出生日期不显示，表单无法在PHP中编辑_Php

出生日期不显示，表单无法在PHP中编辑

php

出生日期不显示，表单无法在PHP中编辑,php,Php,我将简要描述我的问题。我的web应用程序中有两个主要问题：编辑页面中未显示出生日期（完成）我无法将记录提交到数据库（部分原因是问题1）这是我的密码： <?php $host = "localhost"; $username = "root"; $password = ""; $database = "students"; $mysqli = new mysqli($host, $username, $p

我将简要描述我的问题。我的web应用程序中有两个主要问题：

编辑页面中未显示出生日期（完成）

我无法将记录提交到数据库（部分原因是问题1）

这是我的密码：

<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "students";

$mysqli = new mysqli($host, $username, $password, $database);
if (!$mysqli) {
    die("Cannot connect to mysql");
} 

 if (isset($_POST['save'])) {

        // Display errors if all fields are blank
        $errors = [];
        if (strlen(trim($_POST['student_id'])) === 0) {
            $errors['student_id'] = "Không được để trống trường này";            
        }

        if (strlen(trim($_POST['first_name'])) === 0) {
            $errors['first_name'] = "Không được để trống trường này";
        } 

        if (strlen(trim($_POST['last_name'])) === 0) {
            $errors['last_name'] = "Không được để trống trường này";
        } 

        if (strlen(trim($_POST['email'])) === 0) {
            $errors['email'] = "Không được để trống trường này";
        } else {
            if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $errors['email'] = 'Email phải đúng định dạng';
            } 
        }

        if (strlen(trim($_POST['dob'])) === 0) {
            $errors['dob'] = "Không được để trống trường này";
        }        
              
    }

    
    // If there is not any black field, show the information at the index page 
        $id = $_GET['id'];
        $sql = "SELECT * FROM students WHERE id = $id";
        $result = $mysqli->query($sql);
        $students = $result->fetch_assoc(); 
        print_r($students) ;

    if (isset($errors) && count($errors) == 0) {       

        $student_id = $_POST['student_id'];
        $first_name = $_POST['first_name'];
        $last_name = $_POST['last_name'];
        $email = $_POST['email'];
        $dob = $_POST['dob'];

        $sql = "UPDATE students(student_id, first_name, last_name, email, dob) 
                SET student_id = '$student_id', first_name = '$first_name', last_name = '$last_name', email = '$email', dob = '$dob'
                WHERE id = '$id'"; 

        $result = $mysqli->query($sql);
        

        if ($result) {
            header('location: index.php');
        }            
}
?>


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Create Student List</title>
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css" integrity="sha384-B0vP5xmATw1+K9KRQjQERJvTumQW0nPEzvF6L/Z6nronJ3oUOFUFpCjEUQouq2+l" crossorigin="anonymous">
    <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
</head>
<body>
    <div class="card">
        <div class="card-body">
            <h3 class="card-title">Create Student</h3>    
            <form method="POST" action="./update.php" id="update">

                <!-- Student ID -->
                <div class="form-group">
                    <label for="student_id">Student ID <span style="color:red;">*</span></label>
                    <input type="text" id="student_id" name="student_id" class="form-control <?php echo isset($errors['student_id']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['student_id'] ?>"> 
                    <?php if (isset($errors) && isset($errors['student_id'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['student_id']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- First Name -->
                <div class="form-group">
                    <label for="first_name">First Name <span style="color:red;">*</span></label>
                    <input type="text" id="first_name" name="first_name" class="form-control <?php echo isset($errors['first_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['first_name'] ?> "> 
                    <?php if (isset($errors) && isset($errors['first_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['first_name']; ?></small>
                    <?php } ?> 
                </div>

                <!-- Last Name -->
                <div class="form-group">
                    <label for="last_name">Last name <span style="color:red;">*</span></label>
                    <input type="text" id="last_name" name="last_name" class="form-control <?php echo isset($errors['last_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['last_name'] ?>"> 
                    <?php if (isset($errors) && isset($errors['last_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['last_name']; ?></small>
                    <?php } ?> 
                </div>

                <!-- Email -->
                <div class="form-group">
                    <label for="email">Email <span style="color:red;">*</span></label>
                    <input type="email" id="email" name="email" class="form-control <?php echo isset($errors['email']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['email'] ?> "> 
                    <?php if (isset($errors) && isset($errors['email'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['email']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- Date of Birth -->
                <div class="form-group">
                    <label for="dob">Date of Birth <span style="color:red;">*</span></label>
                    <input type="date" id="dob" name="dob" class="form-control <?php echo isset($errors['dob']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['dob'] ?> "> 
                    <?php if (isset($errors) && isset($errors['dob'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['dob']; ?></small>
                    <?php } ?> 
                </div>                

                <!-- Buttons -->
                <button type="submit" class="btn btn-primary" name="save">Save</button>
                <a class="btn btn-secondary" href="./index.php">Cancel</a>

            </form>
        </div>
    </div>


    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js" integrity="sha384-9/reFTGAW83EW2RDu2S0VKaIzap3H66lZH81PoYlFhbGU+6BZp6G7niu735Sk7lN" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js" integrity="sha384-+YQ4JLhjyBLPDQt//I+STsc9iw4uQqACwlvpslubQzn4u2UU2UFM80nGisd026JF" crossorigin="anonymous"></script>
</body>
</html>

出生日期问题：您的价值标签末尾有额外的空间
value="<?php echo $students['dob'] ?> "

Update语句不会像您所拥有的那样在参数中获取字段列表。
因此，该声明失败了。但是，您应该通过使用查询绑定和预处理语句来再次保护SQL注入攻击。看起来像这样：
$sql = "UPDATE students SET student_id = '?', first_name = '?', last_name = '?', email = '?', dob = '?' WHERE id = '?'"; 
$query = $mysqli->prepare($sql);
$query->bind_param("isssi", $student_id, $first_name, $last_name, $email, $dob, $id);
$query->execute();

value=”“删除多余的空格谢谢兄弟。您已经解决了我的第一个问题警告：您完全可以使用参数化的预处理语句，而不是手动生成查询。它们由或提供。永远不要相信任何形式的输入！即使您的查询仅由受信任的用户执行。那对你有用吗？
$sql = "UPDATE students SET student_id = '?', first_name = '?', last_name = '?', email = '?', dob = '?' WHERE id = '?'"; 
$query = $mysqli->prepare($sql);
$query->bind_param("isssi", $student_id, $first_name, $last_name, $email, $dob, $id);
$query->execute();