我正在尝试将数据编辑到数据库中我不知道为什么我不能这样做。我到现在为止尝试了一些东西。也许有人可以看看。我正在尝试构建一个更新,我可以更改名称,姓blah等等等等,但是我甚至不能仅为一个名字配置..
主页文件 管理系统
<body>
<h1>TU Chemnitz Student managament system</h1>
<br>
<a href="insert_form.html" class="myButton">ADD Person</a>
<a href="insert_form.html" class="myButton">Edit Person</a>
<a href="insert_form.html" class="myButton">Manage Boards</a>
<a href="insert_form.html" class="myButton">Manage Departments</a>
<a href="search_personel.html" class="myButton">Search N&S</a>
<a href="three_search.html" class="myButton">Triple Search</a>
<a href="mtable.php" class="myButton">Membership</a>
<br>
<br>
<?php
include_once('coneksioni.php');
// create query
$querys = "SELECT * FROM tblperson";
// execute query
$result = mysql_query($querys) or die ("Error in query: $query. ".mysql_error());
$res = mysql_query("SELECT * FROM tblperson");
echo "<table border=1 align=center>
<tr>
<th>Personal ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Deparment</th>
<th>Board</th>
<th>Marticulation Number</th>
<th>Reg Date</th>
<th>Action</th>
</tr>";
while($row = mysql_fetch_array($res)) {
?>
<tr>
<td><?=$row['personid']?></td>
<td><?=$row['personname']?></td>
<td><?=$row['personsurname']?></td>
<td><?=$row['persondepartment']?></td>
<td><?=$row['personboard']?></td>
<td><?=$row['martinumber']?></td>
<td><?=$row['personregdate']?></td>
<td>
<a href="edit20.php?edit<?=$row['personid']?>">edit</a> |
<a href="edit.php?id=$row[id]">del</a>
</td>
</tr>
<?php
}
?>
</body>
</html>
和edit20.php
<?php
include_once('coneksioni.php');
if( isset($_GET['edit']) )
{
$personid = $_GET['edit'];
$res= mysql_query("SELECT * FROM tblperson WHERE personid='$personid'");
$row= mysql_fetch_array($res);
}
if( isset($_POST['personname']) )
{
$personname = $_POST['personname'];
$personid = $_POST['personid'];
$sql = "UPDATE tblperson SET personname='$personname' WHERE personid='$personid'";
$res = mysql_query($sql)
or die("Could not update".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=home.php'>";
}
?>
<form action="edit20.php" method="POST">
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br />
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>">
<input type="submit" value=" Update "/>
</form>
并且在我的表中的数据库主键是 personid 名称字段 personname (不是主键)。
答案 0 :(得分:1)
请使用Prepared Statement来降低SQL注入的风险
检查coneksioni.php
$conn = new mysqli(HOST, USER, PASS, DBNAME);
edit.php
require_once ('coneksioni.php');
$edit_person = $conn->prepare("
UPDATE tblperson SET
personname = ? WHERE personid = ?
");
$edit_person->bind_param(
"si",
$personname, $personid
);
if(isset($_POST['personname']) && isset($_POST['personid']) ) {
$personname = $_POST['personname'];
$personid = $_POST['personid'];
if (!$edit_person->execute()) {
// action if failed
} else {
// action if success
}
$edit_person->close();
}
form.html
<form action="edit.php" method="POST">
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br />
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>">
<input type="submit" value=" Update "/>
</form>
干杯