我在一个小的PHP项目学习的目的。我想从MySQL数据库检索保存的数据,让用户使用HTML表单编辑它。我能够检索数据并显示在文本框中。问题是当表单提交时,数据没有更新。这是我目前得到的代码。文件是用来自我更新的。如果有人能告诉我我哪里错了,我将不胜感激。谢谢你。
<?php
include ("header.php");
include ("../db.php");
$catname = $_POST['catname'];
$catdisc = $_POST['catdisc'];
$id = $_GET['id'];
if (isset($id))
{
$query = "SELECT * FROM categories WHERE catid='$id'";
$result= mysql_query($query) or die ('Mysql Error');
}
while($row = mysql_fetch_array($result)){
$cname = $row['catname'];
$cdisc = $row['catdisc'];
}
$result= "UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid='$id'"
or die ('Error Updating');
?>
<h1>Edit Categories</h1>
<form method="post" action="edit_cat.php?id=<?php echo $id;?>">
Category Name: <input type="text" name="catname" value="<?php echo $cname;?>"><br/>
Category Discription: <TEXTAREA NAME="catdisc"ROWS="3" COLS="25"><?php echo $cdisc;?></TEXTAREA><br/><br/>
<input type="submit" value="Update Category"/>
</form>
<?php
include ("footer.php");
?>
您没有执行UPDATE-statement…:)
$result= mysql_query("UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid='$id'") or die ('Error Updating');
您在字符串中定义SQL更新命令,但是,呃,您没有将其提交给数据库。有一个
$result= mysql_query($query) or die ('Mysql Error');
类行缺失。
请记住:(只是另一件事)代码是高度不安全的-因为它是。
你必须检查用户POST输入的数据,这是发现你的SQL语句的方式。除非这样做,否则每个在线用户都可以拥有完全的数据库用户特权任意访问。Google: "SQL Injection".
Rob对您的示例代码进行了一些更改,希望这对您有所帮助
<?php
include ("header.php");
include ("../db.php");
//Getting Data
$id = (int)$_GET['id'];
if (isset($id)){
$query = "SELECT `categories`.`catid` AS catid,
`categories`.`catname` AS catname,
`categories`.`catdisc` AS catdesc
FROM categories
WHERE catid='".mysql_real_escape_string($id)."'
LIMIT 1";
$result= mysql_query($query) or die ('Mysql Error');
}
//Looping through the result, tho we know only 1 result will return
if(mysql_num_rows($result)>=1){
while($row = mysql_fetch_array($result)){
$cat['id'] = $row['catid'];
$cat['name'] = $row['catname'];
$cat['description'] = $row['catdesc'];
}
}else{
$notice = 'No results found matching id:'.htmlentities($id);
}
//Updating Content
//Checking if form has been submitted with some basic checks
if(
isset($_POST['catid']) && is_numeric($_POST['catid'])==TRUE
&& isset($_POST['catname']) && $_POST['catname']!=""
&& isset($_POST['catdesc']) && $_POST['catdesc']!=""){
$cat['id'] = (int)$_POST['catid'];
$cat['name'] = (string)$_POST['catname'];
$cat['description'] = (string)$_POST['catdesc'];
//Create the query
$query="UPDATE categories
SET catname='".mysql_real_escape_string($cat['name'])."', catdisc='".mysql_real_escape_string($cat['description'])."'
WHERE catid='".mysql_real_escape_string($cat['id'])."'";
//Execute the update
mysql_query($query) or die ('Error Updating');
}
?>
<h1>Edit Categories</h1>
<form method="post" action="">
<?php echo (isset($notice))?$notice:'';?>
<input type="hidden" name="catid" value="<?php echo htmlentities($id);?>">
Category Name: <input type="text" name="catname" value="<?php echo $cat['name'];?>"><br/>
Category Discription: <TEXTAREA NAME="catdisc" ROWS="3" COLS="25"><?php echo $cat['description'];?></TEXTAREA><br/><br/>
<input type="submit" value="Update Category"/>
</form>
edit哎呀,我忘记给表单字段添加id了