我正在尝试创建一个用户可以编辑预先存在的帖子的功能。当用户进入edit.php时,会向他们显示一个表单,向他们显示与该帖子关联的现有数据。然后,他们可以对任何字段(描述,类别,添加其他图像等)进行更改,并且在点击提交按钮时,更新的信息将显示在帖子页面上。
我的问题实际上是让它更新信息。表单将显示预先存在的信息,我可以对任何字段进行更改。但是,当我按提交时,我被带到帖子列表,但我所做的更改尚未在SQL表中更新。
点击提交时没有任何错误。一切都在顺利进行,除了事实上数据库中没有实际更新的事实。
我一直在寻找几个不同的网站以获取有关此事的帮助,我已经尝试了我的public partial class Form2 : Form
{
BackgroundWorker bgWorker = new BackgroundWorker();
public Form2()
{
InitializeComponent();
bgWorker.DoWork += BgWorker_DoWork;
bgWorker.WorkerReportsProgress = true;
bgWorker.WorkerSupportsCancellation = true;
bgWorker.ProgressChanged += BgWorker_ProgressChanged;
bgWorker.RunWorkerCompleted += BgWorker_RunWorkerCompleted;
}
private void BgWorker_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e)
{
this.DialogResult = DialogResult.OK;
}
private void BgWorker_ProgressChanged(object sender, ProgressChangedEventArgs e)
{
if(progressBar1.Maximum >= e.ProgressPercentage)
{
progressBar1.Value = e.ProgressPercentage;
}
}
private void BgWorker_DoWork(object sender, DoWorkEventArgs e)
{
int i = 0;
while (i <= 100)
{
if (bgWorker.CancellationPending)
{
bgWorker.CancelAsync();
return;
}
i++;
System.Threading.Thread.Sleep(100);
bgWorker.ReportProgress(i);
}
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
bgWorker.RunWorkerAsync();
}
}
查询的几种变体,可能是我错误地调用了它。这是我在尝试我发现的其他几个例子后正在进行的迭代:
UPDATE我对PHP很新,所以我很可能会制作一些我没注意到的简单语法错误。或者它可能是我的代码的其他部分,我没有正确执行。如果有人能看看我的代码并帮助我指出正确的方向,我将非常感激。
另外,我想补充一点是,我知道我的代码很容易被注入。我现在唯一关心的是让这个功能起作用。在我开始工作之后,我会处理任何安全措施。
PHP
if($title && $price && $description && $category){
$editquery = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE post_id='$id'";
$edquery = $db->prepare($editquery);
$edquery->bind_result("ssss", $title, $price, $description, $category);
$edquery->execute();
if($edquery){
echo "Updated!";
}else{
echo "error";
}
}else{
echo "missing data";
}
HTML表单这是HTML中与此功能相关的唯一部分。
<?php
if(!isset($_GET['id'])){
header('Location: modify.php');
exit();
}else{
$id = $_GET['id'];
}
include('../includes/db_connect.php');
if(!is_numeric($id)){
header('Location: inventory.php');
}
if(isset($_POST['submit'])){
$title = $_POST['title'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$title = $db->real_escape_string($title);
$price = $db->real_escape_string($price);
$description = $db->real_escape_string($description);
if($title && $price && $description && $category){
$editquery = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE post_id='$id'";
$edquery = $db->prepare($editquery);
$edquery->bind_result("ssss", $title, $price, $description, $category);
$edquery->execute();
if($edquery){
echo "Updated!";
}else{
echo "error";
}
}else{
echo "missing data";
}
$postid = $db->insert_id;
for($i=0; $i<count($_FILES["images"]["name"]); $i++)
{
$filetmp = $_FILES["images"]["tmp_name"][$i];
$filename = $_FILES["images"]["name"][$i];
$filetype = $_FILES["images"]["type"][$i];
$filepath = "images/".$filename;
move_uploaded_file($filetmp, $filepath);
$sql = "INSERT INTO images (img_name, img_path, img_type, post_id) VALUES
('$filename', '$filepath', '$filetype', '$postid')";
$result = mysqli_query($db, $sql);
}
}
?>
修改
无论我的代码发生了什么,我按“提交”后都无法看到任何回显的语句:
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="POST" enctype="multipart/form-data">
<?php
$editsql = "SELECT * FROM post INNER JOIN categories ON categories.category_id=post.category_id WHERE post_id=' ".$id." '";
$editquery = $db->query($editsql);
if($editquery->num_rows !=1){
header('Location: inventory.php');
exit();
}
$editrow = $editquery->fetch_object();
echo "<div class='form-group'>";
echo "<label>Title*</label>";
echo "<input type='text' name='title' class='form-control' value='".$editrow->title."' required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Price*</label>";
echo "<input type='text' name='price' class='form-control' value='".$editrow->price."'required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Category</label>";
echo "<select name='category' class='form-control'>";
echo "<option value='".$editrow->category_id."'>".$editrow->category."</option>";
$catquery = $db->query("SELECT * FROM categories");
while($row = $catquery->fetch_object()){
echo "<option value='".$row->category_id."'>".$row->category."</option>";
}
echo "</select>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Description*</label>";
echo "<textarea type='textarea' name='description' class='form-control' required>".$editrow->description."</textarea>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Image(s)</label>";
echo "<input type='hidden' name='size' value='1000000'>";
echo "<input multiple='multiple' name='images[]' type='file'/>";
echo "</div>";
echo "<div class='required'>";
echo "* indicates a required field";
echo "</div>";
echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
?>
</form>
这是否可能导致问题?
if($query){
echo "product updated";
}else{
echo "error";
}
}else{
echo "missing data";
}
或者我需要使用隐藏的输入吗?
if(!isset($_GET['id'])){
header('Location: modify.php');
exit();
}else{
$id = $_GET['id'];
}
编辑2
我已将其分为两个文件(edit.php和submitedit.php),以使echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
和$_GET彼此分开。但是,我仍然遇到数据库无法更新的相同问题。
edit.php 我只展示了PHP和相关的HTML表单
$_POSTsubmitedit.php
<?php
session_start();
$msg = "";
if(!isset($_GET['id'])){
header('Location: delete.php');
exit();
}else{
$id = $_GET['id'];
}
include('../includes/db_connect.php');
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit();
}
if(!is_numeric($id)){
header('Location: inventory.php');
}
?>
<!-- WHERE THE HTML STARTS -->
<form action="submitedit.php" method="POST" enctype="multipart/form-data">
<?php
$editsql = "SELECT * FROM post INNER JOIN categories ON categories.category_id=post.category_id WHERE post_id='$id'";
$editquery = $db->query($editsql);
if($editquery->num_rows !=1){
header('Location: inventory.php');
exit();
}
$editrow = $editquery->fetch_object();
echo "<div class='form-group'>";
echo "<label>Title*</label>";
echo "<input type='text' name='title' class='form-control' value='".$editrow->title."' required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Price*</label>";
echo "<input type='text' name='price' class='form-control' value='".$editrow->price."'required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Category</label>";
echo "<select name='category' class='form-control'>";
echo "<option value='".$editrow->category_id."'>".$editrow->category."</option>";
$catquery = $db->query("SELECT * FROM categories");
while($row = $catquery->fetch_object()){
echo "<option value='".$row->category_id."'>".$row->category."</option>";
}
echo "</select>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Description*</label>";
echo "<textarea type='textarea' name='description' class='form-control' required>".$editrow->description."</textarea>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Image(s)</label>";
echo "<input type='hidden' name='size' value='1000000'>";
echo "<input multiple='multiple' name='images[]' type='file'/>";
echo "</div>";
echo "<div class='required'>";
echo "* indicates a required field";
echo "</div>";
echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
?>
</form>
答案 0 :(得分:1)
当您尝试从GET数组中读取id时,使用POST方法发送表单。将其更改为$_POST['id'],您已全部设置