Php 记录和图像未更新

我正在尝试更新一个现有记录，该记录包含文本和与该记录关联的图像的名称

但是，它不会更新记录。我已经看过了代码，它是由我找到的各种代码拼凑而成的，现在我看不见树木了

以下是脚本：

$idVal_rsContent = "1";
if ( isset( $_GET[ 'idVal' ] ) ) {
    $idVal_rsContent = $_GET[ 'idVal' ];
}
mysqli_select_db($Quakers, $database_Quakers);
$query_rsContent = sprintf( "SELECT * FROM tblPageContent WHERE pageContentID = %s", GetSQLValueString( $idVal_rsContent, "int" ) );
$rsContent = mysqli_query($Quakers, $query_rsContent) or die(mysqli_error($Quakers));
$row_rsContent = mysqli_fetch_assoc($rsContent);
$totalRows_rsContent = mysqli_num_rows($rsContent);

$editFormAction = $_SERVER['PHP_SELF'];
if(isset($_POST['updateForm']))
{
    $pageContentID = $_POST['pageContentID'];
    $pageTitle = $_POST['pageTitle'];
    $pageContent = $_POST['pageContent'];
    $pageImage = $_FILES['pageImage']['name'];

    if(isset($_FILES['pageImage']['name'])) {

        // Remove existing image in folder
        // unlink ("../images".$_FILES['pageImage']['name']);

        // Upload new image and update record
        move_uploaded_file($_FILES[ "pageImage" ][ "tmp_name" ],"../images/".$_FILES[ "pageImage" ][ "name" ]);
        $query_image = "UPDATE tblPageContent SET pageTitle='$pageTitle', pageContent='$pageContent', pageImage='$pageImage' WHERE pageContentID='$pageContentID'";
    }
    else
    {
        // Update record keeping existing image
        $query_image = "UPDATE tblPageContent SET pageTitle='$pageTitle', pageContent='$pageContent' WHERE pageContentID='$pageContentID'";
    }

    // Redirect after update
    if(mysqli_query($Quakers, $query_image))
    {
        header( 'Location: main-content-updated.php' ) ;
    }
    else
    {
        header( 'Location: no-content-updated.php' ) ;
    }
}

这是HTML表单：

<form action="<?php echo $editFormAction; ?>" name="updateForm" method="post" enctype="multipart/form-data">
    <div class="form-group">
        <label for="pageTitle">Page Title</label>
        <input type="text" class="form-control" id="pageTitle" name="pageTitle" value="<?php echo $row_rsContent['pageTitle']; ?>">
    </div>

    <?php if ( !empty ($row_rsContent['pageContent']) ) { ?>
    <div class="form-group"><label for="pageContent">Page Content</label><textarea class="form-control" rows="5" id="pageContent" name="pageContent"><?php echo $row_rsContent['pageContent']; ?></textarea></div>
    <?php } else { ?>
    <div class="form-group"><label>Page Content</label><input type="text" class="form-control" id="pageContent" name="pageContent" placeholder="No content available. Page contains scripting or is hard-coded. Edit specific page to alter content." disabled></div>
    <?php } ?>

    <div class="form-group">
        <label for="pageImage">Current Page Image</label>
        <?php
            $imgName = $row_rsContent['pageImage'];
            list($width, $height) = getimagesize("../images/$imgName");
            echo "<small>(width: " . $width . "px ";
            echo "- height: " .  $height. "px)</small>";
        ?>
        <br>
        <img src="../images/<?php echo $row_rsContent['pageImage'];?>" width="20%">
        <br>
        <label>Change Page Image</label><input type="file" id="pageImage" name="pageImage">
    </div>

    <input type="hidden" name="pageContentID" value="<?php echo $row_rsContent['pageContentID']; ?>" readonly>

    <div class="line">&nbsp;</div>

    <div class="form-group" style="text-align: center">
        <button class="btn btn-success btn-lg butt" type="submit" name="updateForm">Update The Page</button>
        <button class="btn btn-danger btn-lg butt" type="reset">Cancel The Update</button>
    </div>
</form>

哪里出了问题

编辑

我在添加了一些错误报告后得到了这个错误

抛出的错误是：致命错误：未捕获的mysqli\u sql\u异常：您的sql语法有错误；查看与MySQL服务器版本对应的手册，了解使用near's、Rowntree's和Fry's以及banks Lloyds和Barclays的正确语法，尽管这些企业位于C:\Apache24\htdocs\Quakers\admin\edit main content.php:71堆栈跟踪：0 C:\Apache24\htdocs\Quakers\admin\edit-main-content.php71:mysqli_queryObjectmysqli，'UPDATE tblPageC…'1{main}在第71行的C:\Apache24\htdocs\Quakers\admin\edit-main-content.php中抛出

---

不幸的是，参数化查询直接越过了这个老脑袋，但经过大量的修补和谷歌搜索，我发现了一些适合我的东西。我不确定这是否会停止SQL注入，尽管我读过，但代码是：

// Upload data to database and image to folder
if (isset($_POST['upload']))
{

    // This is the directory where images will be saved
    $target = "../images/";
    $target = $target . basename($_FILES['pageImage']['name']);

    // This gets all the other information from the form
    $pageTitle = mysqli_real_escape_string($con, $_POST['pageTitle']);
    $pageContent = mysqli_real_escape_string($con, $_POST['pageContent']);
    $mainMenuID = mysqli_real_escape_string($con, $_POST['mainMenuID']);
    $pageImage = basename($_FILES['pageImage']['name']);

    // Writes the file to the server
    if(move_uploaded_file($_FILES['pageImage']['tmp_name'], $target)) {

    // Tells you if its all ok
    echo "The file ". basename( $_FILES['pageImage']['name']). " has been uploaded, and your information has been added to the directory";

    // Connects to your Database
    mysqli_select_db($con, "mydbase") or die(mysql_error()) ;

    // Writes the information to the database
    mysqli_query($con, "INSERT INTO myTable (`pageTitle`, `pageContent`, `mainMenuID`, `pageImage`) VALUES ('$pageTitle', '$pageContent', '$mainMenuID', '$pageImage')") ;
    } else {
    // Gives and error if its not
    echo "Sorry, there was a problem uploading your file.";
    }
}

HTML格式为：

<form method="post" action="add-main-content.php" enctype="multipart/form-data">
<div class="form-group">
        <label for="pageTitle">Page Title</label>
        <input type="text" class="form-control" name="pageTitle">
    </div>

    <div class="form-group"><label for="pageContent">Page Content</label><textarea class="form-control" rows="5" name="pageContent"></textarea></div>

    <div class="form-group">
        <label for="pageImage">Page Image (<small>Recommend dimensions are: 1440px wide x 375px high</small>)</label>
        <input type="file" name="pageImage">
    </div>

    <div class="form-group">
        <label for="mainMenuID">Main Menu</label>
        <select class="form-control" name="mainMenuID">
            <option>Select Main Menu</option>
            <?php do { ?>
            <option value="<?php echo $row_myMenu['mainMenuID']; ?>"><?php echo $row_myMenu['mainMenuLabel']; ?></option>
            <?php } while ($row_myMenu = mysqli_fetch_assoc($myMenu)); ?>
        </select>
    </div>

    <br><div class="line">&nbsp;</div>

    <div class="form-group" style="text-align: center">
        <button class="btn btn-success btn-lg butt" type="submit" name="upload">Add New Page</button>
        <button class="btn btn-danger btn-lg butt" type="reset">Cancel The Addition</button>
    </div>
</form>

---

您的脚本甚至可以使用addini\u set'display\u errors'，1；ini_设置“日志错误”，1；错误报告全部；mysqli_REPORT mysqli_REPORT_ERROR | mysqli_REPORT_STRICT；到脚本的顶部。这将强制任何mysqli_uu错误生成一个异常，您可以在浏览器上看到该异常，其他错误也可以在浏览器上看到。谢谢您的脚本。抛出的错误是：致命错误：未捕获的mysqli\u sql\u异常：您的sql语法有错误；查看与MySQL服务器版本对应的手册，了解使用near's、Rowntree's和Fry's以及banks Lloyds和Barclays的正确语法，尽管这些企业位于C:\Apache24\htdocs\Quakers\admin\edit main content.php:71堆栈跟踪：0 C:\Apache24\htdocs\Quakers\admin\edit-main-content.php71:mysqli_queryObjectmysqli，第71行C:\Apache24\htdocs\Quakers\admin\edit-main-content.php中抛出的“UPDATE tblPageC…”1{main}是：如果mysqli_query$Quakers，$query_image，就像我在评论1中说的那样。用户参数化查询，这个问题将不再出现。你应该回顾一下，了解参数化查询的必要性。这就是我开始的地方，从那里开始，它走下坡路。他们说你不能教老狗新把戏，恐怕我就是活生生的证明。有些东西就是放不进去，嘿嘿！变老的快乐。