php mysql使用输入选项查询多个更新行 $userfile=$user_data['username']; $sql2=mysql\u查询(“选择'id','username',左('title',15)作为'title',左('description',40)作为'description','folder\u name','file','code','type','size','date'FROM'files',其中'username'='$userfile'和'folder\u name`=''ORDER BY id DESC$limit”); 而($query\u row=mysql\u fetch\u数组($sql2)){ $fileuser=$query_行['username']; $filetitle=$query_行['title']; $filecode=$query_行['code']; $filedesc=$query_行['description']; $filefile=$query_行['file']; $filesize=$query_行['size']; $filedate=$query_行['date']; $filetype=$query_行['type']; if(在数组中($filetype,$allowed\u image)==true){ if(空($filetype)==false){ if(strlen($filetitle) 选择一个文件夹:
如果要引用php mysql使用输入选项查询多个更新行 $userfile=$user_data['username']; $sql2=mysql\u查询(“选择'id','username',左('title',15)作为'title',左('description',40)作为'description','folder\u name','file','code','type','size','date'FROM'files',其中'username'='$userfile'和'folder\u name`=''ORDER BY id DESC$limit”); 而($query\u row=mysql\u fetch\u数组($sql2)){ $fileuser=$query_行['username']; $filetitle=$query_行['title']; $filecode=$query_行['code']; $filedesc=$query_行['description']; $filefile=$query_行['file']; $filesize=$query_行['size']; $filedate=$query_行['date']; $filetype=$query_行['type']; if(在数组中($filetype,$allowed\u image)==true){ if(空($filetype)==false){ if(strlen($filetitle) 选择一个文件夹:,php,mysql,rows,option,Php,Mysql,Rows,Option,如果要引用$\u POST['folder\u name'],则需要将更改为 不过更重要的是,您的SQL很容易受到XSS攻击。在引用SQL中的任何值之前,您绝对需要删除您的$\u POST。mysql.*函数都已被弃用。我建议您改为立即使用。我的精神力量无法与您的含糊不清相匹敌。请告诉我一些正确的方法。我不知道我知道如何更新数据库,但我已经告诉过你了。如果你想直接获得指导,请查看你的mysql错误日志。 <form method="post" action="">
$\u POST['folder\u name']不过更重要的是,您的SQL很容易受到XSS攻击。在引用SQL中的任何值之前,您绝对需要删除您的
$\u POSTmysql.* <form method="post" action="">
<input id="bfolder" name="movefolder" type="submit" value="Move to folder:"><br><br>
</form>
$userfile = $user_data['username'];
$sql2 = mysql_query("SELECT `id`, `username`, LEFT(`title`, 15) as `title`, LEFT(`description`, 40) as `description`, `folder_name`, `file`, `code`, `type`, `size`, `date` FROM `files` WHERE `username` = '$userfile' AND `folder_name` = '' ORDER BY id DESC $limit");
while ($query_row = mysql_fetch_array($sql2)) {
$fileuser = $query_row['username'];
$filetitle = $query_row['title'];
$filecode = $query_row['code'];
$filedesc = $query_row['description'];
$filefile = $query_row['file'];
$filesize = $query_row['size'];
$filedate = $query_row['date'];
$filetype = $query_row['type'];
if (in_array($filetype, $allowed_image) === true) {
if (empty($filetype) === false) {
if (strlen($filetitle) < 15) {
echo "<div id='imageshowsearch'><span id='linkstylerename'><a href='http://localhost/edu/1111111111111/filerename.php?rename=". $filecode . "'>Edit</a></span><span id='deletefile'><a href='http://localhost/edu/1111111111111/delete_image.php?deletefile=". $filecode . "'>X</a></span><div id='linkstyle'><strong><a href='http://localhost/edu/1111111111111/userdownload.php?code=". $filecode . " '><img src='files/thumbs/" . $filecode . "/" . $filefile . "' alt=" . $filetitle . ">" . $filetitle . "</strong></div></a>";
?>
<select name="folder_option" class="select_folder">
<option>Choose a folder:</option>
<?php
$mysql_folder = mysql_query("SELECT `folder_name`, `code` FROM `files` WHERE `username` = '$userfile' AND `folder_name` > '' GROUP BY `folder_name` ORDER BY `folder_name` ASC");
while ($query_row = mysql_fetch_array($mysql_folder)) {
$filefolder = $query_row['folder_name'];
$filecode = $query_row['code'];
echo '<option value="' . $filecode . '">' . $filefolder . '</option>';
}
if (isset($_POST['movefolder'])) {
foreach ($query_row as $key) {
mysql_query("UPDATE `files` SET `folder_name` = " . $_POST['folder_name'] . " WHERE `username` = '$userfile' AND `code` = '$filecode'");
//these query not update selected 'folder_name' in database for each file
}
}
?>
</select>