编辑表单创建新数据而不是php

时间:2018-03-01 10:32:53

标签: php mysql

我是php新手,尝试过谷歌'这个问题并没有给我什么。我有index.php,它有一种创建新数据的形式,并显示来自sql的表数据和edit.php上的链接来编辑数据。在edit.php中我只有表单。 所以问题是edit.php在数据库中创建新数据而不是改变我通过id得到的数据。试图直接在phpmyadmin中提出请求,一切正常。

edit.php 

include '../connect.php';
include '../errors.php';
include 'view_edit.php';

var_dump($id = $_GET['edit']);

if (isset($_POST['submit'])){
  if (empty($_POST['username'])){
    $errors = "Впишите ваше имя";
  }elseif (empty($_POST['email'])){
    $errors = "Впишите ваш email";
  }elseif (empty($_POST['task'])){
    $errors = "Впишите задание";
  }elseif (empty($_FILES['image']['name'])){
    $errors = "Вставьте картинку";
  }else{
    $id = $_GET['edit'];
    $username = $_POST['username'];
    $email = $_POST['email'];
    $task = $_POST['task'];
    $image = $_FILES['image']['name'];
    $target = "../uploads/".basename($_FILES['image']['name']);

    $sql = "UPDATE `tasks` SET `username`='$username', `email`='$email',
        `task`='$task', `image`='$image' WHERE `id`='$id'";
    mysql_query($db. $sql);
    move_uploaded_file($_FILES['image']['tmp_name'], $target);
    header('location: index.php');
  }
}

var_dump($id = $_GET['edit']);中我获得了正确的数据ID。

来自view_edit.php的表单

  <form method="post" action="index.php" class="input_form" enctype="multipart/form-
  data">
  <input type="text" name="username" placeholder="Введите Имя" 
  class="username_input">
  <input type="email" name="email" placeholder="Введите email" 
   class="email_input">
    <br>
    <br>
  <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
  <input type="text" name="task" placeholder="Введите задание" 
  class="task_input">
  <p>Сменить изображение</p>
  <input type="file" name="image" multiple accept="image/png, image/jpeg, 
  image/gif">
    <br>
  <button type="submit" name="submit" id="add_btn">Изменить 
  запись</button>
  </form>

index.php中的表

while ($row = mysqli_fetch_assoc($tasks)) { ?>
  <tr>
  <td class="username"> <?php echo $row['username']; ?> </td>
  <td class="email"> <?php echo $row['email']; ?> </td>
  <td class="task"> <?php echo $row['task']; ?> </td>
  <td> <?php echo "<img src='../uploads/".$row['image']."'>"; ?> </td>
    <td>
  <a class="delete" href="index.php?del_task=<?php echo $row['id'] ?>">x</a>
    <br><br>
  <a class="edit" href="edit.php?edit=<?php echo $row['id']; ?
     >">Редактировать</a>
    </td>
  </tr>
 <?php  } ?>

从view_index.php

形成 
<form method="post" action="index.php" class="input_form" 
 enctype="multipart/form-data">
<input type="text" name="username" placeholder="Введите ваше имя" 
 class="username_input" id="username">
<input type="email" name="email" placeholder="Введите ваш email" 
  class="email_input" id="email">
  <br><br>
<input type="text" name="task" placeholder="Введите задание" 
 class="task_input"  id="task">
<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
 <p>Добавить изображение</p>
<input type="file" name="image" multiple accept="image/png, image/jpeg, 
  image/gif">
 <br>
<button type="submit" name="submit" id="add_btn">Добавить задачу</button>
<button type="submit" name="preview" id="preview">Предварительный 
 просмотр</button>
</form>

2 个答案:

答案 0 :(得分:0)

尝试在action中的view_edit.php格式中添加一些代码,并始终使用格式为

的输入提交按钮 
<form method="post" action="edit.php?edit=<?php echo $id; ?>" class="input_form" enctype="multipart/form-
      data">
        <input type="text" name="username" placeholder="Введите Имя"
               class="username_input">
        <input type="email" name="email" placeholder="Введите email"
               class="email_input">
        <br>
        <br>
        <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
        <input type="text" name="task" placeholder="Введите задание"
               class="task_input">
        <p>Сменить изображение</p>
        <input type="file" name="image" multiple accept="image/png, image/jpeg, 
      image/gif">
        <br>
        <input type="submit" name="edit_task" id="add_btn"
value="Изменить запись"/>

edit.php 中删除include 'view_edit.php';并使用此代码告诉我会发生什么

答案 1 :(得分:0)

view_edit.php表单的action-attribute设置为index.php,因此除非edit.php包含在index.php中,否则提交的表单不会被edit.php处理,而是通过索引处理.PHP。

无论如何,MySQL中的UPDATE查询无法创建新记录,因此插入必须发生在某些未在此处发布的代码中的其他位置。

旁注:你的代码非常不安全。谷歌SQL注入。人们可以使用该表单来删除数据库或造成其他类型的伤害。

相关问题
最新问题