PHP UPDATE有ID匹配的数据

时间:2017-06-08 16:18:34

标签: php mysql

我从上一页的URL传递了一个id,然后尝试更新该id行中的数据库值。我觉得我很亲密。当我在更新查询中添加特定的ID号时,我能够更新值id = '$id',但是当我尝试通过代码传递该值时,它不能被提取,因为它不会更新当我使用<?php $id = $_GET['id']; echo $id; ?> <?php // This function will run within each post array including multi-dimensional arrays function ExtendedAddslash(&$params) { foreach ($params as &$var) { // check if $var is an array. If yes, it will start another ExtendedAddslash() function to loop to each key inside. is_array($var) ? ExtendedAddslash($var) : $var=addslashes($var); unset($var); } } // Initialize ExtendedAddslash() function for every $_POST variable ExtendedAddslash($_POST); $librarian_fname = $_POST['librarian_fname']; $id = $_POST['id']; ?> <?php if(isset($_POST['add'])) { $dbhost = 'localhost'; $dbuser = ''; $dbpass = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = "UPDATE table SET librarian_fname = '$librarian_fname' WHERE id = '$id'"; mysql_select_db('Events'); $result = mysql_query( $sql, $conn ); if(! $result ) { die('Could not enter data: ' . mysql_error()); } mysql_close($conn); header("Location: search.php"); } else { ?> <?php // define variables and set to empty values $librarian_fname = $id = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $librarian_fname = test_input($_POST["librarian_fname"]); $id = test_input($_POST["id"]); } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> <form method="post" action="<?php echo htmlspecialchars($_SERVER[" PHP_SELF "]);?>"> <legend><b>Appointment Topic</b></legend> <input type="hidden" name="id" value="<? echo $id; ?>"> <label for="librarian_fname">First Name <em>*</em></label> <input type="text" name="librarian_fname" size="50" required="no" validateat="onsubmit" message="Please enter your first name."> input name = "add" type = "submit" id = "add" value = "Submit"> </form> <?php } ?> 时。不知道我做错了什么。如果这不完美的话,我仍在学习,请原谅我。

{{1}}

2 个答案:

答案 0 :(得分:0)

试试这个

<form method="post" action="<?php echo htmlspecialchars($_SERVER[" PHP_SELF "]);?>">
                        <legend><b>Appointment Topic</b></legend>
                        <input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
                        <label for="librarian_fname">First Name <em>*</em></label>
                        <input type="text" name="librarian_fname" size="50" required="no" validateat="onsubmit" message="Please enter your first name."> <input name = "add" type = "submit" id = "add" value = "Submit">
                        <input type="reset" name="resetButton" id="resetButton" vvalue="Reset Form" style="margin-right: 20px;" />
     </form>

答案 1 :(得分:0)

我认为其中一个问题可能是TABLE是一个MySQL保留字。

https://dev.mysql.com/doc/refman/5.5/en/keywords.html

如果我们想使用保留字作为标识符(例如表名),则必须对其进行转义。 MySQL中用于转义标识符的规范模式是将它们包含在单个反引号字符中,例如

 UPDATE `table` SET

无论标识符是否为保留字,这都有效。最好是为表格使用不同的名称。

请注意,代码似乎容易受到SQL注入攻击。必须正确转义包含在SQL语句文本中的潜在不安全值(例如,使用mysqli_real_escape_string)

https://xkcd.com/327/

首选模式是将值合并到SQL文本中,而是使用带有绑定占位符的预处理语句

相关问题
最新问题