我试图一次更新多个条目,但我无法调用id,更新工作正常。错误显示:注意:未定义的索引:第24行的C:\ xampp \ htdocs \ poshproject \ multiedit.php中的id
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
if (isset($_POST['submit'])) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?> <form action="handlemultiedit.php" method="post">
<input type="hidden" name="crew_id" value="<?php echo $_GET['id']; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
这是句柄页面
<?php
print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];
$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
$start_hour2 = $_POST["start_hour2"];
$end_hour2 = $_POST["end_hour2"];
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = " . $crew_id . "";
mysqli_query($con, $sqlQueryStr);
}
//header('Location: crewlisting.php');
mysqli_close($con);
?>
答案 0 :(得分:0)
第一:你正在为MySQL注入攻击做好准备! 您是在MySQL查询中直接使用用户POST的数据,而不检查它是否包含恶意代码!
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
打开错误消息:multiedit.php的第24行:
<input type="hidden" name="crew_id" value="<?php echo $_GET['id']; ?>" />
错误告诉您未设置GET的参数“id”。 确保它在URL中设置,因为这是GET从以下位置检索数据的地方:
multiedit.php?id=123456
或
header("Location: crewlisting.php?id=$crew_id");
如果有意的话,从句柄页面。
但是,您的代码中似乎存在一些漏洞并且无法按预期运行。你能澄清它应该做什么吗?
我猜是
if (isset($_POST['submit'])) {
应将移至处理页面以检查是否实际提交了任何内容,并
foreach ($checkbox2 as $crewname) {
实际上应该循环来自MySQL查询的$ result。