Fatal编程技术网
  • php/
  • 在PHP站点上通过mySQL查询更新数据库中的值

在PHP站点上通过mySQL查询更新数据库中的值

php mysql web phpmyadmin

在PHP站点上通过mySQL查询更新数据库中的值,php,mysql,web,phpmyadmin,Php,Mysql,Web,Phpmyadmin,一直在修补我的网站,这是一个座位预订网站。由于明显的原因,阿尔法测试还没有向公众开放 但是,我在更新数据库中的值时遇到了一些问题 我将发布代码,然后解释问题 else { $seatID = $_POST['form_submitted']; $query1 = "SELECT seatTaken FROM SEATS WHERE seatNo = '$seatID'"; $result = mysql_query($query1);

一直在修补我的网站,这是一个座位预订网站。由于明显的原因,阿尔法测试还没有向公众开放

但是,我在更新数据库中的值时遇到了一些问题

我将发布代码,然后解释问题

     else {

   $seatID = $_POST['form_submitted'];

$query1 = "SELECT seatTaken FROM SEATS WHERE seatNo = '$seatID'";
            $result = mysql_query($query1);  
            while($row = mysql_fetch_array($result))
            {
               $taken = $row['seatTaken'];  
            }


$query2 = "SELECT passNo FROM PASSENGER WHERE username = '$loggedinuser'";
            $result = mysql_query($query2);  
            while($row = mysql_fetch_array($result))
            {
               $passno = $row['passNo'];  
            }


$query3 = "SELECT groupID FROM PASSENGER WHERE username = '$loggedinuser'";
            $result = mysql_query($query3);  
            while($row = mysql_fetch_array($result))
            {
               $groupno = $row['groupID'];  
            }

$query4 = "SELECT flightNo FROM PASSENGER WHERE username = '$loggedinuser'";
            $result = mysql_query($query3);  
            while($row = mysql_fetch_array($result))
            {
               $flightno = $row['flightNo'];  
            }


  // if ($taken = 0) {

 $update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
 $update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
 // AND flightNo = '$flightno'"
   echo '<meta http-equiv="refresh" content="5;url=http://www.mywebsite.com/">';
       echo mysql_error();

  //}

 }

 ?>
但是,在我的查询的底部,当运行此PHP代码时,数据库中实际更改的唯一值是“seatTaken”的布尔值,因为它确实从0(未占用)更改为1(占用)

“我的数据库”中的字段passNo和groupID不会更新为这些查询中引用的字段:-

 $update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username =     '$loggedinuser'");
 $update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
有人能帮忙吗?非常感谢

Tom

在代码中看不到如何生成$groupid、$passNo、$seatID的值。更新时是否设置了这些变量?(只需回显SQL代码即可查看发送到数据库的查询)

如果groupid是表单中字段的名称,那么您可能应该尝试从post请求中获取变量,例如$\u post['groupid']

在mysql中查找值时,它们通常需要是字符串文字(添加引号)。 另一个问题是变量名:

$update = mysql_query("UPDATE PASSENGER SET seatNo = '$seatID' WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passno', groupID = '$groupno' WHERE seatNo = '$seatID'");
  • $passno vs$passno
  • $groupid vs$groupno
您还应确保正确转义用户的输入,用户运行
更新
,打印查询并退出()。要进行调试,请手动运行数据库并查看它为什么不运行。不正确的
WHERE
子句,可能吗?您可能知道这一点,但在此代码中还存在SQL注入漏洞。使用参数绑定,或者至少逃避受污染的输入。

$update = mysql_query("UPDATE PASSENGER SET seatNo = '$seatID' WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passno', groupID = '$groupno' WHERE seatNo = '$seatID'");