更新查询无法正常工作

时间:2016-03-17 02:20:57

标签: php

你好我试图更新我的数据库,但似乎仍然有点新的PHP所以不知道我所做的查询是否正确...但我没有得到任何错误,我我认为我给出了正确的变量

<?php
          $username = "root";
          $password = null;
          $host = "localhost";
          $dbname = "newspaper_system";
          $conn = new mysqli($host,$username,$password ,$dbname);
        if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }
        mysqli_connect("localhost","root", $password  ) or die(mysqli_error($conn));
        mysqli_select_db($conn,"newspaper_system") or die(mysqli_error($conn));
    if(!$conn){
        die("cant connect db". mysql_error());
    }
    if(isset($_POST['update'])){

        $updatesql = "UPDATE newspaper_system SET Newspaper='$_POST[Newspaper]', Price='$_POST[Price]', Pricepersquare='$_POST[Pricepersquare]' WHERE News_ID='$_POST[hidden]'";
        $conn->query($updatesql);
        print '<script type="text/javascript">'; 
        print 'alert("UPDATE successful")';
        print '</script>';  
    }
    $result = mysqli_query($conn,"SELECT * FROM newspaper_library") or die(mysql_error($conn));
    echo "<center><table border=1>
    <tr>
    <td><label>News ID</td>
    <td><label>Newspaper</td>
    <td><label>Price</td>
    <td><label>Pricepersquare</td>

    </tr>";
    while($record= mysqli_fetch_array($result)){
        echo "<form action=Update.php method=post>";
        echo "<tr>";
        echo "<td> <label>". $record['News_ID'] . " </td>";
        echo "<td>". "<input type=text name=Newspaper  value =\"" . $record['Newspaper']. "\"> </td>";
            echo "<td>". "<input type=text name=Price value=\"" . $record['Price']. "\"> </td>";
        echo "<td>". "<input type=text name=Pricepersquare value=\"" . $record['Pricepersquare']. "\"> </td>";
        echo "<td>". "<input type=hidden name=hidden value=" . $record['News_ID']. " </td>";
        echo "<td>". "<input type=submit name=update value=update " . " </td>";
        echo "</tr>";
        echo "</form>";     


    }
    echo "</table>";

    $conn->

        close();    

        ?

    >

1 个答案:

答案 0 :(得分:0)

首先,您不能将mysql_*函数与mysqli_*函数混合使用:

if(!$conn){
    //should be 'die("cant connect db". mysqli_error($conn));'
   die("cant connect db". mysql_error());
}

这里也是:

// should be 'or die(mysqli_error($conn))'
$result = mysqli_query($conn,"SELECT * FROM newspaper_library") or die(mysql_error($conn));

其次,你的结束标签是错误的:

        ?

    >

应为?>

第三,您的UPDATE查询容易受到潜在的SQL注入(感谢@sean指出)

$updatesql = "UPDATE newspaper_system SET Newspaper='$_POST[Newspaper]', Price='$_POST[Price]', Pricepersquare='$_POST[Pricepersquare]' WHERE News_ID='$_POST[hidden]'";

这是首先将其分配给变量的更好方法:

$newspaper = $_POST['Newspaper'];
$price = $_POST['Price'];
$pricepersquare = $_POST['Pricepersquare'];
$news_id = $_POST['hidden'];

$updatesql = "UPDATE newspaper_system SET Newspaper='$newspaper', Price='$price', Pricepersquare='$pricepersquare' WHERE News_ID='$news_id'";

注意:

您正在从newspaper_library中选择:

SELECT * FROM newspaper_library

但更新newspaper_system

UPDATE newspaper_system

不确定是否有意。

相关问题
最新问题