我希望edit.php页面不会给我任何错误

时间:2017-07-18 04:25:19

标签: php mysqli

大家好我发现了一个很棒的CRUD文件,用于更新到带有php的sql数据库,每一件事情都很好但是非常讨厌的事情是index.php页面有一个链接到edit.php的按钮?post_id = so这是正确的,但我喜欢测试页面的任何方式,因为我知道会有一个无聊的不合逻辑的人会告诉他们自己如果我这样做会发生什么等等。所以我做的不是编辑。 php?post_id =和我的mysqli数据库中的帖子的id在url中我把它放在url中,就像edit.php一样,它说这个错误警告:mysqli_fetch_array()期望参数1是mysqli_result,boolean给出等等...在第43行所以基本上我只是想修复这个edit.php页面,当有人直接键入这个,我的意思是通过修复这个我希望没有错误显示当某些类型www.example.com/edit.php自www.example.com/edit.php?post_id=显示没有错误。

这就是我的意思

直观

Get started using Visual Studio for UWP games

image 1

和代码

<?php

include("/fake_path/instructions/php/session_and_connection.php");

if(isset($_POST['update']))
{   

$post_id = mysqli_real_escape_string($connect, $_POST['post_id']);

$user_id = $row['user_id'];
$topic_id = mysqli_real_escape_string($connect, $_POST['topic_id']);
$post_title = mysqli_real_escape_string($connect, $_POST['post_title']);
$post_content = mysqli_real_escape_string($connect, $_POST['post_content']);


// checking empty fields
if(empty($post_title) || empty($post_content)) {    

if(empty($post_title)) {
echo "<font color='red'>post_title field is empty.</font><br/>";
}

if(empty($post_content)) {
echo "<font color='red'>post_content field is empty.</font><br/>";
}

} else {    
//updating the table
$result = mysqli_query($connect, "UPDATE posts SET user_id='$user_id',topic_id='$topic_id',post_title='$post_title',post_content='$post_content' WHERE post_id=$post_id");

//redirectig to the display page. In our case, it is index.php
header("Location: index.php");
}
}
?>
<?php
//getting post_id from url
$post_id = $_GET['post_id'];

//selecting data associated with this particular post_id
$result = mysqli_query($connect, "SELECT * FROM posts WHERE post_id=$post_id");

while($res = mysqli_fetch_array($result))
{
$user_id = $res['user_id'];
$topic_id = $res['topic_id'];
$post_title = $res['post_title'];
$post_content = $res['post_content'];
}
?>
<html>
<head>  
<title>Edit Data</title>
</head>

<body>
<a href="index.php">Home</a>
<br/><br/>

<form name="form1" method="post" action="edit.php">
<table border="0">
<tr> 
<td>post_title</td>
<td><input type="text" name="post_title" value="<?php echo $post_title;?>"></td>
</tr>
<tr> 
<td>post_content</td>
<td><input type="text" name="post_content" value="<?php echo $post_content;?>"></td>
</tr>
<tr>
<td><input type="hidden" name="post_id" value=<?php echo $_GET['post_id'];?>></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>

2 个答案:

答案 0 :(得分:0)

如果您没有post_id,那么为什么不将db查询更新为: SELECT * FROM posts WHERE post_id=$post_idSELECT * FROM posts并删除第36和37行,即

//getting post_id from url
$post_id = $_GET['post_id'];

答案 1 :(得分:0)

第一名:在exit()功能

之后使用header() 
header("Location: index.php"); exit();

第二名:当get参数为空时,您不应该运行查询,因此请使用isset!empty(),如下所示。

if(!empty($_GET['post_id '])) {

    //getting post_id from url
    $post_id = $_GET['post_id'];

    .......

    </html>
}

3rd:在提交网址中再次设置get参数,这样如果任何字段为空,则表示它将回显该值,并再次使用$_GET['post_id']此ID从数据库中获取数据。< / p> 

<form name="form1" method="post" action="edit.php<?php if(isset($_GET['post_id'])){ echo '?post_id='.$_GET['post_id']; ?>">

第4名:尝试使用prepared statement or pdo来尝试sql注入

5th:单行记录集无需while循环。

相关问题
最新问题