Fatal编程技术网
  • php/
  • PHP更新什么都没有发生

PHP更新什么都没有发生

php mysql

PHP更新什么都没有发生,php,mysql,Php,Mysql,这就是edit.php文档中的代码 <?php session_start(); include_once("db.php"); if(!isset($_SESSION['id'])){ header("Location: login.php"); } if(!isset($_SESSION['id'])){ header("Location: index.php"); return;

这就是edit.php文档中的代码

<?php
    session_start();

    include_once("db.php");

    if(!isset($_SESSION['id'])){
        header("Location: login.php");  
    }

    if(!isset($_SESSION['id'])){
        header("Location: index.php");  
        return;
    }

    if(!isset($_GET['pid'])){
        header("Location: index.php");  
    } else {
        echo "This seems to work";
        $pid = $_GET['pid'];
        echo $pid;
    }
        if(isset($_POST['edit'])){
            $title = strip_tags($_POST['title']);
            $content = strip_tags($_POST['content']);

            $title = mysqli_real_escape_string($db, $title);
            $content = mysqli_real_escape_string($db, $content);

            $sql = "UPDATE users SET title='$title', content='$content' WHERE id='$pid'";

            if($title == "" || $content == ""){
            echo "Please complete your post!";
            return;

        }
        mysqli_query($db, $sql);
        header("Location: index.php");
    }
?>
<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Blog - Post</title>
</head>
<body>
    <form action="edit.php" method="edit" enctype="mutlipart/form-data">
        <input placeholder="Title" name="title" type="text" autofocus size="48"><br  /><br />
        <textarea placeholder="Content" name="content" rows="20" cols="50"></textarea><br />
        <input name="edit" type="submit" value="Post">
    </form>
</body>
</html>

像其他人说的那样使用PDO

如果你想继续使用你已有的代码。将表单标记更改为:


  <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="mutlipart/form-data">



您容易受到SQL注入的攻击。请编写“echo$SQL;”而不是header(),然后检查生成查询。它也可能与您的表结构有关,因此请尝试将该查询复制粘贴到phpMyAdmin中并检查错误
如果成功,请检查
mysqli\u query
。如果未返回
$db->connect\u error


method="post" //change to post. Default is get

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post" enctype="mutlipart/form-data">



$sql = "UPDATE users SET title=?, content=? WHERE id=?";
$statement = $db->prepare($sql);
$statement->bind_param('ssi', $title, $content, $pid);   
if($statement->execute()){
       //all good
} else {
   echo $db->error;    
}



  <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="mutlipart/form-data">