UPDATE请求不起作用

时间:2015-09-20 20:17:07

标签: php mysql phpmyadmin sql-update

我已经编写了一个代码,用于更新/删除/添加记录到我的本地数据库。 “删除”和“添加”功能正常工作,但“更新”功能无效。

这是我的代码:

<?php

define('DB_NAME', 'dradel');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);

mysql_select_db(DB_NAME, $link);

if (isset($_POST['update'])) {
$UpdateRecord = "UPDATE doctors SET firstname='$_POST[name1]', secondname='$_POST[name2]',email=$_POST[email],mobile='$_POST[mobile]',city='$_POST[selection1]',area='$_POST[selection2]',password='$_POST[password]' WHERE ID='$_POST[hidden]'";
mysql_query($UpdateRecord,$link);
}

if (isset($_POST['delete'])) {
$DeleteRecord = "DELETE FROM doctors WHERE ID='$_POST[hidden]'";
mysql_query($DeleteRecord,$link);
}

if (isset($_POST['add'])) {
$AddRecord = "INSERT INTO doctors (firstname,secondname,email,mobile,city,area,password) VALUES ('$_POST[nname1]','$_POST[nname2]','$_POST[nemail]','$_POST[nmobile]','$_POST[nselection1]','$_POST[nselection2]','$_POST[npassword]')";
mysql_query($AddRecord,$link);
}

$sqlrecieve = "SELECT * FROM doctors";
$records = mysql_query($sqlrecieve);
mysql_close($link);
?>
<html>
<head>
    <title>Admin Editing</title>
    <link rel="stylesheet" href="displaytable.css">
</head>
<body>   
    <div>
        <h1 style="color: #000;">Admin Edit</h1>
    <p>this part is only a display for the admin , it can be customized to be editable or downloadable data</p>
    <table>
        <th>First Name</th>
        <th>Second Name</th>
        <th>Email Address</th>
        <th>Mobile</th>
        <th>City</th>
        <th>Area</th>
        <th>Password</th>
        <tr>
            <?php
            while ($data=  mysql_fetch_assoc($records)){
                echo "<form action=EditData.php method=post>";
                echo "<tr>";
                echo "<td>"."<input type=text name=name1 value=".$data['firstname']." </td>";
                echo "<td>"."<input type=text name=name2 value=".$data['secondname']." </td>";
                echo "<td>"."<input type=text name=email value=".$data['email']." </td>";
                echo "<td>"."<input type=text name=mobile value=".$data['mobile']." </td>";
                echo "<td>"."<input type=text name=selection1 value=".$data['city']." </td>";
                echo "<td>"."<input type=text name=selection2 value=".$data['area']." </td>";
                echo "<td>"."<input type=text name=password value=".$data['password']." </td>";
                echo "<td>"."<input type=submit name=update value=update"." <td>";
                echo "<td>"."<input type=submit name=delete value=delete"." <td>";
                echo "<td>"."<input type=hidden name=hidden value=".$data['ID']." </td>";
                echo "</tr>";
                echo "</form>";
            }//end while
            echo "<form action=EditData.php method=post>";
                echo "<tr>";
                echo "<td>"."<input type=text name=nname1></td>";
                echo "<td>"."<input type=text name=nname2></td>";
                echo "<td>"."<input type=text name=nemail></td>";
                echo "<td>"."<input type=text name=nmobile></td>";
                echo "<td>"."<input type=text name=nselection1></td>";
                echo "<td>"."<input type=text name=nselection2></td>";
                echo "<td>"."<input type=text name=npassword></td>";
                echo "<td>"."<input type=submit name=add value=add><td>";
                echo "</tr>";
                echo "</form>";
            ?>
        </tr>
    </table>
    </div>

</body>
</html>

以下是一个例子:

表格中的原始数据是:

islam azzam iazzam@gmail.com 100330033 Alex Alex efeeh3aleeh

当我在屏幕上打印UpdateRecord的值时,我得到:

UPDATE doctors SET firstname='islam', secondname='mohamed',email=iazzam@gmail.com,mobile='100330044',city='Alex',area='Alex',password='efeeh3aleeh' WHERE ID='3'

但是表格内的数据仍然相同(注意:我更改了移动数字和第二个名称)

1 个答案:

答案 0 :(得分:0)

您的代码容易出现SQL注入,您应该学习mysqli或PDO并停止使用已弃用的mysql函数。

暂时,假设您已获取正确的值:

改变这个:

$UpdateRecord = "UPDATE doctors SET firstname='$_POST[name1]', secondname='$_POST[name2]',email=$_POST[email],mobile='$_POST[mobile]',city='$_POST[selection1]',area='$_POST[selection2]',password='$_POST[password]' WHERE ID='$_POST[hidden]'";

对此:

$fname = $_POST['name1'];
$sname = $_POST['name2'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$city = $_POST['selection1'];
$area = $_POST['selection2'];
$pass = $_POST['password'];
$hidden = $_POST['hidden'];

$UpdateRecord = "UPDATE doctors SET firstname='$fname', secondname='$sname', email='$email', 
mobile='$mobile', city='$city', area='$area' AND password='$pass' WHERE ID ='$hidden'";
  

注意:不要忘记阅读SQL注入和mysqli / PDO。