所以这是edit.php文档中的代码
<?php
session_start();
include_once("db.php");
if(!isset($_SESSION['id'])){
header("Location: login.php");
}
if(!isset($_SESSION['id'])){
header("Location: index.php");
return;
}
if(!isset($_GET['pid'])){
header("Location: index.php");
} else {
echo "This seems to work";
$pid = $_GET['pid'];
echo $pid;
}
if(isset($_POST['edit'])){
$title = strip_tags($_POST['title']);
$content = strip_tags($_POST['content']);
$title = mysqli_real_escape_string($db, $title);
$content = mysqli_real_escape_string($db, $content);
$sql = "UPDATE users SET title='$title', content='$content' WHERE id='$pid'";
if($title == "" || $content == ""){
echo "Please complete your post!";
return;
}
mysqli_query($db, $sql);
header("Location: index.php");
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Blog - Post</title>
</head>
<body>
<form action="edit.php" method="edit" enctype="mutlipart/form-data">
<input placeholder="Title" name="title" type="text" autofocus size="48"><br /><br />
<textarea placeholder="Content" name="content" rows="20" cols="50"></textarea><br />
<input name="edit" type="submit" value="Post">
</form>
</body>
</html>
这是db.php中的代码
<?php
$db = mysqli_connect("localhost", "user", "password", "dbname")
?>
我知道我对更新事情做了一些非常错误的事情,因为它不想更新。但我不知道如何解决它。请帮忙吗?
答案 0 :(得分:0)
method="post" //change to post. Default is get
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post" enctype="mutlipart/form-data">
我们使用<?php echo $_SERVER['PHP_SELF'] ?>,因为所有内容都发生在同一页面上。
使用准备好的陈述,
$sql = "UPDATE users SET title=?, content=? WHERE id=?";
$statement = $db->prepare($sql);
$statement->bind_param('ssi', $title, $content, $pid);
if($statement->execute()){
//all good
} else {
echo $db->error;
}
答案 1 :(得分:0)
像其他人一样说过使用PDO。
如果您想继续使用您已经拥有的代码。将表单标记更改为:
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="mutlipart/form-data">