我只想用PHP更新一个MySQL行

时间:2016-10-06 19:37:39

标签: php html mysql sql forms

我正在开发一个页面,我需要能够使用PHP更新MySQL数据库中的单个记录。有人可以帮帮我吗?当我尝试更新一条记录时,我的所有其他记录都会更新。

    <form action="" method="post">
    <input type="hidden" name="id" value="<?php echo $id; ?>"/>
    <div>
    <p><strong>ID:</strong> <?php echo $id; ?></p>
    <strong>Name: *</strong> <input class="form-control" type="text" name="name" value="<?php echo $name; ?>" /><br/>
    <strong>Month: *</strong> <input class="form-control" type="text" name="month" value="<?php echo $month; ?>" /><br/>
    <strong>event1: *</strong> <input class="form-control" type="text" name="event1" value="<?php echo $event1; ?>" /><br/>
    <strong>event2: </strong> <input class="form-control" type="text" name="event2" value="<?php echo $event2; ?>" /><br/>
    <strong>event3: </strong> <input class="form-control" type="text" name="event3" value="<?php echo $event3; ?>" /><br/>
    <strong>event4: </strong> <input class="form-control" type="text" name="event4" value="<?php echo $event4; ?>" /><br/>
    <strong>timesub: </strong> <input class="form-control" type="text" name="timesub" value="<?php echo $timesub; ?>" readonly /><br/>
    <p>* Required</p>
    <input type="submit" name="submit" value="Submit" class="btn btn-info">
    <input type=reset name="reset" value="Reset" class="btn btn-danger">
    </div>
    </form>

这是我的表单,然后我用这段代码跟着它:

    <?php
    }
    include('db_connect.php');

    if (isset($_POST['submit'])) {

    // confirm that the 'id' value is a valid integer before getting the form data
    if (is_numeric($_POST['id'])) {

    $id = $_POST['id'];
    $name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
    $month = mysql_real_escape_string(htmlspecialchars($_POST['month']));
    $event1 = mysql_real_escape_string(htmlspecialchars($_POST['event1']));
    $event2 = mysql_real_escape_string(htmlspecialchars($_POST['event2']));
    $event3 = mysql_real_escape_string(htmlspecialchars($_POST['event3']));
    $event4 = mysql_real_escape_string(htmlspecialchars($_POST['event4']));
    $timesub = mysql_real_escape_string(htmlspecialchars($_POST['timesub']));

    // check thatfields are filled in
    if ($name == '' || $month == '' || $event1 == '' || $timesub == ''){

    // generate error message
    $error = 'ERROR: Please fill in all required fields!';

    //error, display form
    renderForm($id, $name, $month, $event1, $event2, $event3, $event4, $timesub, $error);
    } else {
    // save the data to the database
    mysql_query("UPDATE announcement SET name='$name', month='$month', event1='$event1', event2='$event2', event3='$event3', event4='$event4', timesub='$timesub'")
    or die(mysql_error());

    // once saved, redirect back to the view page
    header("Location: view.php");
    }
    } else {
    // if the 'id' isn't valid, display an error
    echo 'Error!';
    }
    } else
    // if the form hasn't been submitted, get the data from the db and display the form
    {// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)

    if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
    // query db
    $id = $_GET['id'];
    $result = mysql_query("SELECT * FROM announcement WHERE id=$id")
    or die(mysql_error());

    $row = mysql_fetch_array($result);

    // check that the 'id' matches up with a row in the databse
    if($row) {

    // get data from db
    $name = $row['name'];
    $month = $row['month'];
    $event1 = $row['event1'];
    $event2 = $row['event2'];
    $event3 = $row['event3'];
    $event4 = $row['event4'];
    $timesub = $row['timesub'];

    // show form
    renderForm($id, $name, $month, $event1, $event2, $event3, $event4, $timesub, '');

    } else {// if no match, display result

    echo "No results!";
    }
    } else {// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error

    echo 'Error!';

    }
    }
    ?>

我从以下代码获得了代码:http://www.killersites.com/community/index.php?/topic/1969-basic-php-system-vieweditdeleteadd-records/

好文章!

提前感谢您的帮助。

2 个答案:

答案 0 :(得分:3)

首先停止在PHP 7中使用mysql_*已弃用和已关闭。您可以使用mysqli_*PDO

您的查询错误:

这一点非常重要,如果您在WHERE CLAUSE中未使用UPDATE STATEMENT,则会更新所有行。

您最后需要在查询中添加WHERE CLAUSE,例如:

WHERE id = '$id'

还要注意,您的代码是为SQL INJECTION打开的,您必须要通过SQL INJECTION来防止,您可以了解准备好的语句。这篇文章将帮助您理解:How can I prevent SQL injection in PHP?

*如果您想了解mysqli_* 的工作原理,本文档将为您提供帮助:http://php.net/manual/en/book.mysqli.php

如果您想使用PDO,可以按照本手册进行操作:http://php.net/manual/en/book.pdo.php

答案 1 :(得分:0)

仔细查看您的查询:

mysql_query("UPDATE announcement SET name='$name', month='$month', event1='$event1', event2='$event2', event3='$event3', event4='$event4', timesub='$timesub'")

您的查询缺少WHERE子句。如果没有WHERE子句,您的查询将更新表announcement中的所有行。您需要添加以下内容:

WHERE id='$id'

这会将更新限制为只有您要更新的行。

相关问题
最新问题