我几乎尝试了所有方法,但我无法让这个简单的更新查询工作。
数组显示:
Array ( [pSelect] => 102 [budget] => 44 [submit] => submit )
所以我可以得出结论,它确实获取了 ID 并从输入字段 budget 接收值。
<form action="test.php" method="post" action="test.php">
<select name = 'pSelect' id = 'pSelect'>
<?php
$result = mysql_query
("SELECT ID, Project, Projectnummer, Klant, Budget
FROM tblproject
WHERE Status = '1'
ORDER BY Klant ASC
");
while($row1 = mysql_fetch_array($result))
{
$pID = $row1['ID'];
echo "<option value='"" . $row1['ID'] . "'"";
if (isset($_POST['pSelect']) && $row1['ID'] == $_POST['pSelect'])
{
echo " selected='selected'";
}
echo ">" . $row1['Klant'] ." ". $row1['Project'] ." ". $row1['Projectnummer'] . "</option>";
echo "<br />";
}
?>
</select>
<input type="text" name="budget" />
<?php
if (isset($_POST['submit']))
{
$ID = $_POST['pSelect'];
$budget = $_POST['budget'];
mysql_query
(" UPDATE tblproject SET Budget = '$budget',WHERE ID = '$ID'");
}
print_r($_POST);
?>
<input type="submit" name="submit" value="submit" />
</form>
试试这个
mysql_query("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."' ");
正如史蒂文所指出的,你在Budget = '$budget',末尾有一个错误的逗号
托,拜托...如果您不打算使用预准备语句/参数化查询,您至少可以在查询的所有参数上使用 mysql_real_escape_string() 函数吗?例如:
$query = sprintf("
UPDATE tblproject SET
Budget = '%s'
WHERE ID = '%s'",
mysql_real_escape_string($budget),
mysql_real_escape_string($ID));
);
mysql_query($query);
另一种方法是有人在某个时候在您的应用程序中导致 SQL 注入问题。
试试这个
UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."'
试试这个UPDATE查询:
mysql_query ("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."'");