0
我使用CRUD在線教程。不過,我已經到了更新部分,並且在GET函數和fetch_row方面遇到了一些問題。使用php和mysql更新
未定義的變量:fetched_row在C:\ XAMPP \ htdocs中\網站\ editsuppliers.php上線69是一個錯誤消息,並且接下來是未定義指數:editsuppliers
這是我到目前爲止所。
<?php
include_once 'connect.php' ;
if(isset($_GET['editsuppliers']))
{
$sql_query="SELECT * FROM suppliers WHERE SuppliersID=".$_GET['editsuppliers'];
$result_set=mysql_query($sql_query);
$fetched_row=mysql_fetch_array($result_set);
}
if(isset($_POST['btn-update']))
{
// variables for input data
$SupplierID = $_POST['SupplierID'];
$SupplierName = $_POST['SupplierName'];
$Address = $_POST['Address'];
$EmailAddress = $_POST['EmailAddress'];
$PhoneNumber = $_POST['PhoneNumber'];
// variables for input data
// sql query for update data into database
$sql_query = "UPDATE suppliers SET SupplierID='$SupplierID',SupplierNamee='$SupplierName',Address='$Address',EmailAddress='$EmailAddress',PhoneNumber'$PhoneNumber' WHERE SupplierID=".$_GET['editsuppliers'];
// sql query for update data into database
// sql query execution function
if(mysql_query($sql_query))
{
?>
<script type="text/javascript">
alert('Data Updated Successfully');
window.location.href='suppliers.php';
</script>
<?php
}
else
{
?>
<script type="text/javascript">
alert('error occured while updating data');
</script>
<?php
}
// sql query execution function
}
if(isset($_POST['btn-cancel']))
{
header("Location: suppliers.php");
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Suppliers</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="header">
<div id="content">
<label</label>
</div>
</div>
<div id="body">
<div id="content">
<form method="post">
<table align="center">
<tr>
<td><input type="text" name="SupplierID" placeholder="Supplier ID" value="<?php echo $fetched_row['SupplierID']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="SupplierName" placeholder="Supplier Name" value="<?php echo $fetched_row['SupplierName']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="Address" placeholder="Address" value="<?php echo $fetched_row['Address']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="EmailAddress" placeholder="Email Address" value="<?php echo $fetched_row['EmailAddress']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="PhoneNumber" placeholder="Phone Number" value="<?php echo $fetched_row['PhoneNumber']; ?>" required /></td>
</tr>
<tr>
<td>
<button type="submit" name="btn-update"><strong>UPDATE</strong></button>
<button type="submit" name="btn-cancel"><strong>Cancel</strong></button>
</td>
</tr>
</table>
</form>
</div>
</div>
</center>
</body>
</html>
首先,因爲mysql_ *在PHP 5.5中被棄用(請參考[PHP doc](http://php.net/manual/en/function.mysql-connect.php)),你應該真的** **考慮使用[PPS:Prepared Parameterized Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。這將有助於[預防SQL注入](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – OldPadawan
請使用'error_reporting(E_ALL); ini_set('display_errors',1);'在你的頁面頂部並且在你需要使用它們之前echo'$ _GET'和'$ _POST' vars,查看返回的內容(缺少其他東西?)我很漂亮確保'$ sql_query =「選擇*從供應商那裏供應商= =。$ _ GET ['editsuppliers'];'會讓你陷入麻煩...... – OldPadawan
[Little Bobby](http://bobby-tables.com/)說[你的腳本處於SQL注入攻擊風險](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)。瞭解[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)的[準備語句](http://en.wikipedia.org/wiki/Prepared_statement)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的。 – junkfoodjunkie