这是最奇怪的事情,我认为解决方案应该是一个简单的Mysqli更新查询。我的代码如下:
$userID = $_GET['userID'];
$usqlUser = $db->query("UPDATE tblcareercoach SET fname= '". $UPfname ."', lname= '". $UPlname ."', regioncode= '". $UPregioncode ."', servicecenter= '". $UPservicecenter ."', email= '". $UPemail ."', username= '". $UPusername ."', permission= '". $UPperm ."' WHERE ID= '". $userID ."'");
上面的代码什么也没做。我打印了userID,它返回正确的id号,当我手动输入id号而不是使用userID变量时,它完美地工作。下面的工作正常,但我不能为每个使用该系统的用户手动输入用户ID。
$usqlUser = $db->query("UPDATE tblcareercoach SET fname= '". $UPfname ."', lname= '". $UPlname ."', regioncode= '". $UPregioncode ."', servicecenter= '". $UPservicecenter ."', email= '". $UPemail ."', username= '". $UPusername ."', permission= '". $UPperm ."' WHERE ID=34");
这是我的整个PHP代码:
<?php
$check = $_SERVER['DOCUMENT_ROOT'];
$check .= "/WMW/php/check.php";
include($check);
$reg = $_SERVER['DOCUMENT_ROOT'];
$reg .= "/WMW/php/NextRegCode.php";
include($reg);
$userID = $_GET['userID'];
echo $userID;
$sqlUpdate = "SELECT * FROM tblcareercoach WHERE ID='". $userID ."'";
$qryUpdate = $db->query($sqlUpdate);
while($row = $qryUpdate->fetch_assoc()) {
$regioncode = $row["regioncode"]; //done
$servicecenter = $row["servicecenter"]; //done
$lname = $row["lname"]; //done
$fname = $row["fname"]; //done
$username = $row["username"]; //done
$email = $row["email"]; //done
$permission = $row["permission"]; //done
}
if(isset($_POST['form_submit'])) {
$UPfname = mysqli_real_escape_string($db, $_POST['first-name']);
$UPlname = mysqli_real_escape_string($db, $_POST['last-name']);
$UPregioncode = mysqli_real_escape_string($db, $_POST['regioncode']);
$UPservicecenter = mysqli_real_escape_string($db, $_POST['servicecenter']);
$UPemail = mysqli_real_escape_string($db, $_POST['email']);
$UPusername = mysqli_real_escape_string($db, $_POST['username']);
$UPperm = $_POST['user-type'];
$usqlUser = $db->query("UPDATE tblcareercoach SET fname= '". $UPfname ."', lname= '". $UPlname ."', regioncode= '". $UPregioncode ."', servicecenter= '". $UPservicecenter ."', email= '". $UPemail ."', username= '". $UPusername ."', permission= '". $UPperm ."' WHERE ID='".$userID."'");
}
?>
我已将所有内容转换为准备好的语句,该语句未在语句本身中显示任何错误,但我能够找到显示的php错误
userID作为未定义的索引
对我来说很奇怪的是这是如何定义的,但我仍然可以在不同的SELECT语句中使用该变量。
$UPfname = mysqli_real_escape_string($db, $_POST['first-name']);
$UPlname = mysqli_real_escape_string($db, $_POST['last-name']);
$UPregioncode = mysqli_real_escape_string($db, $_POST['regioncode']);
$UPservicecenter = mysqli_real_escape_string($db, $_POST['servicecenter']);
$UPemail = mysqli_real_escape_string($db, $_POST['email']);
$UPusername = mysqli_real_escape_string($db, $_POST['username']);
$UPperm = mysqli_real_escape_string($db, $_POST['user-type']);
$statement = $db->prepare("UPDATE tblcareercoach SET fname=?, lname=?, regioncode=?, servicecenter=?, email=?, username=?, permission=? WHERE ID=?");
$statement->bind_param('ssssssii', $UPfname, $UPlname, $UPregioncode, $UPservicecenter, $UPemail, $UPusername, $UPperm, $userID);
$results = $statement->execute();
问题在于我的$ _GET变量。我不确定问题是什么,所以这里是所有的信息。用户看到包含用户行的表。单击一行后,他们可以选择删除或更新用户。如果选择更新,则会使用以下网址显示弹出窗口:
".../Wupdate_user.php?userID=34"
目前显示一个弹出窗口,其中的表单显示了使用此代码点击的所有用户信息:
$uID = $_GET['userID'];
$sqlUpdate = "SELECT * FROM tblcareercoach WHERE ID='". $uID ."'";
$qryUpdate = $db->query($sqlUpdate);
while($row = $qryUpdate->fetch_assoc()) {
$regioncode = $row["regioncode"]; //done
$servicecenter = $row["servicecenter"]; //done
$lname = $row["lname"]; //done
$fname = $row["fname"]; //done
$username = $row["username"]; //done
$email = $row["email"]; //done
$permission = $row["permission"]; //done
}
以上代码按预期显示所有信息。一旦我更改了表单上的某些信息并提交,就会执行以下代码:
if(isset($_POST['form_submit'])) {
$UPfname = mysqli_real_escape_string($db, $_POST['first-name']);
$UPlname = mysqli_real_escape_string($db, $_POST['last-name']);
$UPregioncode = mysqli_real_escape_string($db, $_POST['regioncode']);
$UPservicecenter = mysqli_real_escape_string($db, $_POST['servicecenter']);
$UPemail = mysqli_real_escape_string($db, $_POST['email']);
$UPusername = mysqli_real_escape_string($db, $_POST['username']);
$UPperm = mysqli_real_escape_string($db, $_POST['user-type']);
$statement = $db->prepare("UPDATE tblcareercoach SET fname=?, lname=?, regioncode=?, servicecenter=?, email=?, username=?, permission=? WHERE ID=?");
$statement->bind_param('ssssssii', $UPfname, $UPlname, $UPregioncode, $UPservicecenter, $UPemail, $UPusername, $UPperm, $uID);
$results = $statement->execute();
if($results){
print 'Success! record updated';
}else{
print 'Error : ('. $mysqli->errno .') '. $mysqli->error;
}
}
更新声明正在打印'成功!记录更新'但它实际上并没有更新mysql数据库中的记录。在检查检查后,我发现了一个php错误,显示以下内容:
注意:未定义的索引:userID in 第9行的... \ update_user.php
我对如何定义这个问题感到茫然,但我仍然可以在上面的SELECT语句中使用它。
答案 0 :(得分:0)
session_start();
$sID = isset($_SESSION['lastID']) ? $_SESSION['lastID'] : '';
$uID = isset($_GET['userID']) ? $_GET['userID'] : '';
if ($uID == '' && $sID != '') {$uID = $sID;}
以及else{ print 'Error : ('. $mysqli->errno .') '. $mysqli->error; }
放
$_SESSION['lastID'] = $uID;