我正在尝试构建一个SELECT查询,该查询允许我使用返回结果的表单来处理对所选行的UPDATE。我收到的警告显示在我的代码的第36行。我以为我正确设置了代码来构建表,然后填充它,但我无法找到我的错误。我看到了这个问题的几个版本,但我没有看到一个谈论给定对象。任何帮助都会被指定。
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted>
</tr>";
while($record = mysql_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST[update])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysql_query($UpdateQuery, $con);
};
?>
<?php
$connection->close();
?>
</body>
</html>
编辑代码
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";
while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action='mynewform'.php method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . " </td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . " </td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . " </td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
};
?>
<?php
$conn->close();
?>
</body>
</html>
第二次编辑
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";
while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action='mynewform.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . "'/></td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . "' /></td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . "' /></td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . "' /></td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . "' /></td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . "' /></td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . "' /></td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . "' /></td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
};
?>
<?php
$conn->close();
?>
</body>
</html>
答案 0 :(得分:0)
将mysql_fetch_array($result)更改为$result->fetch_array()
if ($result->num_rows > 0){
while($record = $result->fetch_array())
{
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
}
你不能merrage mysql和mysqli
答案 1 :(得分:0)
使用mysqli_ 连接MYSQL,当你想获得结果时,仍然需要mysqli _ 。
这是来自官方的样本:
`$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if ($mysqli->connect_errno){
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
$sql = "SELECT a.uid, a.role AS roleid, b.role,FROM tbl_usr a INNER JOIN tbl_memrole b ON a.role = b.id ";
if ($result = $mysqli->query($sql)) {
while($obj = $result->fetch_object()){
$line.=$obj->uid;
$line.=$obj->role;
$line.=$obj->roleid;
}
}
$result->close();
unset($obj);
unset($sql);
unset($query);`
答案 2 :(得分:0)
除了评论中的先前注释。我还没有看到您的HTML元素的任何其他答案/评论,所以我将添加答案。
使用此PHP生成的HTML将无效。需要引用属性并且需要关闭输入元素。
例如,您当前的代码
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
会输出:
<form action=mynewform.php method=post>
<tr>
<td><input type=text name=project value=what ever projects value is</td>
这个名为element的{{1}}无效,此处永不关闭且其值仅为project。 (或在某些浏览器中;因为标记是无效的,应该预期意外的结果)
你的PHP应该是:
what应该给你
echo "<form action='mynewform.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /> </td>";
请注意第二个示例与第一个示例中的语法突出显示有何不同。
此外,请查看http://php.net/manual/en/mysqli.quickstart.prepared-statements.php或更安全的方法,但要比现有方法http://php.net/manual/en/mysqli.real-escape-string.php更好。
如需更长时间阅读整个主题,请参阅:a)How can I prevent SQL injection in PHP?
b)http://php.net/manual/en/security.database.sql-injection.php
c)https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
更新
这是我采取的结构(除了SQL注入漏洞):
<form action='mynewform.php' method='post'>
<tr>
<td><input type='text' name='project' value='what ever projects value is' /></td>