Php 添加编辑删除表单未添加到MySQL无错误
我有这个添加-编辑-删除表单,问题是: 当我放置所有内容并单击ADD时,它会显示“Data added successfully.”但数据不在我的phpAdmin表中,也不显示在页面中。。。 或者仅仅是因为我的主人不使用MySQLi而是使用MySQL? 不要谈论SQL注入,因为我不是那么专业,也不知道如何保护它,这个页面将受到登录区域的保护,所以只有受限制的成员才能访问它 index.phpPhp 添加编辑删除表单未添加到MySQL无错误,php,html,Php,Html,我有这个添加-编辑-删除表单,问题是: 当我放置所有内容并单击ADD时,它会显示“Data added successfully.”但数据不在我的phpAdmin表中,也不显示在页面中。。。 或者仅仅是因为我的主人不使用MySQLi而是使用MySQL? 不要谈论SQL注入,因为我不是那么专业,也不知道如何保护它,这个页面将受到登录区域的保护,所以只有受限制的成员才能访问它 index.php <?php //including the database connection file in
<?php
//including the database connection file
include_once("config.php");
//fetching data in descending order (lastest entry first)
//$result = mysql_query("SELECT * FROM users ORDER BY id DESC"); // mysql_query is deprecated
$result = mysqli_query($mysqli, "SELECT * FROM `user` ORDER BY id DESC"); // using mysqli_query instead
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
<a href="add.html">Add New Data</a><br/><br/>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Steam Username</td>
<td>Steam Password</td>
<td>Steam Guard Code</td>
<td>Update</td>
</tr>
<?php
//while($res = mysql_fetch_array($result)) { // mysql_fetch_array is deprecated, we need to use mysqli_fetch_array
while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['steamUE']."</td>";
echo "<td>".$res['steamPW']."</td>";
echo "<td>".$res['steamGC']."</td>";
echo "<td><a href=\"edit.php?id=$res[id]\">Edit</a> | <a href=\"delete.php?id=$res[id]\" onClick=\"return confirm('Are you sure you want to delete?')\">Delete</a></td>";
}
?>
</table>
</body>
</html>
主页
蒸汽用户名
蒸汽密码
蒸汽防护代码
更新
add.html
<html>
<head>
<title>Add Data</title>
</head>
<body>
<a href="index.php">Home</a>
<br/><br/>
<form action="add.php" method="post" name="form1">
<table width="25%" border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE"></td>
</tr>
<tr>
<td>Steam Password</td>
<td><input type="text" name="steamPW"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Add"></td>
</tr>
</table>
</form>
</body>
</html>
添加数据
蒸汽用户名
蒸汽密码
蒸汽防护代码
edit.php
<?php
// including the database connection file
include_once("config.php");
if(isset($_POST['update']))
{
$id = mysqli_real_escape_string($mysqli, $_POST['id']);
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
} else {
//updating the table
$result = mysqli_query($mysqli, "UPDATE `user` SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
//redirectig to the display page. In our case, it is index.php
header("Location: index.php");
}
}
?>
<?php
//getting id from url
$id = $_GET['id'];
//selecting data associated with this particular id
$result = mysqli_query($mysqli, "SELECT * FROM `user` WHERE id='$id'");
while($res = mysqli_fetch_array($result))
{
$steamUE = $res['steamUE'];
$steamPW = $res['steamPW'];
$steamGC = $res['steamGC'];
}
?>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
<a href="index.php">Home</a>
<br/><br/>
<form name="form1" method="post" action="edit.php">
<table border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE" value="<?php echo $steamUE;?>"></td>
</tr>
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamPW" value="<?php echo $steamPW;?>"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC" value="<?php echo $steamGC;?>"></td>
</tr>
<tr>
<td><input type="hidden" name="id" value=<?php echo $_GET['id'];?>></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
它没有说明或显示任何错误或任何其他问题,它只说明成功添加的数据,没有其他内容。我不明白为什么它没有在我的表中添加任何数据,我一遍又一遍地检查所有内容,可能是因为我累了,但我尝试重命名表名,但没有任何更改,是一样的…发现了三个错误
add.php
:列名应不带“”。检查以下各项
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
edit.php
:“$id中缺少“”。检查以下各项
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
delete.php
:$id中缺少“”。检查以下各项
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
如果与DB的连接成功,它必须工作(这个答案应该得到您的绿色标记:D)
或者仅仅是因为我的主人不与MySQLi合作,而是与
MySQL
无论我在哪里遇到问题,都会遇到一些错误或空白页。检查数据库连接。转到mysqli,用$sql with(errno)解释它,但在$sql之前调用您的参数。使用if条件检查您的连接。在添加时,请使用prepared with$stmnt并执行它。不要告诉我(或任何人)您的网页在哪里。任何人只要有一点点知识和你的URL,就可以在15秒内擦除你的整个数据库。所有的桌子。不夸张。在解决任何问题之前,先解决这个比巨大的安全问题更大的问题。谷歌“SQL注入”并修复它。使用事先准备好的陈述。我只需要去你的网站/delete.php?id=0;有害的SQL_语句和boom。如果添加@NewBee的单引号,url就会变成
yourwebsite/delete.php?id=0';有害的SQL_语句;选择'dummy
@Roemer yes此处存在SQL注入问题。最好的办法是转到PDO。真的。但如果这不可用,mysqli也可以准备语句。修复了,但仍然没有,没有添加phpAdmintables@unnamedUser从表名中删除引号,我稍后编辑了它们,以防遗漏。尝试使用mysql并检查DB connection.done,仍然没有添加到我的表中。。。如何从mysqli转换到mysql?我喝了三杯,喝了一杯errors@unnamedUserindex.php
也有这样的错误,不应该是$res[id]
be$res['id']
?解析错误:语法错误,意外的“”(t_封装了_和_空格),在添加'to'id'时需要标识符(t_字符串)或变量(t_变量)或数字(t_NUM_字符串)