PHP表单无法更新

时间:2017-06-05 09:07:47

标签: php mysql

我目前正在建立一个客户端数据库管理系统。 mySQL中有四个用于此系统的表,它们是;管理员,员工,客户和项目。项目表有一个来自客户端表的外键,即clientid。

现在,我为所有这些表创建了表单,以便用户可以将数据输入到表中。奇怪的是,唯一可以成功更新的形式是员工一。客户端和项目表单都无法更新。它返回成功,但数据不会更改。

以下是员工更新代码。

    <?php 
    include 'database.php';

    $staffid = $_GET['staffid'];
    $sql = "SELECT * FROM staff WHERE staffid='$staffid'";
    $result = mysqli_query($conn,$sql);

    while ($row=mysqli_fetch_array($result)){
      $staffname = $row['staffname'];
      $staffemail = $row['staffemail'];
      $staffphone = $row['staffphone'];
    }

   if(isset($_POST['submit'])){
     $staffname = $_POST['staffname'];
     $staffemail = $_POST['staffemail'];
     $staffphone = $_POST['staffphone'];

   $sql = "UPDATE staff SET   

    staffname='$staffname',staffemail='$staffemail',staffphone='$staffphone'  WHERE staffid='$staffid'";

    $result = mysqli_query($conn,$sql);

    if($result){
        echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
    }
    else {
        echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
    }
}
?>


<form action="" method="post">
<table class ="table1">
<tr>
<td>Staff Name:</td> <td><input type="text" name="staffname" size="50" value="<?php echo $staffname;?>"></td>
</tr>

<tr>
<td>Staff Email:</td> <td><input type="text" name="staffemail" size="50" value="<?php echo $staffemail;?>"></td>
</tr>

<tr>
<td>Staff Phone No:</td> <td><input type="text" name="staffphone" size="50" value="<?php echo $staffphone;?>"></td>
</tr>

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewstaff.php"'></td>
</table>
</form>

现在好了是客户端表的更新代码。

<?php 
include 'database.php';

$clientid = $_GET['clientid'];
$sql = "SELECT * FROM client WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());

while ($row=mysqli_fetch_array($result)){
    $clientid = $row['clientid'];
    $clientname = $row['clientname'];
    $clientno = $row['clientno'];
    $clientemail = $row['clientemail'];
    $clientadd = $row['clientadd'];
}

if(isset($_POST['submit'])){
    $clientid = $row['clientid'];
    $clientname = $row['clientname'];
    $clientno = $row['clientno'];
    $clientemail = $row['clientemail'];
    $clientadd = $row['clientadd'];

    $sql = "UPDATE client SET clientid='$clientid',clientname='$clientname',clientno='$clientno',clientemail='$clientemail',clientadd='$clientadd' WHERE clientid='$clientid'";

    $result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());

    if($result){
        echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
    }
    else {
        echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
    }
}
?>


<form action="" method="post">
<table class ="table1">
<tr>
<td>Client ID:</td> <td><input type="text" name="clientid" size="50" value="<?php echo $clientid;?>"></td>
</tr>

<tr>
<td>Client Name:</td> <td><input type="text" name="clientname" size="50" value="<?php echo $clientname;?>"></td>
</tr>

<tr>
<td>Client Phone No.:</td> <td><input type="text" name="clientno" size="50" value="<?php echo $clientno;?>"></td>
</tr>

<tr>
<td>Client Email:</td> <td><input type="text" name="clientemail" size="50" value="<?php echo $clientemail;?>"></td>
</tr>

<tr>
<td>Client Address:</td> <td><input type="text" name="clientadd" size="50" value="<?php echo $clientadd;?>"></td>
</tr>

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewclient.php"'></td>
</table>
</form>

也许我是愚蠢的,但是我一直试图找出问题3小时,而我这个接近哭泣lol。正在阅读有关更新表格的所有主题,但仍然没有答案。希望这里的任何人都可以帮助我。谢谢。

1 个答案:

答案 0 :(得分:0)

用于客户端表更新的代码使用以下代码:

if(isset($_POST['submit'])){
    $clientid = $row['clientid'];       // $row should be $_POST
    $clientname = $row['clientname'];   // $row should be $_POST
    $clientno = $row['clientno'];       // $row should be $_POST
    $clientemail = $row['clientemail']; // $row should be $_POST
    $clientadd = $row['clientadd'];     // $row should be $_POST

但那些$row应为$_POST,否则更新的数据将与之前的数据相同(因为$row是查询SELECT * FROM client WHERE clientid='$clientid'的结果) 。您可以在人员表更新代码中正确执行此操作:

 if(isset($_POST['submit'])){
     $staffname = $_POST['staffname'];
     $staffemail = $_POST['staffemail'];
     $staffphone = $_POST['staffphone'];

请注意,您的脚本存在SQL Injection Attack的风险。看看Little Bobby Tables发生了什么。甚至是if you are escaping inputs, its not safe!。请改用prepared parameterized statements

相关问题
最新问题