我想写一个代码做以下事情。我想从MySQL数据库检索记录。每个记录包含(课程名称,从,到,学分,详细信息)。然后我想为每条记录添加链接。当单击一条记录的链接时,我想重定向到另一个页面,以将该记录的字段状态更新为"Yes"。
问题:如何根据记录的ID更新数据库中的特定记录?换句话说,我如何使每个链接将其记录的ID传递给更新页面,以便我可以在不写入特定ID的情况下更新它?
我的表包含以下字段:
ID ,
Course_name,
From ,
To ,
Credit_hours ,
Detailes ,
state
<!DOCTYPE html><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link rel="stylesheet" type="text/css" href="mystyle.css">
<title>Training Courses Registration System </title>
</head>
<body>
<table style="width:786px; position:relative;
margin-left:auto;
margin-right:auto;">
<tr>
<td>
<img src="4.png" class="header">
</td>
</tr>
<tr>
<td><img src="2.png" class="bar">
<a href="home-ar.html"style="font-size:17px;position:absolute;top:163px;right:16px;z-index:5;lang=ar; text-decoration:none;">عربي</a>
<a href=" "style="font-size:17px;position:absolute;top:165px;right:55px;z-index:5; text-decoration:none;">Sign out |</a>
<a href="logout.php"class="l" >Profile </a>
<a href=" "class="l1">Available Courses </a>
<a href=" "class="l5">Approve Courses</a>
<a href=" "class="l4">Statistic</a>
</td>
</tr><tr>
<td>
<section class="b"><section class="f1">
<?php
$con=mysqli_connect("localhost","m","11","wafa");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM internal");
?>
<br>
<?php
while($row = mysqli_fetch_array($result)) {
echo ' <details>
<summary style="padding-left:33px;">' . $row['Course_name'] . "
</summary>";
echo "<P> From: ".$row['From'] ."</p>" ;
echo "<p> To: ".$row['To'] . "</p>";
echo "<p> Credit Hours: ".$row['Credit_hours']."</p>" ;
echo "<p> Detailes: ". $row['Detailes'] ."</p>";
echo "<p>
<a style='color:#387c25;background-color:#a6d898;' href='in3.php?id=".$row['ID']."'>Accept</a>
</p>
</details> <br>";
}
mysqli_close($con);
?>
</section>
</td></tr>
<tr><td><div class="footer">
<img src="3.png" class="footer"></div></section>
</td></tr>
</table>
</body>
</html>
<?php
$con=mysqli_connect("localhost","m","11","wafa");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_GET['ID'])){
$topic =$_GET['ID'];
}
$sql = ("UPDATE internal set state = u WHERE ID = $topic");
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
header("Location: internal.html");
mysqli_close($con);
?>
这是非常错误的:
$sql = ("UPDATE internal set state = u WHERE ID = $topic");
- 你有sql注入问题;
- 您正在使用未定义的列/元素
u。
应该是这样的:
$sql = "UPDATE internal set state = 'Yes' WHERE ID = ?";
然后使用准备好的语句将变量绑定到占位符(问号)。
注意:
- 你还应该检查一下被引用的记录是否可以被用户更改,否则用户可以通过更改url(或post数据,见下一点)来编辑任意记录;
- 如果要修改数据库中的信息,应该使用
POST而不是GET。 你应该在数据库调用中添加错误处理。在mysql中做到这一点的最简单方法是让它抛出异常。要启用它,只需在脚本的顶部添加以下内容:
mysqli_report(MYSQLI_REPORT_STRICT);