使用PHP更新MySQL数据库时出错
我是一个新手,我想更新数据库,当我提交表单更新记录时,我得到了这个错误使用PHP更新MySQL数据库时出错,php,Php,我是一个新手,我想更新数据库,当我提交表单更新记录时,我得到了这个错误 Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0
Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0
<?php
require_once '../includes/configuration.php';
if (!isset($_POST['enter']))
{
$employee_id_passport = $_GET['idno'];
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query, $connection);
$row = mysql_fetch_assoc($result);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
</body>
<html>
<?php
}
else
{
$_POST['employee_id_passport'] = $employee_id_passport;
$_POST['first_name'] = $first_name;
$_POST['surname'] = $surname;
$_POST['mobile_number'] = $mobile_number;
$sql_query_update = "UPDATE employee_master SET first_name = '$first_name', SET surname = '$surname', SET mobile_number = '$mobile_number', WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query_update, $connection);
}
?>
未在$\u GET superglobal中设置键idno
。检查查询字符串以查找代码中的一些错误
- 不要相信用户在未验证和清理其数据的情况下输入任何内容
- 始终测试错误或意外情况并对其采取行动
- SQL命令中的
WHERE
子句前面没有逗号
请尝试以下方法:
<?php
require_once '../includes/configuration.php';
if( !isset( $_POST ) ){
# No Update Form Submission
if( isset( $_GET['idno'] ) ){
# ID Number Set for Query
$employee_id_passport = mysql_real_escape_string( $_GET['idno'] );
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
if( !( $result = mysql_query( $sql_query , $connection ) ) ){
# Query Failed
}elseif( mysql_num_rows( $result )==0 || mysql_num_rows( $result )>1 ){
# Query Succeeded, but No Rows Returned OR More than One Row Returned
}else{
$row = mysql_fetch_assoc( $result );
}
}else{
# No ID Number sent for Query
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Employee Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<?php if( $row ){ ?>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
<?php } ?>
</body>
<html>
<?php
} else {
# Declare Error Holder
$error = array();
# Declare Field Holder
$field = array();
# Validate
if( !isset( $_POST['employee_id_passport'] ) || $_POST['employee_id_passport']=='' )
$error['employee_id_passport'] = 'No ID/Passport Set';
elseif( !is_int( $_POST['employee_id_passport'] ) )
$error['employee_id_passport'] = 'ID/Passport is not a Number';
else
$field['employee_id_passport'] = mysql_real_escape_string( $_POST['employee_id_passport'] );
if( !isset( $_POST['first_name'] ) || $_POST['first_name']=='' )
$error['first_name'] = 'No First Name Set';
else
$field['first_name'] = mysql_real_escape_string( $_POST['first_name'] );
if( !isset( $_POST['surname'] ) || $_POST['surname']=='' )
$error['surname'] = 'No First Name Set';
else
$field['surname'] = mysql_real_escape_string( $_POST['surname'] );
if( !isset( $_POST['mobile_number'] ) || $_POST['mobile_number']=='' )
$error['mobile_number'] = 'No First Name Set';
else
$field['mobile_number'] = mysql_real_escape_string( $_POST['mobile_number'] );
if( !count( $error ) ){
# Validation was Passed
$sql_query_update = "UPDATE employee_master
SET first_name = '{$field['first_name']}',
SET surname = '{$field['surname']}',
SET mobile_number = '{$field['mobile_number']}'
WHERE employee_id_passport = '{$field['$employee_id_passport']}'";
if( !( $result = mysql_query($sql_query_update, $connection) ) ){
# Update Query Failed
}else{
# Update Query OK
}
}
?>
员工搜索
UPDATE
语法错误,请参阅well…您没有索引“idno”…请检查isset($\u GET['idno]])
SQL注入!不要在SQL字符串中没有正确的引号就放置变量!假设有人用idno='调用您的页面;从员工_master中删除;——。你认为会发生什么?请始终使用预先准备好的语句(请参阅)或use.另请参阅。$\u GET来自另一个页面,我该如何处理它?请确保在链接中设置了它,否则此页面将失败。如果您在浏览器的地址栏中看到问号-“?”,并且在其右侧的某个位置看到“idno=”则该页面已设置。如果没有,那么您没有正确发送“$\u GET”参数-请查看一些基本的PHP教程,如