你能帮我找一下这段代码的错误吗? 它说成功但在sql中没有改变。 这有点不对劲 $ est = intval($ _ GET [' est']); Plz帮助。
?php
session_start();
require_once("lib/connection.php");
if (!isset($_SESSION['username'])) {
header('Location: login.php');
}else {
$ten = $_SESSION['username'];
$sql = "select * from users where username = '$ten' ";
$query = mysqli_query($conn,$sql);
$data = mysqli_fetch_array($query);
}
$est = intval($_GET['est']);
$query2 = "SELECT * FROM customerinfo where estimate_number = '$est'";
$result = mysqli_query($conn,$query2);
$row = mysqli_fetch_array($result);
if (isset($_POST["xacnhan"])) {
if (isset($_POST["estc"])){
$estc = $_POST["estc"];
$sql = "UPDATE customerinfo SET estimate_number = '$estc' WHERE estimate_number = '$est'";
mysqli_query($conn,$sql);
echo "ban da doi thanh cong Name: $estc";
}
if(isset($_POST["namec"])){
$namec = $_POST["namec"];
$sql = "UPDATE customerinfo SET name = '$namec' WHERE estimate_number = '$est'";
mysqli_query($conn, $sql);
echo "ban da doi thanh cong Name: $namec";
}
}
>
答案 0 :(得分:0)
$est = intval($_GET['est']);
您使用$_GET['est']而不检查此值是否存在。试试这个:
if (!isset($_GET['est'])) {
// error
} else {
$est = intval($_GET['est']);
}
PS:你绝对应该保护你的代码免受SQL注入。它是最着名和最容易利用PHP的安全问题。我可以在几秒钟内只使用浏览器进行SQL注入。