PHP：使用脚本更新数据库

嗨，我有一个小php脚本的问题。我试图让我的用户更改作业的状态，因此我必须使用option和post

我可以得到选项答案，但不能得到id。那么如何将id传递给新脚本？下面是脚本

<?php
$conx; //connection object to the server
$comd;//instance of a command object
$sql; //string variable to hold the SQL commands
$itemsAdded; //numeric var to hold num records added to table (1 or 0)
$dbpath;

$db = realpath("../Database/iceserv.mdb");

$conn = new COM('ADODB.Connection') or exit('Cannot start ADO.');

$connStr = "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=$db";

$conn->Open($connStr);

$sql = "SELECT callback.*,  status.stat_disc AS Status
FROM callback INNER JOIN  status ON callback.callback_STATID = status.stat_ID";

$rs = $conn->Execute($sql);
if (!$rs) {exit("Error in SQL");}
echo "<form method='post' action='../scripts/update_stat.php' id='status' name='status'><table><tr>";
echo "<th> Cutomer ID</th>";
echo "<th>Customer First Name</th>";
echo "<th>Customer Surname</th>";
echo "<th>Customer Phone Number</th>";
echo "<th>Customer Reason For Callback</th>";
echo "<th>Callback Status</th>";
echo "<th>Change Status</th>";
echo "<th></th>";

while (!$rs->EOF) {

     $callid=$rs->Fields['callback_ID']->Value;
     //echo $callid;
     $fname=$rs->Fields['callback_fname']->Value;
     $sname=$rs->Fields['callback_sname']->Value;
     $phone=$rs->Fields['callback_phnum']->Value;
     $reason=$rs->Fields['callback_reason']->Value;
     $status=$rs->Fields['Status']->Value;
     echo "<tr><td align='center'>$callid</td>";
     echo "<td align='center'>$fname</td>";
     echo "<td align = 'center'>$sname</td>";
     echo "<td align = 'center'>$phone</td>";
     echo "<td align = 'center'>$reason</td>";
     echo "<td align = 'center'>$status</td>";
     //echo "<td align = 'center'><input type='text' name='calledid' value = '$callid'></td>";
     echo"<td align = 'center'><select name ='status' size='1'>
     <option value =''>Choose status</option>
     <option value ='1'>Open </option>
     <option value ='2'>Waiting Qoute</option>
     <option value ='3'>Closed </option></td>
     </select>";
     echo  "<td><input type='submit' name='submit_btn' id='submit_btn' value='Update' class='submit_btn1'</input></td></tr></table></form>";

  exit;
  }
?>

因此，上面的脚本正在调用并从数据库中提取信息

    <?php

    //variable listing and usage
    $conx; //connection object to the server
    $comd;//instance of a command object
    $sql_comd; //string variable to hold the SQL commands
    $itemsAdded; //numeric var to hold num records added to table (1 or 0)
    $dbpath;

        $db = realpath("../Database/iceserv.mdb");

        $conn = new COM('ADODB.Connection') or exit('Cannot start ADO.');

        $connStr = "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=$db";

        $conn->Open($connStr);
              $id = $_POST['callid'];
              echo "ID is " +$id;
              $option= $_POST['status'];

    $sql_comd="UPDATE callback
    SET callback_STATID=$option
    WHERE callback_ID=$id
    ";
    $conn->Execute($sql_comd);

//$result = null;
$conn = null;

header('Location: ../admin/callback.php');

?>

上面的脚本正在尝试更新表，但id没有通过，因此如何获取要传递给脚本的id

---

请询问我是否不清楚

您可以设置select like:Open然后explode by |的值以分割结果列表$id，$option=explode |，$_请求['status']

我的错

<button name="calledid" type="submit" value="<?=$callid;?>">Submit</button>

---

使用它而不是您的输入。

谢谢您的快速响应。我可以在更新脚本（即第二个脚本）上执行此操作吗？@andy html中的第一部分和动作脚本中的第二部分别忘了用$option替换$\u REQUEST['status']，非常感谢。我将知道如何停止我的脚本对SQL注入开放you@andy-更好地使用我的解决方案：它是直截了当的，而不是像在一个字段中搞乱两个数据那样的解决方法。我不明白你在问什么，但我想指出的是，你自己对SQL注入非常开放。请阅读PDO使用准备好的查询。此外，您不能在302重定向中使用相对路径，这是您对位置标头所做的操作。bad idea…对于一个特定行，他只需要一个callid

<button name="calledid" type="submit" value="<?=$callid;?>">Submit</button>