1. 首頁
  2. 問答
  3. MYSQL無法更新

MYSQL無法更新

2013-08-25 60 views
0

請幫助...這是我第一次嘗試php ... 我試圖回顯$ id,$ firstname等,它確實回顯正確的結果,但數據庫無法更新。我不知道什麼是錯的......MYSQL無法更新

這裏是 「profile.php」

<? 
include("common.php"); 
include("header.php"); 
?> 
<td><table width="1000" border="0" cellspacing="0" cellpadding="0"> 
    <tr> 
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td> 
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td> 
    <td align="left" valign="top"> 
<? $link = mysql_connect("localhost", "root", "password"); 
mysql_select_db("test"); 
$email = $_SESSION['email']; 
$sql = "SELECT * FROM fmcmember where email='$email'"; 
$result = mysql_query($sql); 
$row = mysql_fetch_row($result); ?> 
    <table width="100%" border="0" cellspacing="0" cellpadding="0"> 
     <form name="form4" method="post" action="update.php"> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td width="200" class="title">My Profile</td> 
     <td width="300" class="title"> 
     </td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td><input name="id" type="hidden" value="<? echo $row[0] ?>" size="30"/></td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="email">Email</td> 
     <td class="email"><? echo $row[6] ?></td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Firstname</td> 
     <td><input name="firstname" type="text" class="inputfield" value="<? echo $row[1] ?>" size="30" maxlength="40" /></td> 
     <? if($row[3] == "M") { ?> 
     <td rowspan="16" align="left" valign="top"> 
     <img src="images/myinfo/male.png" width="200" height="200" /></td> 
     <? } else { ?> 
     <td rowspan="16" align="left" valign="top"> 
     <img src="images/myinfo/female.jpg" width="200" height="200" /></td> 
     <? } ?> 

     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Lastname</td> 
     <td><input name="lastname" type="text" class="inputfield" value="<? echo $row[2] ?>" size="30" maxlength="40" /></td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Gender</td> 
     <td class="content"> 
      <input name="gender" type="radio" value="M" <? if($row[3] == "M") { echo "checked"; }?> />Male 
      <input name="gender" type="radio" value="F" <? if($row[3] == "F") { echo "checked"; }?> />Female</td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Date of birth</td> 
     <td><input name="dob" type="text" class="inputfield" value="<? echo $row[4] ?>" size="30" maxlength="40" /></td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Address</td> 
     <td><input name="address" type="text" class="inputfield" value="<? echo $row[5] ?>" size="30" maxlength="200" /></td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Tel</td> 
     <td><input name="tel" type="text" class="inputfield" value="<? echo $row[7] ?>" size="30" maxlength="40" /></td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td class="content">Fax</td> 
     <td><input name="fax" type="text" class="inputfield" value="<? echo $row[8] ?>" size="30" maxlength="40" /></td> 
     </tr> 
     <tr> 
     <td class="content">&nbsp;</td> 
     <td>&nbsp;</td> 
     </tr> 
     <tr> 
     <td>&nbsp;</td> 
     <td><input name="Update" type="submit" value="Update" /> 
      <input name="Reset" type="button" value="Reset" onclick="javascript:document.location.href='profile.php?action=reset'"/></td> 
     <td>&nbsp;</td> 
     </tr> 
     </form> 
    </table></td> 
    </tr> 
</table></td> 
<? 
include("footer.php"); 
?>

update.php

<? 
include("common.php"); 

//得到register.php 表單的數據 
$id = $_POST["id"]; 
$firstname = $_POST["firstname"]; 
$lastname = $_POST["lastname"]; 
$gender = $_POST["gender"]; 
$dob = $_POST["dob"]; 
$address = $_POST["address"]; 
$tel = $_POST["tel"]; 
$fax = $_POST["fax"]; 

$link = mysql_connect("localhost", "root", "password"); 
mysql_select_db("test"); 
mysql_query($sql, $link); 
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'"; 

include("header.php"); 
?> 
<td><table width="1000" border="0" cellspacing="0" cellpadding="0"> 
    <tr> 
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td> 
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td> 
    <td align="left" valign="top"><table width="100%" align="left" valign="top" border="0" cellspacing="0" cellpadding="0"> 
     <tr> 
     <td width="300"><table width="100%" border="0" cellspacing="0" cellpadding="0"> 
      <tr> 
      <td class="title">&nbsp;</td> 
      </tr> 
      <tr> 
      <td class="title">My Profile</td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td class="content">Your profile has been updated. Please return back to <a href="profile.php">my profile</a> page.</td> 
      </tr> 
     </table></td> 
     </tr> 
    </table></td> 
    </tr> 
</table></td> 
<? 
include("footer.php"); 
?>

來源

2013-08-25 Connie Li

+0

我的朋友,你應該先寫 $ SQL =「更新fmcmember集名字= '$姓名',姓氏= '$姓氏',性別= '$性別',DOB ='$ dob',address ='$ address',tel ='$ tel',fax ='$ fax'其中id ='$ id'「; 然後寫這個 mysql_query($ sql,$ link) –

回答

1

你不能讓未查詢之前定義的變量上查詢:

$sql = "update fmcmember set firstname='" . mysql_real_escape_string($firstname) . "', lastname='" . mysql_real_escape_string($lastname) . "', gender='" . mysql_real_escape_string($gender) . "', dob='" . mysql_real_escape_string($dob) . "', address='" . mysql_real_escape_string($address) . "', tel='" . mysql_real_escape_string($tel) . "', fax='" . mysql_real_escape_string($fax) . "' where id='" . mysql_real_escape_string($id) . "'"; 
mysql_query($sql, $link);

而且您的SQL查詢是不是安全:What is SQL injection?

我編輯您的SQL查詢,現在是安全的。

來源

2013-08-25 11:20:49

0

你在做查詢之前定義的SQL查詢。在update.php使用此行順序

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'"; 
mysql_query($sql, $link);

來源

2013-08-25 11:12:41 supertopi

0

寫這上面的查詢您的的mysql_query($的SQL,$鏈接);

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

來源

2013-08-25 11:18:48 Chinmay235

0
在profile.php 

$result=mysql_query($sql,$link);

來源

2013-08-25 11:22:11 bhawin

相關問題

 相關問題