Php 在使用GET url ID创建的页面上更新MySQL记录
我正在创建一个简单的报告系统,我希望从数据库生成菜单和页面 我在YouTube上看到了这段视频,并用以下代码创建了一个菜单 我有一个名为Reports的数据库表和名为rep_id、rep_date、rep_ledit_date、rep_by、department、position、report和rep_to的列。还有一个名为users的表,其列名为id、username、password、first_name、last_name、department、position和passphrase 我成功地为reports表选择了一条添加的记录,但是,我有以下问题。 1.rep_to不会预先选择已选择的选项 2.无法使用php更新记录。注意:未定义索引:rep_id位于C:\wamp\www\cme\edit-this-report.php的第232行,并且数据库没有更新。此行是选择报表表的位置 请参阅下面的php代码Php 在使用GET url ID创建的页面上更新MySQL记录,php,mysql,url,select,get,Php,Mysql,Url,Select,Get,我正在创建一个简单的报告系统,我希望从数据库生成菜单和页面 我在YouTube上看到了这段视频,并用以下代码创建了一个菜单 我有一个名为Reports的数据库表和名为rep_id、rep_date、rep_ledit_date、rep_by、department、position、report和rep_to的列。还有一个名为users的表,其列名为id、username、password、first_name、last_name、department、position和passphrase 我成
<?php
if(isset($_SESSION['users'])) {
$uname = $_SESSION['users'];
$fname = $_SESSION['firstname'];
$lname = $_SESSION['lastname'];
$dep = $_SESSION['depart'];
$pos = $_SESSION['position'];
$query = mysqli_query($con, "SELECT * FROM users WHERE username = $uname");
while($row = mysqli_fetch_assoc($query)) {
$id=$row['id'];
$fname=$row['first_name'];
$lname=$row['last_name'];
$dep = $row['department'];
$pos = $row['position'];
$repby = $row['first_name'] . " " . $row['last_name'];
$repdep = $row['department'];
$reppos = $row['position'];
}
}
mysqli_select_db($con, $db_name);
$edit= "SELECT * FROM reports WHERE rep_id = '{$_GET['rep_id']}'";
$result = mysqli_query($con, $edit) or die(mysqli_error($con));
$row2 = mysqli_fetch_array($result);
if(isset($_POST['update'])) {
$_GET['rep_id']=$row2['rep_id'];
$reptype = $_POST['reporttype'];
$report = $_POST['report'];
$repto = $_POST['reportedto'];
$update=(mysqli_select_db($con, $db_name));
if(!$update) {
die('Could not connect: ' . mysql_error($con));
}
else {
$sql = "UPDATE reports SET rep_type='$reptype', report='$report', rep_to='$repto',
rep_ledit_date=NOW() WHERE rep_id='{$_GET['rep_id']}'";
$retval = mysqli_query($con, $sql);
if(!$retval ) {
$errorMessage='Could not update data: ' . mysqli_error($con);
}
else {
$success="Updated data successfully\n";
header("location:edit-this-report.php");
mysqli_close($con);
}
}
}
?>
您必须准确地识别上面哪一行是第232行,但是PHP中的“未定义索引”错误意味着您有一个数组($\u-GET和$\u-POST都是数组),并且您试图访问一个值(在本例中为:$\u-GET['rep\u-id']=1;),但它在数组中找不到“Index”(在本例中为'rep\u-id')
在某些地方,您正在通过页面上尚未定义的索引访问数组元素
编辑:
可能在这里:
$edit=“从报告中选择*,其中rep\u id='{$\u GET['rep\u id']}'
$\u GET正在引用一个名为rep\u id的url变量,但您不是在使用post发送rep\u id吗?在这种情况下,尝试改变
$\u GET['rep\u id']
到
$\u POST['rep_id']我在表单中没有看到rep_id
变量集,因此在提交表单时无法返回该值。您在上一个查询中依赖$\u GET['rep\u id']为您的更新提供rep\u id,但我发现您的表单中没有提供$\u GET vars。(最好添加一个隐藏的表单变量,并将其设置为rep_id
,然后将其作为POST变量捕获,这可能不是混合POST和GET的最佳实践。)
尽管如此,我能想到的使代码正常工作的最简单方法是将rep_id附加到表单action属性:
<form name="editor" action="edit-this-report.php?rep_id=<?php echo $_GET['rep_id']; ?>" method="post" >
我没有设置数据库,所以我没有测试它。如果您运行此程序并发现错误,请将其发布在评论中。除了bloodyKnuckles提供的解决方案外,我还从一位朋友那里得到了帮助。
如果(isset($\u post['update'])我想您需要在某处创建一个name=“rep\u id”
;-)<代码>会话_开始()是否加载正确?啊,我知道了。顺便说一句,与旧API相比,这个API的最大优点是引入了预先准备好的语句。看看他们@Fred ii,name=“rep_id”有什么用?是的,我已经开始了前几行的课程。@草莓,你知道有什么关于它们的网页吗?@Mark,谢谢你的帮助。我试了你的建议,但没有成功。最大的问题是无法编辑内容。我根据这个答案制作了链接编辑页面的菜单。啊,我现在明白了。你正在寻找美元,以防它在那里。在这种情况下,当我编写PHP代码时,我通常会在IF语句中包含一个isset()调用,这样当它发现不存在的东西并将日志弄得乱七八糟时,就不会抛出错误/通知。在这种情况下,错误实际上毫无意义,但您仍然应该使用0个通知或警告来开发最佳实践。这是正确的。它现在被一个隐藏的输入字段修复了。@bloodyKnuckles,非常感谢您的帮助。我照你说的做了,undefined rep_id错误现在消失了,但是更改没有上传到服务器。感谢您对sql注入的建议。所以加引号将有助于停止注入?我看到的另一个问题是reporttype选择选项中的值字段为空。因此,无论选择什么,数据库都将更新为空字符串。确切地说,这一点现在也已修复。
<form name="editor" action="edit-this-report.php?rep_id=<?php echo $_GET['rep_id']; ?>" method="post" >
<?php
session_start();
require ('includes/db.php'); // provides $con, select database
// get logon info
if ( !isset($_SESSION['username']) ) { header('Location: logon.php'); } // logon and set session vars
else {
list($uname, $repby, $dep, $pos) =
array($_SESSION['username'], $_SESSION['repby'], $_SESSION['department'], $_SESSION['position']);
}
// get report id if GET'd
if ( isset($_GET['rep_id']) ) {
$rep_id = $_GET['rep_id'];
}
// update report if POST'd
else if ( isset($_POST['update'] ) ) {
$rep_id = $_POST['rep_id'];
$reptype = $_POST['reporttype'];
$report = $_POST['report'];
$repto = $_POST['reportedto'];
if ( mysqli_stmt_prepare($stmt, 'UPDATE reports SET rep_type= ?, report= ?, rep_to= ?, rep_ledit_date= ? WHERE rep_id= ?') ) {
mysqli_stmt_bind_param($stmt, 'sssi', $reptype, $report, $repto, NOW(), $rep_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
else { $errorMessage='Could not update report data: ' . mysqli_error($con); }
}
else { die('no report id'); }
// get/verify report info (can be moved to get'd if to save a db call when post'd)
list($rep_type, $report) = array('', '');
$stmt = mysqli_stmt_init($con);
if ( mysqli_stmt_prepare($stmt, 'SELECT rep_id, rep_type, report FROM Reports WHERE rep_id = ?') ) {
mysqli_stmt_bind_param($stmt, 'i', $rep_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $rep_id, $rep_type, $report);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
}
else { $errorMessage='Could not select report data: ' . mysqli_error($con); }
?>
<form name="editor" action="edit-this-report.php" method="post" >
<input type="hidden" name="rep_id" value="<?=$rep_id?>">
<p class="inline">
<span>
<label for="mem">Reported by</label>
<input type="text" name="reportedby" maxlength="20" disabled value="<?=$repby?>" />
</span>
</p>
<p class="inline">
<span>
<label for="mem">Department Name</label><input type="text" name="repdepart" disabled size="100" maxlength="100" value="<?=$dep?>">
</span>
</p>
<p class="inline">
<span>
<label for="mem">Position</label><input disabled type="text" name="repposition" size="100" value="<?=$pos?>">
</span>
</p>
<p>
<span>
<label for="mem">Report Type</label>
<select name="reporttype">
<?php
list($rep_type_da, $rep_type_we, $rep_type_mo, $rep_type_qu, $rep_type_an, $rep_type_te) = array('', '', '', '', '', '');
switch ( $rep_type ) {
case 'Daily Report': $rep_type_da = ' selected'; break;
case 'Daily Report': $rep_type_we = ' selected'; break;
case 'Daily Report': $rep_type_mo = ' selected'; break;
case 'Daily Report': $rep_type_qu = ' selected'; break;
case 'Daily Report': $rep_type_an = ' selected'; break;
case 'Daily Report': $rep_type_te = ' selected'; break;
}
?>
<option value="Daily Report" <?=$rep_type_da?>>Daily Report</option>
<option value="Weekly Report" <?=$rep_type_we?>>Weekly Report</option>
<option value="Monthly Report" <?=$rep_type_mo?>>Monthly Report</option>
<option value="Quarterly Report"<?=$rep_type_qu?>>Quarterly Report</option>
<option value="Annual Report" <?=$rep_type_an?>>Annual Report</option>
<option value="Terminal Report" <?=$rep_type_te?>>Terminal Report</option>
</select>
<span>
</p>
<p>
<span>
<label for="mem">Report</label>
<textarea name="report" id="report" rows="23" cols="auto" ><?=$report?></textarea>
<span>
</p>
<p>
<span>
<label for="mem">Reported to</label>
<select name="reportedto">
<option value=""></option>
<?php
if ( mysqli_stmt_prepare($stmt, 'SELECT CONCAT(first_name, last_name) AS repto FROM users WHERE department LIKE ?') ) {
mysqli_stmt_bind_param($stmt, 's', "%$dep%");
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $repto);
while ( mysqli_stmt_fetch($stmt) ) {
echo '<option value="' . $repto . '">' . $repto . "</option>\n";
}
mysqli_stmt_close($stmt);
}
else { $errorMessage='Could not select dep user data: ' . mysqli_error($con); }
?>
</select>
</span>
</p>
<span>
<input name="update" type="submit" class="btn btn-large btn-primary" id="report_button" value="Submit Report" >
<input name="cancel" type="reset" class="btn btn-large btn-secondary" id="report_button" value="Cancel All Changes" >
</span>
</p>
</form>
<?php
if(isset($_SESSION['users'])) {
$uname = $_SESSION['users'];
$fname = $_SESSION['firstname'];
$lname = $_SESSION['lastname'];
$dep = $_SESSION['depart'];
$pos = $_SESSION['position'];
$query = mysqli_query($con, "SELECT * FROM users WHERE username = $uname");
while($row = mysqli_fetch_assoc($query)) {
$id=$row['id'];
$fname=$row['first_name'];
$lname=$row['last_name'];
$dep = $row['department'];
$pos = $row['position'];
$repby = $row['first_name'] . " " . $row['last_name'];
$repdep = $row['department'];
$reppos = $row['position'];
}
}
mysqli_select_db($con, $db_name);
$edit= "SELECT * FROM reports WHERE rep_id = '{$_GET['rep_id']}'";
$result = mysqli_query($con, $edit) or die(mysqli_error($con));
$row2 = mysqli_fetch_array($result);
if(isset($_POST['update'])) {
$repid = $_POST['repid'];
$reporttype = $_POST['reporttype'];
$report = $_POST['report'];
$repto = $_POST['reportedto'];
$sql = "UPDATE reports SET rep_type='$reporttype', report='$report', rep_to='$repto', rep_ledit_date=NOW() WHERE rep_id='$repid'";
$retval = mysqli_query($con, $sql);
mysqli_close($con);
$success="You have successfully edited your report.";
}
?>
<form name="editor" action="edit-this-report.php?rep_id=<?php echo $_GET['rep_id']; ?>" method="post" >
<p class="inline">
<span>
<label for="mem">Reported by</label>
<input type="text" name="reportedby" maxlength="20" disabled value="<?php print $fname . " " . $lname; ?>" />
</span>
</p>
<p class="inline">
<span>
<label for="mem">Department Name</label><input type="text" name="repdepart" disabled size="100" maxlength="100" value="<?php print $dep; ?>">
</span>
</p>
<p class="inline">
<span>
<label for="mem">Position</label><input disabled type="text" name="repposition" size="100" value="<?php print $pos; ?>">
</span>
</p>
<input name="repid" type="hidden" id="repid" value="<?php echo $row2['rep_id']; ?>">
<p>
<span>
<select name="reporttype">
<option value="Daily Report"<?php if ($row2['rep_type'] === 'Daily Report') echo ' selected="selected"'; ?>>Daily Report</option>
<option value="Weekly Report"<?php if ($row2['rep_type'] === 'Weekly Report') echo ' selected="selected"'; ?>>Weekly Report</option>
<option value="Monthly Report"<?php if ($row2['rep_type'] === 'Monthly Report') echo ' selected="selected"'; ?>>Monthly Report</option>
<option value="Quarterly Report"<?php if ($row2['rep_type'] === 'Quarterly Report') echo ' selected="selected"'; ?>>Quarterly Report</option>
<option value="Annual Report"<?php if ($row2['rep_type'] === 'Annual Report') echo ' selected="selected"'; ?>>Annual Report</option>
<option value="Terminal Report"<?php if ($row2['rep_type'] === 'Terminal Report') echo ' selected="selected"'; ?>>Terminal Report</option>
</select>
<span>
</p>
<p>
<span>
<label for="mem">Report</label>
<textarea name="report" id="report" rows="23" cols="auto"><?php echo $row2['report'];?></textarea>
<span>
</p>
<p>
<span>
<label for="mem">Reported to</label>
<select name="reportedto">
<?php
require ("includes/db.php");
$q2= "SELECT * FROM users WHERE department like '%$repdep%'";
$result3=mysqli_query($con, $q2) or die(mysqli_error($con));
while ($getuser=mysqli_fetch_array($result3)){
$repto=$getuser['first_name'] . " " . $getuser['last_name'];
?>
<option value="<?php echo $repto; ?>"><?php echo $repto; ?></option>;
<?php
}
?>
</select>
</span>
</p>
<span>
<input name="update" type="submit" class="btn btn-large btn-primary" id="report_button" value="Submit Report" >
<input name="cancel" type="reset" class="btn btn-large btn-secondary" id="report_button" value="Cancel All Changes" >
</span>
</form>
</p>