我正在开发一个用于学习目的的小型PHP项目。我想从MySQL数据库中检索已保存的数据,并让用户使用HTML表单进行编辑。我能够检索数据并在文本框中显示。问题是表单提交时数据没有更新。这是我到目前为止的代码。文件是为了自我更新。如果有人能告诉我哪里出错了,我将非常感激。谢谢。
<?php
include ("header.php");
include ("../db.php");
$catname = $_POST['catname'];
$catdisc = $_POST['catdisc'];
$id = $_GET['id'];
if (isset($id))
{
$query = "SELECT * FROM categories WHERE catid='$id'";
$result= mysql_query($query) or die ('Mysql Error');
}
while($row = mysql_fetch_array($result)){
$cname = $row['catname'];
$cdisc = $row['catdisc'];
}
$result= "UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid='$id'"
or die ('Error Updating');
?>
<h1>Edit Categories</h1>
<form method="post" action="edit_cat.php?id=<?php echo $id;?>">
Category Name: <input type="text" name="catname" value="<?php echo $cname;?>"><br/>
Category Discription: <TEXTAREA NAME="catdisc"ROWS="3" COLS="25"><?php echo $cdisc;?></TEXTAREA><br/><br/>
<input type="submit" value="Update Category"/>
</form>
<?php
include ("footer.php");
?>
答案 0 :(得分:1)
您没有执行UPDATE语句......:)
答案 1 :(得分:0)
您在字符串中定义SQL更新命令,但是,呃,您不将其提交到数据库。有一个
$ result = mysql_query($ query)或die('Mysql Error');
-like row missing。
请记住:(只是另一件事)代码是非常不安全的 - 就像它一样。
您必须检查用户POST输入数据,找到的是您的SQL语句。除非您这样做,否则在线人员可以拥有完全数据库用户特权的任意访问权限。谷歌:“SQL注入”。
罗布
PS呃花了5分钟......答案 2 :(得分:0)
对您的示例代码进行了一些更改,希望这有助于您
<?php
include ("header.php");
include ("../db.php");
//Getting Data
$id = (int)$_GET['id'];
if (isset($id)){
$query = "SELECT `categories`.`catid` AS catid,
`categories`.`catname` AS catname,
`categories`.`catdisc` AS catdesc
FROM categories
WHERE catid='".mysql_real_escape_string($id)."'
LIMIT 1";
$result= mysql_query($query) or die ('Mysql Error');
}
//Looping through the result, tho we know only 1 result will return
if(mysql_num_rows($result)>=1){
while($row = mysql_fetch_array($result)){
$cat['id'] = $row['catid'];
$cat['name'] = $row['catname'];
$cat['description'] = $row['catdesc'];
}
}else{
$notice = 'No results found matching id:'.htmlentities($id);
}
//Updating Content
//Checking if form has been submitted with some basic checks
if(
isset($_POST['catid']) && is_numeric($_POST['catid'])==TRUE
&& isset($_POST['catname']) && $_POST['catname']!=""
&& isset($_POST['catdesc']) && $_POST['catdesc']!=""){
$cat['id'] = (int)$_POST['catid'];
$cat['name'] = (string)$_POST['catname'];
$cat['description'] = (string)$_POST['catdesc'];
//Create the query
$query="UPDATE categories
SET catname='".mysql_real_escape_string($cat['name'])."', catdisc='".mysql_real_escape_string($cat['description'])."'
WHERE catid='".mysql_real_escape_string($cat['id'])."'";
//Execute the update
mysql_query($query) or die ('Error Updating');
}
?>
<h1>Edit Categories</h1>
<form method="post" action="">
<?php echo (isset($notice))?$notice:'';?>
<input type="hidden" name="catid" value="<?php echo htmlentities($id);?>">
Category Name: <input type="text" name="catname" value="<?php echo $cat['name'];?>"><br/>
Category Discription: <TEXTAREA NAME="catdisc" ROWS="3" COLS="25"><?php echo $cat['description'];?></TEXTAREA><br/><br/>
<input type="submit" value="Update Category"/>
</form>
编辑我忘了将ID添加到表单字段
答案 3 :(得分:0)
$result= mysql_query("UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid='$id'") or die ('Error Updating');