Php 通过从url获取id来更新记录
大家好,我正在通过get从URL获取一个值,并将其传递到update语句中,当我输入其中ID=1时,它工作正常,但当我输入ID=$ID时,代码工作,但没有更新,记录保持不变,可以帮我解决这个问题吗Php 通过从url获取id来更新记录,php,Php,大家好,我正在通过get从URL获取一个值,并将其传递到update语句中,当我输入其中ID=1时,它工作正常,但当我输入ID=$ID时,代码工作,但没有更新,记录保持不变,可以帮我解决这个问题吗 <?php require 'db2.php'; $id = null; if ( !empty($_GET['id'])) { $id = $_REQUEST['id']; $dbc = mysqli_connect (DB_HOST, DB_USER,
<?php
require 'db2.php';
$id = null;
if ( !empty($_GET['id'])) {
$id = $_REQUEST['id'];
$dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error() );
$q = mysqli_query($dbc,"SELECT * FROM movie WHERE MovieID = '$id' ");
while($r=mysqli_fetch_array($q))
{
$title = $r["Title"];
$tag = $r["Tag"];
$year = $r["YEAR"];
$cast = $r["Cast"];
$comment = $r["Comment"];
$IDBM = $r["IMDB"];
}
}
if (!empty($_POST) ) {
if ( !empty($_GET['id'])) {
$id = $_REQUEST['id'];
// keep track post values
$cast = $_POST['cast'];
$title = $_POST['title'];
$comment =$_POST['comment'];
$year = $_POST['year'];
$tag = $_POST['tags'];
$IDBM = $_POST['idbm'];
$cast = htmlspecialchars($cast);
$title = htmlspecialchars($title);
$comment = htmlspecialchars($comment);
// validate input
$valid = true;
if (empty($cast)) {
$castError = 'Please enter Cast';
$valid = false;
}
if (empty($title)) {
$titleError = 'Please enter Title';
$valid = false;
}
if (empty($comment)) {
$commentError = 'Please enter Comment';
$valid = false;
}
if ($valid) {
$path = "uploads/";
$valid_formats = array("jpg", "png", "gif", "bmp");
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST")
{
$name = $_FILES['photoimg']['name'];
$size = $_FILES['photoimg']['size'];
if(strlen($name))
{
list($txt, $ext) = explode(".", $name);
if(in_array($ext,$valid_formats))
{
if($size<(1024*1024))
{
$actual_image_name = time().substr(str_replace(" ", "_", $txt), 5).".".$ext;
$tmp = $_FILES['photoimg']['tmp_name'];
if(move_uploaded_file($tmp, $path.$actual_image_name))
{
mysqli_query($dbc,"UPDATE movie SET Title='$title',Year = '$year',Cast='$cast',Cover='$actual_image_name',Tag='$tag',Comment='$comment',IMDB ='$IDBM' WHERE MovieID=".$id);
header ("Location: index.php");
}
else
echo "failed";
}
else
echo "Image file size max 1 MB";
}
else
echo "Invalid file format..";
}
else
echo "Please select image..!";
exit;
}
}
}
echo"error";
}
听起来可能您的MovieID没有定义为整数,但我们无法确定,因为您没有告诉我们mysqli\u查询抛出的错误消息
您需要检查mysqli_查询创建的错误消息才能知道。请参见试试这个
$id = $_GET['id']; // taking the value from URL
mysqli_query($dbc,"UPDATE movie SET Title='$title',Year = '$year',Cast='$cast',Cover='$actual_image_name',Tag='$tag',Comment='$comment',IMDB ='$IDBM' WHERE MovieID=".$id); // the sql statement of the query
最好使用intval()
防止注射来保护get
$id = intval($_GET['id']); // taking the value from URL
这个怎么样:
$id=strip_标记(intval($_GET['id'])
mysqli_查询($dbc,“更新`movie`SET`Title`='{$Title}',`Year`=
“{$year}”,'Cast`='{$Cast}',
`封面`='{$actual\u image\u name}'、`Tag`='{$Tag}'、`Comment`='{$Comment}',
`IMDB`='{$IDBM}'其中`MovieID`='{$id}';”
要验证$id是否具有相同的值,请执行以下操作:
echo$id
您是否检查了易受攻击的查询是什么。您是否确认您的$\u GET['id']
就是您认为的那样example.com?ID=foo
和example.com?ID=foo
对于php来说是两个完全不同的查询字符串。“WHERE ID=1起作用”好的,那么如果字段是ID
,为什么要使用WHERE MovieID=
?是哪一个?@MrCode,我将url中的id作为查询字符串,我使用的是get@user790454,我编辑了代码以精确理解can u check Please它正在打印等于零的值,但在url中我看到值1您的url是:example.com?ID=1或example.com?ID=1?ID=1,我把我所有的代码都放在这里,这样你就可以帮我了。我已经用所有的代码编辑了这个问题,你能看一下吗!但是当您获得或发布id:id=1(id是大写?)或id=1时?