PHP从id更新mysql数据库表_Php_Html_Mysql

PHP从id更新mysql数据库表

php html mysql

PHP从id更新mysql数据库表,php,html,mysql,Php,Html,Mysql,我想把数据更新到mysql数据库，我知道这个查询。查询不是问题我面临的问题是如何将id页发送到其他页假设我在skill_edit.php？id=7页上我单击更新按钮，然后使用表单的POST方法从skill_edit.php转到skills.php 但现在我如何将表中的页面id甚至行id发送到“skills.php”呢我的数据库： skill_edit.php中的我的表单 <form class="form-horizontal row-fluid" method="po

我想把数据更新到mysql数据库，我知道这个查询。查询不是问题

我面临的问题是如何将id页发送到其他页

假设我在skill_edit.php？id=7页上我单击更新按钮，然后使用表单的POST方法从skill_edit.php转到skills.php

但现在我如何将表中的页面id甚至行id发送到“skills.php”呢

我的数据库：

skill_edit.php中的我的表单

     <form class="form-horizontal row-fluid" method="post" action="skills.php">

        <?php //Skill Name ?>
        <div class="form-row control-group row-fluid">
          <label class="control-label span3" for="with-placeholder">Skill Name</label>
          <div class="controls span7">
            <input type="text" name="skill_name" id="with-placeholder" class="row-fluid" value="<?php echo $showskillname; ?>">
          </div>
        </div>

       <?php //Skill Description ?>
        <div class="form-row control-group row-fluid">
          <label class="control-label span3" for="elastic-textarea">Skill Desc <span class="help-block">My Skill Description</span> </label>
          <div class="controls span7">
            <textarea name="skill_desc" rows="3" style=" height:80px;"  class="row-fluid autogrow" id="elastic-textarea"><?php echo $showskilldesc; ?></textarea>
          </div>
        </div>

        <?php //Selecting Language ?>
        <div class="form-row control-group row-fluid">
          <label class="control-label span3">Select with search</label>
          <div class="controls span7">
            <select name="skill_rating" data-placeholder="Choose a Language...." class="chzn-select">
              <option value="<?php echo $showskillrating; ?>"><?php echo $showskillrating; ?></option>
              <option value="1">1 Star</option>
              <option value="2">2 Star</option>
              <option value="3">3 Star</option>
              <option value="4">4 Star</option>
              <option value="5">5 Star</option>
            </select>
          </div>
        </div>


       <?php //Buttons ?>
        <div class="form-actions row-fluid">
          <div class="span7 offset3">
            <button name="updatebtn" style=" float:left; margin-left:40px;" type="submit" class="btn btn-primary">Save changes</button>
            <button formaction="skills.php" style=" float:right; margin-right:40px;" type="submit" class="btn btn-secondary">Cancel</button>
          </div>
        </div>
      </form>

下面是函数的内部

//Update Skill
//skills.php
function update_skill($updatedskillname, $updatedskilldesc, $updatedskillrating, $last_updated)
{
        $query="UPDATE cv_skills SET
                            skill_name='$updatedskillname',
                            skill_desc='$updatedskilldesc',
                            skill_rating='$updatedskillrating',
                            last_updated='$last_updated' WHERE skill_id='$pageid'";
$result=mysql_query($query);
$error=mysql_error();

return $error;
}

那么，我如何在查询中获得技能id呢？

有几种可能的方法可以做到这一点，但有一种方法可以做到：

<form class="form-horizontal row-fluid" method="post" action="skills.php?id=<?php echo $_GET['id']; ?>">

最好的选择是将id实际存储在会话或cookie变量中，并将其用作限定符——但这是另一天的事
<?php
//create a login form at post to this script at login...

/*
<form action="" method="post">
<label>Email:</label><br />
<input type="text" name="email" /><br /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br /><br />
<label>Remember Me:</label><br />
<input type="checkbox" name="remember" /><br /><br />
<input type="submit" name="submit" value="Login" /><br /><br />
</form>
*/

//connect to your database here...
//something like..
include('../includes/db_connection.php');

/*
Table "users" fields would contain userid(int), email(varchars), password(varchars) at a minimum...
*/

$submit = $_POST['submit'];
if(isset($submit)) {

//grab the post info at login...
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

//md5 encryption at a minimum...
$password = md5($password);

//this is just to declare the timeframe for the cookie....
$remember = strip_tags($_POST['remember']);

//query the users table..
//for demo purposes, this is a basic where normally
//I would wrap this into a function.
$sql = mysql_query("SELECT * FROM users WHERE email='$email'");
$row = mysql_fetch_array($sql);

//set-up the userid for the cookie...
$userid = strip_tags($row['userid']);

//if user exists
if(mysql_num_rows($sql)>0){

//compare the password
if(strcmp($row['password'],$password)==0){

//set the cookie with the the userid...
if (isset($remember)) {

/* Set cookie to last 1 year */
$expire = time()+60*60*24*365;
setcookie('userid', $userid, $expire);        
}

else {

/* Set cookie until the user logs out */
$expire = false;
setcookie('userid', $userid, false); 
}
//send the user over to their secure account...
header('Location: your_secure_login_area.php');

/*
You would then add the following to the top of any secure page that would be applied to the end-user...

<?php
//you can now reference the userid for any db call...
$userid = $_COOKIE['userid'];
if (isset($userid)) {
}
else if(!isset($userid) || $userid == '' || $_GET['userid'] != $_COOKIE['userid']) {
header('Location: http://yourloginpage.php');
}
?>

*/

}
}

else {
$reponse = 'Error: Invalid Information.';
}
}
?>


*/
}
}
否则{
$reponse='错误：无效信息'；
}
}
?>
使用会话或cookie传递id。因为用户可以在提交表单之前篡改id名称并修改值。
请考虑使用会话Btw，不要使用GET方法发送id，我建议将变量作为参数传递给函数，而不是使用全局变量，并在查询字符串构造期间在方法中进行转义。现在一个小错误，你就有了SQL注入漏洞。你想在skills.php页面上发送skill\u id吗？
示例隐藏帖子：，这个问题完全回答了这个问题，没什么要说的。@Syed Haider Hassan，Tchalvak是对的，你可以使用隐藏字段，哇，很好。我没想到。。非常感谢：）我听到了，但是一些带有小样本的代码不会有什么坏处：D
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">

<?php
//create a login form at post to this script at login...

/*
<form action="" method="post">
<label>Email:</label><br />
<input type="text" name="email" /><br /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br /><br />
<label>Remember Me:</label><br />
<input type="checkbox" name="remember" /><br /><br />
<input type="submit" name="submit" value="Login" /><br /><br />
</form>
*/

//connect to your database here...
//something like..
include('../includes/db_connection.php');

/*
Table "users" fields would contain userid(int), email(varchars), password(varchars) at a minimum...
*/

$submit = $_POST['submit'];
if(isset($submit)) {

//grab the post info at login...
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

//md5 encryption at a minimum...
$password = md5($password);

//this is just to declare the timeframe for the cookie....
$remember = strip_tags($_POST['remember']);

//query the users table..
//for demo purposes, this is a basic where normally
//I would wrap this into a function.
$sql = mysql_query("SELECT * FROM users WHERE email='$email'");
$row = mysql_fetch_array($sql);

//set-up the userid for the cookie...
$userid = strip_tags($row['userid']);

//if user exists
if(mysql_num_rows($sql)>0){

//compare the password
if(strcmp($row['password'],$password)==0){

//set the cookie with the the userid...
if (isset($remember)) {

/* Set cookie to last 1 year */
$expire = time()+60*60*24*365;
setcookie('userid', $userid, $expire);        
}

else {

/* Set cookie until the user logs out */
$expire = false;
setcookie('userid', $userid, false); 
}
//send the user over to their secure account...
header('Location: your_secure_login_area.php');

/*
You would then add the following to the top of any secure page that would be applied to the end-user...

<?php
//you can now reference the userid for any db call...
$userid = $_COOKIE['userid'];
if (isset($userid)) {
}
else if(!isset($userid) || $userid == '' || $_GET['userid'] != $_COOKIE['userid']) {
header('Location: http://yourloginpage.php');
}
?>

*/

}
}

else {
$reponse = 'Error: Invalid Information.';
}
}
?>