Fatal编程技术网
  • php/
  • Php SQL更新代码不更改数据库数据

Php SQL更新代码不更改数据库数据

php html mysql

Php SQL更新代码不更改数据库数据,php,html,mysql,Php,Html,Mysql,我正试图通过表单更新我的数据库 部分代码正在工作,因为它从表中检索数据并将其显示在表单中,但sql更新代码没有在后端更改值 代码片段如下所示,如有任何帮助,将不胜感激: <html> <head> <body> <?php $con = mysql_connect("localhost","user","pass"); if(!$con){ die("Cannot Connect to database:" . mysql_error());

我正试图通过表单更新我的数据库

部分代码正在工作,因为它从表中检索数据并将其显示在表单中,但sql更新代码没有在后端更改值

代码片段如下所示,如有任何帮助,将不胜感激:

<html>
<head>
    <body>

<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$_POST[jobdescription]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);    
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=save.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['hidden'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>  
    </body>
    </head>
</html>
*

这是一个基本示例,通过简单的检查来防止sql注入。请注意,mysql函数已弃用。您可以使用mysqli函数

    <html>
    <head>
    <body>

    <?php
        $con = mysql_connect("localhost","user","pass");
        if(!$con){
            die("Cannot Connect to database:" . mysql_error());
        }
        mysql_select_db("intranet",$con);
        $sql = "SELECT * FROM progress_sheet";
        $myData = mysql_query($sql,$con);
        if(isset($_POST['update'])){

            //do basic checks to prevent sql injections
             $jobdescription = isset($_POST['jobdescription']) ? trim($_POST['jobdescription'] : '');
             $hidden = isset($_POST['hidden']) ? trim($_POST['hidden'] : '');

            $jobdescription = mysql_real_escape_string($jobdescription);
             $hidden = mysql_real_escape_string($hidden);



            if(empty($jobdescription) || empty($hidden)){

                //handle errors here
                //exit;
                //or do error logging $errors[] = "Your error message"
                //or redirect with header(...);
            }

            $UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$hidden'";
            mysql_query($UpdateQuery, $con);
        };
        echo "<table border=1>
        <tr>
        <th>Job Description</th>
        </tr>";
        while($record = mysql_fetch_array($myData)){
            echo "<form action=save.php method=post>";
            echo "<tr>";
            echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
            echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
            echo "<td>" . "<input type=submit name=update value=update" . " </td>";
            echo "</form>";
        }
        echo "</table>";
    ?>  
</body>
</head>
</html>
在.php文件的顶部,您应该启用错误报告,这将帮助您进行调试:

<?php
// Turn off error reporting
error_reporting(0);

// Report runtime errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);

// Report all errors
error_reporting(E_ALL);

// Same as error_reporting(E_ALL);
ini_set("error_reporting", E_ALL);

// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);
?>
在代码中发现多个错误

1缺少单引号和双引号

2表单已发布到另一个文件
save.php
(也缺少引号)
并停止使用
mysql\u*
函数,转到
mysqli\u*
函数,因为您正在使用的函数已被弃用。

尝试查看是否存在错误,同时检查后数据mysql\u查询($UpdateQuery,$con)或死亡(mysql\u error())请注意,由于sql注入,这可能会给您带来很大的麻烦…在尝试使用非设置参数更新之前,请检查是否设置了用于更新的POST请求。这也值得一提的是,mysql_*函数在添加或终止后会被弃用到mysqli_*@Sedz。它返回“Query was empty”您在$_POST[jobdescription]附近缺少引号是的,我不认为没有,编辑了它们并添加了变量存在的简单检查。 
<html>
<head>
    <body>

<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);

if(isset($_POST['update'])){
$jobdescription = $_POST['jobdescription'];  // See here
$id = $_POST['hidden'];                      // See here
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$id'";
mysql_query($UpdateQuery, $con);    
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='' method='post'>";  // See Here. The form is posted to another page
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>  
    </body>
    </head>
</html>

$UpdateQuery = 'UPDATE progress_sheet SET jobdescription="'.mysql_real_escape_string(isset($_POST['jobdescription']) ? $_POST['jobdescription'] : '').'" WHERE id='.(isset($_POST['hidden']) ? $_POST['hidden']*1 : 0);