我正在尝试更新包含文本的现有记录以及与该记录关联的图像名称。
但是,它不会更新记录。我查看了代码(它是从我发现的各种代码中拼凑而成的),现在我看不到树木了。
这是脚本:
$idVal_rsContent = "1";
if ( isset( $_GET[ 'idVal' ] ) ) {
$idVal_rsContent = $_GET[ 'idVal' ];
}
mysqli_select_db($Quakers, $database_Quakers);
$query_rsContent = sprintf( "SELECT * FROM tblPageContent WHERE pageContentID = %s", GetSQLValueString( $idVal_rsContent, "int" ) );
$rsContent = mysqli_query($Quakers, $query_rsContent) or die(mysqli_error($Quakers));
$row_rsContent = mysqli_fetch_assoc($rsContent);
$totalRows_rsContent = mysqli_num_rows($rsContent);
$editFormAction = $_SERVER['PHP_SELF'];
if(isset($_POST['updateForm']))
{
$pageContentID = $_POST['pageContentID'];
$pageTitle = $_POST['pageTitle'];
$pageContent = $_POST['pageContent'];
$pageImage = $_FILES['pageImage']['name'];
if(isset($_FILES['pageImage']['name'])) {
// Remove existing image in folder
// unlink ("../images".$_FILES['pageImage']['name']);
// Upload new image and update record
move_uploaded_file($_FILES[ "pageImage" ][ "tmp_name" ],"../images/".$_FILES[ "pageImage" ][ "name" ]);
$query_image = "UPDATE tblPageContent SET pageTitle='$pageTitle', pageContent='$pageContent', pageImage='$pageImage' WHERE pageContentID='$pageContentID'";
}
else
{
// Update record keeping existing image
$query_image = "UPDATE tblPageContent SET pageTitle='$pageTitle', pageContent='$pageContent' WHERE pageContentID='$pageContentID'";
}
// Redirect after update
if(mysqli_query($Quakers, $query_image))
{
header( 'Location: main-content-updated.php' ) ;
}
else
{
header( 'Location: no-content-updated.php' ) ;
}
}
这是HTML表单:
<form action="<?php echo $editFormAction; ?>" name="updateForm" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="pageTitle">Page Title</label>
<input type="text" class="form-control" id="pageTitle" name="pageTitle" value="<?php echo $row_rsContent['pageTitle']; ?>">
</div>
<?php if ( !empty ($row_rsContent['pageContent']) ) { ?>
<div class="form-group"><label for="pageContent">Page Content</label><textarea class="form-control" rows="5" id="pageContent" name="pageContent"><?php echo $row_rsContent['pageContent']; ?></textarea></div>
<?php } else { ?>
<div class="form-group"><label>Page Content</label><input type="text" class="form-control" id="pageContent" name="pageContent" placeholder="No content available. Page contains scripting or is hard-coded. Edit specific page to alter content." disabled></div>
<?php } ?>
<div class="form-group">
<label for="pageImage">Current Page Image</label>
<?php
$imgName = $row_rsContent['pageImage'];
list($width, $height) = getimagesize("../images/$imgName");
echo "<small>(width: " . $width . "px ";
echo "- height: " . $height. "px)</small>";
?>
<br>
<img src="../images/<?php echo $row_rsContent['pageImage'];?>" width="20%">
<br>
<label>Change Page Image</label><input type="file" id="pageImage" name="pageImage">
</div>
<input type="hidden" name="pageContentID" value="<?php echo $row_rsContent['pageContentID']; ?>" readonly>
<div class="line"> </div>
<div class="form-group" style="text-align: center">
<button class="btn btn-success btn-lg butt" type="submit" name="updateForm">Update The Page</button>
<button class="btn btn-danger btn-lg butt" type="reset">Cancel The Update</button>
</div>
</form>
哪里出了问题?
编辑
添加一些错误报告
后出现此错误抛出的错误是:致命错误:未捕获mysqli_sql_exception:您的SQL语法中有错误;检查与您的MySQL服务器版本相对应的手册,以获得正确的语法,使用靠近的,Rowntree和Fry以及银行Lloyds和Barclays(虽然这些业务位于C:\ Apache24 \ htdocs \ Quakers \ admin \ edit-的第1行main-content.php:71堆栈跟踪:#0 C:\ Apache24 \ htdocs \ Quakers \ admin \ edit-main-content.php(71):mysqli_query(Object(mysqli),'UPDATE tblPageC ...')#在第71行的C:\ Apache24 \ htdocs \ Quakers \ admin \ edit-main-content.php中抛出1 {main}
答案 0 :(得分:0)
不幸的是,参数化的查询直接在这个老头上进行,但经过大量的修补和谷歌搜索后,我发现了一些对我有用的东西。我不确定这是否会停止SQL注入(虽然我已经读过它)但代码是:
// Upload data to database and image to folder
if (isset($_POST['upload']))
{
// This is the directory where images will be saved
$target = "../images/";
$target = $target . basename($_FILES['pageImage']['name']);
// This gets all the other information from the form
$pageTitle = mysqli_real_escape_string($con, $_POST['pageTitle']);
$pageContent = mysqli_real_escape_string($con, $_POST['pageContent']);
$mainMenuID = mysqli_real_escape_string($con, $_POST['mainMenuID']);
$pageImage = basename($_FILES['pageImage']['name']);
// Writes the file to the server
if(move_uploaded_file($_FILES['pageImage']['tmp_name'], $target)) {
// Tells you if its all ok
echo "The file ". basename( $_FILES['pageImage']['name']). " has been uploaded, and your information has been added to the directory";
// Connects to your Database
mysqli_select_db($con, "mydbase") or die(mysql_error()) ;
// Writes the information to the database
mysqli_query($con, "INSERT INTO myTable (`pageTitle`, `pageContent`, `mainMenuID`, `pageImage`) VALUES ('$pageTitle', '$pageContent', '$mainMenuID', '$pageImage')") ;
} else {
// Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
}
,HTML表单是:
<form method="post" action="add-main-content.php" enctype="multipart/form-data">
<div class="form-group">
<label for="pageTitle">Page Title</label>
<input type="text" class="form-control" name="pageTitle">
</div>
<div class="form-group"><label for="pageContent">Page Content</label><textarea class="form-control" rows="5" name="pageContent"></textarea></div>
<div class="form-group">
<label for="pageImage">Page Image (<small>Recommend dimensions are: 1440px wide x 375px high</small>)</label>
<input type="file" name="pageImage">
</div>
<div class="form-group">
<label for="mainMenuID">Main Menu</label>
<select class="form-control" name="mainMenuID">
<option>Select Main Menu</option>
<?php do { ?>
<option value="<?php echo $row_myMenu['mainMenuID']; ?>"><?php echo $row_myMenu['mainMenuLabel']; ?></option>
<?php } while ($row_myMenu = mysqli_fetch_assoc($myMenu)); ?>
</select>
</div>
<br><div class="line"> </div>
<div class="form-group" style="text-align: center">
<button class="btn btn-success btn-lg butt" type="submit" name="upload">Add New Page</button>
<button class="btn btn-danger btn-lg butt" type="reset">Cancel The Addition</button>
</div>
</form>