从搜索结果更新用户的名字和姓氏数据库记录时出现问题。查询运行正常并更新数据库记录,但它会为错误的选定用户执行此操作。
search_user.php
<?php require_once("includes/db.php"); ?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"> </script>
<script type="text/javascript">
$(document).ready(function(){
$('.edit').on('click', function (e) {
var firstname = $('#firstname').val();
var lastname = $('#lastname').val();
var user_id = $('#user_id').val();
var dataString = 'firstname='+firstname + '&lastname='+lastname+ '&user_id='+user_id ;
if(firstname=='' || lastname=='')
{
alert("Please fill all fields");
}
else
{
$.ajax({
type: "POST",
url: "update_users.php",
data: dataString,
success: function(){
alert("User details have been updated.")
}
});
}
return false;
});
});
</script>
<?php
$output = "";
$query = "SELECT * FROM users";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result)> 0){
$output .= '<h4 align="center"> Search Result </h4>';
$output .= '
<table class="table table-bordered">
<thead>
<th>First Name </th>
<th>Last Name </th>
<th colspan="2">Options </th>
</thead>
';
while($row = mysqli_fetch_array($result)){
$_SESSION['user_id'] = $row['user_id'];
$output .= '
<tbody>
<tr>
<td><input type="text" id="firstname" name="firstname" value="'.$row["first_name"].'"></td>
<td> <input type="text" id="lastname" name="lastname" value="'.$row["last_name"].'"></td>
<td> <a href="search_user.php?edit='.$row["user_id"].'" class="edit">Edit </a> </td>
<td> <a href="search_user.php?delete='.$row["user_id"].'" class="delete_confirmation">Delete </a> </td>
</tr>
<input type="hidden" name="user_id" id="user_id" value="'.$row["user_id"].'">
</tbody>
';
}
echo $output;
} else {
echo "User not found!";
}
?>
update_user.php
<?php require_once("includes/db.php"); ?>
<?php
if (isset($_POST['firstname'], $_POST['lastname'], $_POST['user_id'])) {
$firstname = mysqli_real_escape_string($_POST['firstname']);
$lastname = mysqli_real_escape_string($_POST['lastname']);
$query = "UPDATE users
SET first_name ='" . $_POST['firstname'] . "',
last_name ='" . $_POST['lastname'] . "'
WHERE
user_id = '" . $_POST['user_id'] . "'";
$edit_user_query = mysqli_query($connection, $query);
}
else {
echo "invalid response";
}
?>
答案 0 :(得分:-1)
正如我在评论中提到的,你需要失去对会话的依赖。 而是在实际的编辑链接上放置一个id。见下面的修改代码:
<?php require_once("includes/db.php"); ?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"> </script>
<script type="text/javascript">
$(document).ready(function(){
$('.edit').on('click', function (e) {
var firstname = $('#firstname').val();
var lastname = $('#lastname').val();
var id=$(this).attr('id');
var dataString = 'firstname='+firstname + '&lastname='+lastname + '&userid='+id;
if(firstname=='' || lastname=='')
{
alert("Please fill all fields");
}
else
{
$.ajax({
type: "POST",
url: "update_users.php",
data: dataString,
success: function(){
alert("User details have been updated.")
}
});
}
return false;
});
});
<?php
$output = "";
$query = "SELECT * FROM users";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result)> 0){
$output .= '<h4 align="center"> Search Result </h4>';
$output .= '
<table class="table table-bordered">
<thead>
<th>First Name </th>
<th>Last Name </th>
<th colspan="2">Options </th>
</thead>
';
while($row = mysqli_fetch_array($result)){
$_SESSION['user_id'] = $row['user_id'];
$output .= '
<tbody>
<tr>
<td><input type="text" id="firstname" name="firstname" value="'.$row["first_name"].'"></td>
<td> <input type="text" id="lastname" name="lastname" value="'.$row["last_name"].'"></td>
<td> <a href="search_user.php?edit='.$row["user_id"].'" class="edit" id="'.$row["user_id"].'">Edit </a> </td>
<td> <a href="search_user.php?delete='.$row["user_id"].'" class="delete_confirmation">Delete </a> </td>
</tr>
</tbody>
';
}
echo $output;
} else {
echo "User not found!";
}
?>
您可以通过帖子访问ID:
$userid = mysqli_real_escape_string($_POST['userid']);