PHP多种形式,第二种使用来自First的数据

时间:2018-03-07 05:28:33

标签: php html sql

我首先尝试获取一个ID来查询数据库并将结果打印在一个表中(这部分可行)。我想接受用户提供的id并使用它来使用PHP更新数据库中的信息。我想使用第二个窗体上的输入作为更新数据库的值。 要更改的表格为customers,其字段为 ID,NAME,ADDRESS。我不希望用户能够更改ID。

Form1中:

<form method="post" action="">
    <p style="margin-top: 70px;">Please type the ID of the person you wish to add to change their data</p>
    <p style="margin-bottom: 0px;">ID</p>
    <input style="color:black" type="text" name="id" placeholder="10001">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" value="Submit">
</form>

窗体2:

<form method="post" action="">
    <p>New Information for Customer with ID entered above</p>
    <input style='color:black;' type='text' name='newName' placeholder='Name Change'>
    <input style="color:black;" type="text" name="newAddress" placeholder="New Address">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" name="submitForm2" value="Submit">
</form>

这是我当前的php请求,但它不起作用,检查值是否设置的$ _POST返回false。

<?php 
            session_start();
            if (isset($_POST["id"])){
                $servername = 'localhost';
                $user = 'root';
                $pass = '';
                $db = 'the_sports_store';
                $conn = new mysqli($servername,$user, $pass, $db);

                // Check connection
                if ($conn->connect_error) {
                    echo '<script language="javascript">';
                    echo 'alert("DB Connection Failed:")';
                    echo '</script>';
                    die("" . $conn->connect_error);
                } 

                $sessionID = $_SESSION["ID"];
                $newName = $_SESSION["newName"];
                $newAddress = $_SESSION["newAddress"];
                var_dump($newName);

                $sql = "SELECT * FROM `customers` WHERE ID='$sessionID';";


                //display the current record, allow user input to alter it, then display new data
                if ($conn->query($sql) == TRUE) {
                    echo"<div class='col-10'>";
                    echo"<table>";
                    echo"<tr>
                            <td align='justify'><b>ID</b></td>
                            <td align='justify'><b>NAME</b></td>
                            <td align='justify'><b>ADDRESS</b></td>
                         </tr>";
                    $result = mysqli_query($conn, $sql);
                    $row = mysqli_fetch_assoc($result);
                    echo "<tr><td style='padding: 10px;'>{$row['ID']}</td><td>{$row['NAME']}</td><td>{$row['ADDRESS']}</td></tr>";
                    echo "</table>";
                    echo "</div>";





                    if(!empty($_POST["newName"]) && !empty($_POST["newAddress"])){
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                        $newName = $_POST["newName"];
                        $newAddress = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` 
                                        SET `NAME` = '$newName', `ADDRESS` = '$newAddress' 
                                        WHERE `ID` = '$sessionID';";

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }

                    }else if(!empty($_POST["newName"])){
                        $newName = $_POST["newName"];
                        $sqlChange = "UPDATE `customers` SET `NAME` = '$newName' WHERE `ID` =  '$sessionID'";
                        echo '<script language="javascript">';
                        echo 'alert(',$newName,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    }else if(!empty($_POST["newAddress"])){
                        $newName = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` SET `ADDRESS` = '$newAddress' WHERE `ID` =  '$sessionID'";

                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    } else{
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                    }
                }
                $conn->close();
            }

        ?>

1 个答案:

答案 0 :(得分:1)

您的问题是您的PHP代码只有在设置了id后才会执行。因此,当您发布第二个表单时,代码将永远不会执行。

如果(!empty($_POST["newName"]) && !empty($_POST["newAddress"]))以及所有其他地方/其他地方位于您的首页之外,请移动此。

此外,我觉得有义务告诉您SQL注入以及如何避免它:How can I prevent SQL injection in PHP?

相关问题
最新问题