使用PHP和MYSQL更新表 法里斯网站
尝试将窗体更改为操作使用PHP和MYSQL更新表 法里斯网站 ,php,mysql,Php,Mysql,尝试将窗体更改为操作 <?php $connect = mysql_connect("localhost","root",""); $sel_database = mysql_select_db("test"); $name = mysql_real_escape_string( $_POST["name"] ); $id = (int) $_GET['id']; $query = "UPDATE test SET name='{$name}'"; if($run = mysql_q
<?php
$connect = mysql_connect("localhost","root","");
$sel_database = mysql_select_db("test");
$name = mysql_real_escape_string( $_POST["name"] );
$id = (int) $_GET['id'];
$query = "UPDATE test SET name='{$name}'";
if($run = mysql_query($query)){
header("location: index.php");
exit;
}else{mysql_error();}
?>
首先,请注意SQL注入-您的代码对它非常开放。看
PHP代码
当您要更新从下拉列表中选择的记录时。此外,您已将表单方法设置为POST。因此,您应该尝试以下操作:
<?php
require("inc_connect.php");
?>
<h1 align="center">Farris Website</h1>
<hr width="1000">
<p align="center">
<table align="center" width="1000" border="3" bordercolor="#0066FF" >
<tr>
<td><form name="update" method="post" action="ex_update.php?id=<?php echo urlencode($_GET['id']); ?>">
<p><strong>Enter Name:</strong>
<input type="text" name="name"><br />
<label for="select">ID:</label>
<select name="id" id="select">
<?php
$query = "SELECT * FROM test";
$run = mysql_query($query);
while( $r = mysql_fetch_array($run) ){
# I always use short, single character, variables when in loops.
# Saves alot of characters and potential confusion.
echo " <option value='{$r['id']}'>{$r['id']}</option>\n";
}
?>
</select>
</p>
<p>
<input type="submit" name="submit" value="Update!">
</p>
</form></td>
<td><?php include("inc_output.php"); ?></td>
</tr>
</table>
</p>
这不是您问题的答案,但您应该继续阅读,特别是如果您打算以root用户身份连接到MySQL(不要这样做)。我刚刚检查了一下,当我在没有WHERE id={$id}的情况下更新时,查询没有问题。但是我想根据id来更新它,好吧,三件事。1) 你能在这里分享完整的SQL语句吗?2) 表中是否存在id
字段?3) mysql\u error()
显示了什么?实际上,表单中已经有了对“id”的引用,所以将表单操作更新为“ex\u update.php”。然后将php代码更改为$id=(int)$\u POST['id'];
<form name="update" method="post" action="ex_update.php?id=<?php echo urlencode($_GET['id']); ?>">
<?php
$connect = mysql_connect("localhost","root","");
$sel_database = mysql_select_db("test");
$name = mysql_real_escape_string( $_POST["name"] );
$id = (int) $_GET['id'];
$query = "UPDATE test SET name='{$name}' WHERE id = {$id}";
if($run = mysql_query($query)){
header("location: index.php");
exit;
}else{
# In production, don't show raw errors to users - log them to a file and
# present the user with a generic "There was a problem with the database"
# error. Or people can start sniffing for vulnerabilities in your site.
echo mysql_error();
}
?>
<?php
require("inc_connect.php");
?>
<h1 align="center">Farris Website</h1>
<hr width="1000">
<p align="center">
<table align="center" width="1000" border="3" bordercolor="#0066FF" >
<tr>
<td><form name="update" method="post" action="ex_update.php?id=<?php echo urlencode($_GET['id']); ?>">
<p><strong>Enter Name:</strong>
<input type="text" name="name"><br />
<label for="select">ID:</label>
<select name="id" id="select">
<?php
$query = "SELECT * FROM test";
$run = mysql_query($query);
while( $r = mysql_fetch_array($run) ){
# I always use short, single character, variables when in loops.
# Saves alot of characters and potential confusion.
echo " <option value='{$r['id']}'>{$r['id']}</option>\n";
}
?>
</select>
</p>
<p>
<input type="submit" name="submit" value="Update!">
</p>
</form></td>
<td><?php include("inc_output.php"); ?></td>
</tr>
</table>
</p>
<form name="update" method="post" action="ex_update.php?id=<?php echo urlencode($_POST['id']); ?>">