PHP从id更新mysql数据库表
我想把数据更新到mysql数据库,我知道这个查询。查询不是问题 我面临的问题是如何将id页发送到其他页 假设我在skill_edit.php?id=7页上 我单击更新按钮,然后使用表单的POST方法从skill_edit.php转到skills.php 但现在我如何将表中的页面id甚至行id发送到“skills.php”呢 我的数据库: skill_edit.php中的我的表单PHP从id更新mysql数据库表,php,html,mysql,Php,Html,Mysql,我想把数据更新到mysql数据库,我知道这个查询。查询不是问题 我面临的问题是如何将id页发送到其他页 假设我在skill_edit.php?id=7页上 我单击更新按钮,然后使用表单的POST方法从skill_edit.php转到skills.php 但现在我如何将表中的页面id甚至行id发送到“skills.php”呢 我的数据库: skill_edit.php中的我的表单 <form class="form-horizontal row-fluid" method="po
<form class="form-horizontal row-fluid" method="post" action="skills.php">
<?php //Skill Name ?>
<div class="form-row control-group row-fluid">
<label class="control-label span3" for="with-placeholder">Skill Name</label>
<div class="controls span7">
<input type="text" name="skill_name" id="with-placeholder" class="row-fluid" value="<?php echo $showskillname; ?>">
</div>
</div>
<?php //Skill Description ?>
<div class="form-row control-group row-fluid">
<label class="control-label span3" for="elastic-textarea">Skill Desc <span class="help-block">My Skill Description</span> </label>
<div class="controls span7">
<textarea name="skill_desc" rows="3" style=" height:80px;" class="row-fluid autogrow" id="elastic-textarea"><?php echo $showskilldesc; ?></textarea>
</div>
</div>
<?php //Selecting Language ?>
<div class="form-row control-group row-fluid">
<label class="control-label span3">Select with search</label>
<div class="controls span7">
<select name="skill_rating" data-placeholder="Choose a Language...." class="chzn-select">
<option value="<?php echo $showskillrating; ?>"><?php echo $showskillrating; ?></option>
<option value="1">1 Star</option>
<option value="2">2 Star</option>
<option value="3">3 Star</option>
<option value="4">4 Star</option>
<option value="5">5 Star</option>
</select>
</div>
</div>
<?php //Buttons ?>
<div class="form-actions row-fluid">
<div class="span7 offset3">
<button name="updatebtn" style=" float:left; margin-left:40px;" type="submit" class="btn btn-primary">Save changes</button>
<button formaction="skills.php" style=" float:right; margin-right:40px;" type="submit" class="btn btn-secondary">Cancel</button>
</div>
</div>
</form>
下面是函数的内部
//Update Skill
//skills.php
function update_skill($updatedskillname, $updatedskilldesc, $updatedskillrating, $last_updated)
{
$query="UPDATE cv_skills SET
skill_name='$updatedskillname',
skill_desc='$updatedskilldesc',
skill_rating='$updatedskillrating',
last_updated='$last_updated' WHERE skill_id='$pageid'";
$result=mysql_query($query);
$error=mysql_error();
return $error;
}
那么,我如何在查询中获得技能id呢?有几种可能的方法可以做到这一点,但有一种方法可以做到:
<form class="form-horizontal row-fluid" method="post" action="skills.php?id=<?php echo $_GET['id']; ?>">
最好的选择是将id实际存储在会话或cookie变量中,并将其用作限定符——但这是另一天的事
<?php
//create a login form at post to this script at login...
/*
<form action="" method="post">
<label>Email:</label><br />
<input type="text" name="email" /><br /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br /><br />
<label>Remember Me:</label><br />
<input type="checkbox" name="remember" /><br /><br />
<input type="submit" name="submit" value="Login" /><br /><br />
</form>
*/
//connect to your database here...
//something like..
include('../includes/db_connection.php');
/*
Table "users" fields would contain userid(int), email(varchars), password(varchars) at a minimum...
*/
$submit = $_POST['submit'];
if(isset($submit)) {
//grab the post info at login...
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
//md5 encryption at a minimum...
$password = md5($password);
//this is just to declare the timeframe for the cookie....
$remember = strip_tags($_POST['remember']);
//query the users table..
//for demo purposes, this is a basic where normally
//I would wrap this into a function.
$sql = mysql_query("SELECT * FROM users WHERE email='$email'");
$row = mysql_fetch_array($sql);
//set-up the userid for the cookie...
$userid = strip_tags($row['userid']);
//if user exists
if(mysql_num_rows($sql)>0){
//compare the password
if(strcmp($row['password'],$password)==0){
//set the cookie with the the userid...
if (isset($remember)) {
/* Set cookie to last 1 year */
$expire = time()+60*60*24*365;
setcookie('userid', $userid, $expire);
}
else {
/* Set cookie until the user logs out */
$expire = false;
setcookie('userid', $userid, false);
}
//send the user over to their secure account...
header('Location: your_secure_login_area.php');
/*
You would then add the following to the top of any secure page that would be applied to the end-user...
<?php
//you can now reference the userid for any db call...
$userid = $_COOKIE['userid'];
if (isset($userid)) {
}
else if(!isset($userid) || $userid == '' || $_GET['userid'] != $_COOKIE['userid']) {
header('Location: http://yourloginpage.php');
}
?>
*/
}
}
else {
$reponse = 'Error: Invalid Information.';
}
}
?>
*/
}
}
否则{
$reponse='错误:无效信息';
}
}
?>
使用会话或cookie传递id。因为用户可以在提交表单之前篡改id名称并修改值。请考虑使用会话Btw,不要使用GET方法发送id,我建议将变量作为参数传递给函数,而不是使用全局变量,并在查询字符串构造期间在方法中进行转义。现在一个小错误,你就有了SQL注入漏洞。你想在skills.php页面上发送skill\u id吗?
示例隐藏帖子:
,这个问题完全回答了这个问题,没什么要说的。@Syed Haider Hassan,Tchalvak是对的,你可以使用隐藏字段,哇,很好。我没想到。。非常感谢:)我听到了,但是一些带有小样本的代码不会有什么坏处:D
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
<?php
//create a login form at post to this script at login...
/*
<form action="" method="post">
<label>Email:</label><br />
<input type="text" name="email" /><br /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br /><br />
<label>Remember Me:</label><br />
<input type="checkbox" name="remember" /><br /><br />
<input type="submit" name="submit" value="Login" /><br /><br />
</form>
*/
//connect to your database here...
//something like..
include('../includes/db_connection.php');
/*
Table "users" fields would contain userid(int), email(varchars), password(varchars) at a minimum...
*/
$submit = $_POST['submit'];
if(isset($submit)) {
//grab the post info at login...
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
//md5 encryption at a minimum...
$password = md5($password);
//this is just to declare the timeframe for the cookie....
$remember = strip_tags($_POST['remember']);
//query the users table..
//for demo purposes, this is a basic where normally
//I would wrap this into a function.
$sql = mysql_query("SELECT * FROM users WHERE email='$email'");
$row = mysql_fetch_array($sql);
//set-up the userid for the cookie...
$userid = strip_tags($row['userid']);
//if user exists
if(mysql_num_rows($sql)>0){
//compare the password
if(strcmp($row['password'],$password)==0){
//set the cookie with the the userid...
if (isset($remember)) {
/* Set cookie to last 1 year */
$expire = time()+60*60*24*365;
setcookie('userid', $userid, $expire);
}
else {
/* Set cookie until the user logs out */
$expire = false;
setcookie('userid', $userid, false);
}
//send the user over to their secure account...
header('Location: your_secure_login_area.php');
/*
You would then add the following to the top of any secure page that would be applied to the end-user...
<?php
//you can now reference the userid for any db call...
$userid = $_COOKIE['userid'];
if (isset($userid)) {
}
else if(!isset($userid) || $userid == '' || $_GET['userid'] != $_COOKIE['userid']) {
header('Location: http://yourloginpage.php');
}
?>
*/
}
}
else {
$reponse = 'Error: Invalid Information.';
}
}
?>