您的位置: 首页  >  技术问答  >  SQL更新代码不改变数据库数据

SQL更新代码不改变数据库数据

分类: 技术问答 2022-08-29 15:45:59
问题描述:

我试图通过表单更新我的数据库。SQL更新代码不改变数据库数据

部分代码正在工作,因为它从表中检索数据并将其显示在窗体中,但sql更新代码未在后端更改值。

的代码片段如下,任何帮助都将赞赏:

<html> 
<head> 
    <body> 

<?php 
$con = mysql_connect("localhost","user","pass"); 
if(!$con){ 
die("Cannot Connect to database:" . mysql_error()); 
} 
mysql_select_db("intranet",$con); 
$sql = "SELECT * FROM progress_sheet"; 
$myData = mysql_query($sql,$con); 
if(isset($_POST['update'])){ 
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$_POST[jobdescription]' WHERE id='$_POST[hidden]'"; 
mysql_query($UpdateQuery, $con);  
}; 
echo "<table border=1> 
<tr> 
<th>Job Description</th> 
</tr>"; 
while($record = mysql_fetch_array($myData)){ 
echo "<form action=save.php method=post>"; 
echo "<tr>"; 
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
echo "<td>" . "<input type=hidden name=hidden value=" . $record['hidden'] . " </td>"; 
echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
echo "</form>"; 
} 
echo "</table>"; 
?> 
    </body> 
    </head> 
</html>

*

+0

试图看到有一个错误还检查发布数据mysql_query($ updatequery,$ con)或死亡(mysql_error()) – Sedz 2015-02-09 09:56:08

+1

请注意,这可能会让你陷入一个很大的麻烦,由于SQL注入.. 。 – DonCallisto 2015-02-09 09:57:32

+0

您尝试与非集PARAMS – donald123 2015-02-09 09:59:24

在你的代码不止一个发现错误,

1缺少单引号和双引号。

2形式发布到另一个文件save.php(行情也不见了)

<html> 
<head> 
    <body> 

<?php 
$con = mysql_connect("localhost","user","pass"); 
if(!$con){ 
die("Cannot Connect to database:" . mysql_error()); 
} 
mysql_select_db("intranet",$con); 
$sql = "SELECT * FROM progress_sheet"; 
$myData = mysql_query($sql,$con); 

if(isset($_POST['update'])){ 
$jobdescription = $_POST['jobdescription']; // See here 
$id = $_POST['hidden'];      // See here 
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$id'"; 
mysql_query($UpdateQuery, $con);  
}; 
echo "<table border=1> 
<tr> 
<th>Job Description</th> 
</tr>"; 
while($record = mysql_fetch_array($myData)){ 
echo "<form action='' method='post'>"; // See Here. The form is posted to another page 
echo "<tr>"; 
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>"; 
echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
echo "</form>"; 
} 
echo "</table>"; 
?> 
    </body> 
    </head> 
</html>

如下更改更新查询,然后尝试:

$UpdateQuery = "UPDATE progress_sheet SET jobdescription='".$_POST['jobdescription']."' WHERE id='".$_POST['hidden']."'";
+0

你应该意识到关于SQL注入的OP ... – DonCallisto 2015-02-09 09:57:06

+0

你需要显示OP来检查是否设置$ _POST x和y以避免E_NOTICE错误 – donald123 2015-02-09 09:57:53

这是用简单的检查来防止sql注入的基本示例。请注意,mysql函数已被弃用。你可以使用mysqli函数。

<html> 
    <head> 
    <body> 

    <?php 
     $con = mysql_connect("localhost","user","pass"); 
     if(!$con){ 
      die("Cannot Connect to database:" . mysql_error()); 
     } 
     mysql_select_db("intranet",$con); 
     $sql = "SELECT * FROM progress_sheet"; 
     $myData = mysql_query($sql,$con); 
     if(isset($_POST['update'])){ 

      //do basic checks to prevent sql injections 
      $jobdescription = isset($_POST['jobdescription']) ? trim($_POST['jobdescription'] : ''); 
      $hidden = isset($_POST['hidden']) ? trim($_POST['hidden'] : ''); 

      $jobdescription = mysql_real_escape_string($jobdescription); 
      $hidden = mysql_real_escape_string($hidden); 



      if(empty($jobdescription) || empty($hidden)){ 

       //handle errors here 
       //exit; 
       //or do error logging $errors[] = "Your error message" 
       //or redirect with header(...); 
      } 

      $UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$hidden'"; 
      mysql_query($UpdateQuery, $con); 
     }; 
     echo "<table border=1> 
     <tr> 
     <th>Job Description</th> 
     </tr>"; 
     while($record = mysql_fetch_array($myData)){ 
      echo "<form action=save.php method=post>"; 
      echo "<tr>"; 
      echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
      echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>"; 
      echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
      echo "</form>"; 
     } 
     echo "</table>"; 
    ?> 
</body> 
</head> 
</html>

在你的PHP文件,你应该启用错误报告的顶部,这将有助于您进行调试:

<?php 
// Turn off error reporting 
error_reporting(0); 

// Report runtime errors 
error_reporting(E_ERROR | E_WARNING | E_PARSE); 

// Report all errors 
error_reporting(E_ALL); 

// Same as error_reporting(E_ALL); 
ini_set("error_reporting", E_ALL); 

// Report all errors except E_NOTICE 
error_reporting(E_ALL & ~E_NOTICE); 
?> 


$UpdateQuery = 'UPDATE progress_sheet SET jobdescription="'.mysql_real_escape_string(isset($_POST['jobdescription']) ? $_POST['jobdescription'] : '').'" WHERE id='.(isset($_POST['hidden']) ? $_POST['hidden']*1 : 0);

,并停止使用mysql_*功能,并移动到mysqli_*功能使用的是已过时的人。

+0

你已经缺少$ _POST附近的引号[jobdescription] – Whirlwind 2015-02-09 10:18:37

+0

是的,没想过在那里,在那里编辑它们增加了变量存在的简单诡计。 – Seti 2015-02-09 10:19:32

相关推荐