Javascript 执行消息框和查询,但更改不会反映在数据库中
每当我按下启用或禁用按钮时,都会生成Javascript 执行消息框和查询,但更改不会反映在数据库中,javascript,php,html,css,Javascript,Php,Html,Css,每当我按下启用或禁用按钮时,都会生成消息框,这意味着查询已执行,但更改不会反映在数据库中,并且在phpmyadmin中单独执行时,查询会将结果反映到数据库中。我甚至尝试了输出mysqli\u error()函数,但也没有返回任何错误 <!doctype html> <html> <?php include'abcadmin.css' ?> <body> <br> <br> <br
消息框
,这意味着查询已执行,但更改不会反映在数据库中,并且在phpmyadmin中单独执行时,查询会将结果反映到数据库中。我甚至尝试了输出mysqli\u error()
函数,但也没有返回任何错误
<!doctype html>
<html>
<?php include'abcadmin.css' ?>
<body>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<center><h1></h1></center>
<form action="" method="POST">
<center><h4><b>Student Edit & Account Management</b></h4></center> <br>
<center><h4>SAP ID: <input type="text" name="search"><br /></h4> </center>
<center><input type="submit" value="Search" name="submit" /> </center><br>
</form>
<br>
<?php
session_start();
global $a,$search,$b;
$con=mysqli_connect('localhost','root','') or die(mysql_error());
mysqli_select_db($con,'sophomore') or die("cannot select DB");
if(isset($_POST["submit"]))
{
$search=$_POST['search'];
$query=mysqli_query($con,"SELECT * FROM student_registration WHERE sap_id='".$search."'");
$numrows=mysqli_num_rows($query);
if($numrows>0)
{
if(!empty($_POST['search']))
{
if($numrows!=0)
while($row=mysqli_fetch_assoc($query))
{
{
$stuname=$row['fname'];
$stusurname=$row['lname'];
$stusapid=$row['sap_id'];
$studob=$row['dob'];
$stuage=$row['age'];
$stucourse=$row['course'];
$stusemester=$row['semester'];
$stustatus=$row['status'];
$_SESSION['adminstusapid']=$stusapid;
}
}
}
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "Name: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stuname;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "Surname: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stusurname;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "SAP ID: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stusapid;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "DOB: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $studob;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "Age: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stuage;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "Course: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stucourse;
echo '</td>';
echo '</tr>';
echo '<h4><table align="center" width="">';
echo '<tr>';
echo '<td>';
echo "Semester: ";
echo ' ';
echo '</td>';
echo '<td>';
echo $stusemester;
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</h4>';
echo '<br>';
echo '<form method="post">';
echo '<center>';
echo '<input type="submit" value="Enable" name="enabled">';
echo ' ';
echo ' ';
echo '<input type="submit" value="Disable" name="disabled">';
echo '</center>';
echo '</form>';
}
else
{
echo "<script type='text/javascript'>alert('No results found!!')</script>";
}
}
$a=0;
$b=1;
if(isset($_POST["enabled"])){
$sqla="UPDATE student_registration SET status='$stucourse' WHERE sap_id='".$search."'";
if(mysqli_query($con, $sqla)){
echo "<script type='text/javascript'>alert('The account has been enabled!!')</script>";
}
else
{
}
}
else
{
}
if(isset($_POST["disabled"])){
$sqlb="UPDATE student_registration SET status='$b' WHERE sap_id='".$search."'";
if(mysqli_query($con, $sqlb)){
echo "<script type='text/javascript'>alert('The account has been disabled!!')</script>";
}
else
{
}
}
else
{
}
学生编辑和帐户管理
SAP ID:
仅仅因为执行了查询并不意味着where匹配了任何内容。因此没有任何更新。因此,请确保$search
是您所认为的,而且它充满了SQLInjection漏洞。我已经重复了search的值,并且它正在重复正确的值@artisticfenix