我尝试这样做:
<?php
if(isset($_POST['update']) && isset($_GET['topic_id']))
{
$title=$_POST['title'];
$tag_h1=$_POST['tag_h1'];
$tag_h2=$_POST['tag_h2'];
$tag_metadata=$_POST['tag_metadata'];
$content=$_POST['content'];
$topic_id=$_GET['topic_id'];
mysql_query("
UPDATE topic
SET tag_h1=$tag_h1,tag_h2=$tag_h2,tag_metadata=$tag_metadata,content=$content,title=$title
WHERE topic_id=$topic_id
") or die(mysql_error);
echo "$title<br/>";
echo "$tag_h1<br/>";
echo "$tag_h2<br/>";
echo "$tag_metadata<br/>";
echo "$content<br/>";
}
?>
但我在chrome中得到错误100,而firefox中没有任何内容
答案 0 :(得分:4)
您的查询失败,因为没有任何输入值用引号括起来:
mysql_query("
UPDATE topic
/* Enclose all variables in single quotes (unless they are integer values) */
SET tag_h1='$tag_h1',tag_h2='$tag_h2',tag_metadata='$tag_metadata',content='$content',title='$title'
WHERE topic_id='$topic_id'
") or die(mysql_error());
//-------------------^^^^
// () needed here.
注1:mysql_error()是必须使用()调用的函数。这就是为什么你没有看到错误的原因。
注意2,此脚本对SQL注入攻击持开放态度。使用$_POST
mysql_real_escape_string()值
$title = mysql_real_escape_string($_POST['title']);
$tag_h1 = mysql_real_escape_string($_POST['tag_h1']);
$tag_h2 = mysql_real_escape_string($_POST['tag_h2']);
$tag_metadata = mysql_real_escape_string($_POST['tag_metadata']);
$content = mysql_real_escape_string($_POST['content']);
$topic_id = mysql_real_escape_string($_GET['topic_id']);