Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/74.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php Can';不要编辑MySQL行_Php_Sql - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php Can';不要编辑MySQL行

Php Can';不要编辑MySQL行

php sql

Php Can';不要编辑MySQL行,php,sql,Php,Sql,大家好,所以我尝试允许用户在提交数据后编辑数据。我有一个设置了自动递增主键的staff表。正是我的这段代码给了我麻烦//从url获取id $StaffID=$_GET['StaffID']我一辈子都搞不清楚它到底出了什么问题,因为语法似乎是正确的。它告诉我,索引是未知的 <?php // including the database connection file include_once("connect.php"); if(isset($_POST['update'])) {

大家好,所以我尝试允许用户在提交数据后编辑数据。我有一个设置了自动递增主键的staff表。正是我的这段代码给了我麻烦
//从url获取id
$StaffID=$_GET['StaffID']我一辈子都搞不清楚它到底出了什么问题,因为语法似乎是正确的。它告诉我,索引是未知的


<?php
// including the database connection file
include_once("connect.php");

if(isset($_POST['update']))
{   
    $StaffID = $_POST['StaffID'];



    // checking empty fields
    if(empty($Name) || empty($Address) || empty($Telephone) || empty($BusinessID)) {           
        if(empty($Name)) {
            echo "<font color='red'>Name field is empty.</font><br/>";
        }

        if(empty($Address)) {
            echo "<font color='red'>Age field is empty.</font><br/>";
        }

        if(empty($Telephone)) {
            echo "<font color='red'>Email field is empty.</font><br/>";
        }  

        if(empty($BusinessID)){
            echo "<font color='red'>Email field is empty.</font><br>/";
        }
    } else {   
        //updating the table
        $result = mysqli_query($conn, "UPDATE staff SET Name='$Name',Address='$Address',Telephone='$Telephone', BusinessID='$BusinessID' WHERE StaffID = $StaffID");

        //redirectig to the display page. In our case, it is index.php
        header("Location: HomePHP.php");
    }
}
?>
<?php
//getting id from url
$StaffID = $_GET['StaffID'];      // <---- ERROR

//selecting data associated with this particular id
$result = mysqli_query($conn, "SELECT * FROM staff WHERE StaffID=$StaffID");

while($res = mysqli_fetch_array($result))
{


    $Name = $res['Name'];
    $Address = $res['Address'];
    $Telephone = $res['Telephone'];
    $BusinessID = $res['BusinessID'];
}
?>



您应该首先更改语法以防止SQL注入。我想你的问题到时候就会解决了


$stmt = $mysqli->prepare("UPDATE staff SET Name= ?, Address= ?, Telephone= ?, BusinessID= ? WHERE StaffID = ?");
$stmt->bind_param( "sssii", $Name, $Address, $Telephone, $BusinessID, $StaffID);   
$stmt->execute();



谢谢你的答复。在更新部分,我是否保留了“?”以及建议的代码位放在哪里?是的,如果保留了“?”,则“?”与下一行中的变量绑定。请用您的代码行“$result=mysqli_query($conn,“UPDATE staff…”来替换它。非常感谢您的帮助。我学到了很多。不幸的是,它仍然给了我一个未知的索引错误。//从url获取id$StaffID=$\u GET['StaffID'];您要调用的URL是什么?StaffID的语法是否等于URL中的参数?因此,当用户点击页面上的编辑按钮,进入允许输入新更改的新页面,然后update.php应该可以工作时,将调用my update.php。