', name='$name' WHERE id='$Id'";
$result=mysql_query($sql);
$result = mysql_query("UPDATE users SET name='testing' WHERE Id='28'");
if($result)
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=manageAccounts.php?msg=1">';
}
else
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=updateAccount.php?Id=' . $Id .'&msg=2">';
}
}
答案 0 :(得分:2)
您正在从$rowsUsers获取其他所有内容,并从$rows获取ID,这样就可能是将您的ID设置为空的错字。
echo $rows['Id'];
最有可能是
echo $rowUsers['Id'];
答案 1 :(得分:0)
使用PDO - 它比您采取的方法更安全。 This page是一个很好的介绍。特别是关于准备陈述的部分。所以在你的情况下,在连接到数据库之后,你会有类似的东西:
$data = array('name'=>$name,'account'=>$account, [...] , 'id' => $id);
$sth = $db->("UPDATE users SET name = :name, account = :account WHERE id = :id");
$sth->execute($data);