更新數據無法在Php和MySql中工作

所以，我是新的PHP和使用MySQL。在我的程序中，我嘗試了簡單的編輯，添加和刪除功能。那麼，添加和刪除功能的工作，但也有一些是錯誤的編輯一個......每當我去phpMyAdmin來檢查是否有數據庫的變化，我沒有發現...
我會非常感激，如果有人可以指導我在這部分...更新數據無法在Php和MySql中工作

adminpanel.php的一部分：

if(array_key_exists('editshirt', $_POST)) 
{ 
    include 'editshirt.php'; 
    exit(); 
}if(array_key_exists('changeshirt', $_POST)) 
{ 
    if(!mysqli_query($dbconnect, 'update shirts set 
     shirtName="'.mysqli_real_escape_string($dbconnect, $_POST['shirtName']).'", 
     shirtDescription="'.mysqli_real_escape_string($dbconnect, $_POST['shirtDescription']).'", 
     shirtGender="'.mysqli_real_escape_string($dbconnect, $_POST['shirtGender']).'", 
     shirtColor="'.mysqli_real_escape_string($dbconnect, $_POST['shirtColor']).'", 
     shirtPrice="'.mysqli_real_escape_string($dbconnect, $_POST['shirtPrice']).'", 
     shirtPicture="'.mysqli_real_escape_string($dbconnect, $_POST['shirtPicture']).'", 
     where shirts.shirtId="'.mysqli_real_escape_string($dbconnect, $_POST['shirtId']).'')) 
     echo ' '; 
    exit(); 
}

這是我的editShirt.php

<?php 
$yas = mysqli_query($dbconnect, "select * from shirts where shirtId=".mysqli_real_escape_string($dbconnect, $_POST['shirtId'])); 
$roww = mysqli_fetch_array($yas); 

echo "<p>Edit Shirt:</p>"; 
echo "<form action='?' method='post'>"; 

/*echo "<label for='shirtName'>Shirt Name: </label> 
<input type='text' name='shirtName' value=".$roww['shirtName']."><br>";*/ 
echo "<label for='shirtName'>Shirt Name: </label> 
<textarea name='shirtName' style='resize:none'>".$roww['shirtName']."</textarea><br>"; 

echo "<label for='shirtDescription'>Description: </label> 
<textarea name='shirtDescription' rows='10' cols='30' style='resize:none'>".$roww['shirtDescription']."</textarea><br>"; 

echo "<label for='shirtGender'>Gender: </label> 
<input type='radio' name='shirtGender' value='0'"; 
if($roww['shirtGender']=='0') echo"checked='checked'"; 
    echo ">Male&nbsp&nbsp<input type='radio' name='shirtGender' value='0'"; 
if($roww['shirtGender']=='1') echo "checked='checked'"; 
    echo ">Female&nbsp&nbsp<input type='radio' name='shirtGender' value='1'"; 
if($roww['shirtGender']=='2') echo "checked='checked'"; 
    echo ">Unisex<br><br>"; 

echo "<label for='shirtColor'>Color: </label> 
<input type='radio' name='shirtColor' value='0'"; 
if($roww['shirtColor']=='0') echo "checked='checked'"; 
    echo ">Colored&nbsp&nbsp<input type='radio' name='shirtColor' value='1'"; 
if($roww['shirtColor']=='1') echo "checked='checked'"; 
    echo ">White&nbsp&nbsp<input type='radio' name='shirtColor' value='1'"; 
if($roww['shirtColor']=='2') echo "checked='checked'"; 
    echo ">Black<br><br>"; 

echo "<label for='shirtPrice'>Shirt Price: </label> 
<input type='text' name='shirtPrice' value=".$roww['shirtPrice']."><br>"; 

echo "<label for='shirtPicture'>Shirt Picture: </label> 
<input type='text' name='shirtPicture' value=".$roww['shirtPicture']."><br>"; 

echo "<input type='hidden' name='shirtId' value=".mysqli_real_escape_string($dbconnect, $_POST['shirtId']).">"; 

echo "<input type='submit' name='changeshirt' value='Update shirt'>"; 

echo "</form>";?>

來源

2016-12-07 BirdBLue03

我的上帝這段代碼是不可能讀取的。但是你的插入不起作用，因爲你在查詢中使用了雙引號。改用單引號。 – Phiter

你在adminpanel.php中有更新查詢邏輯，你在表單中提供了這個文件引用，提交表單後，腳本將執行adminpanel.php？ – Rupal

和'mysql_real_escape_string'不會防止sql注入 – Blueblazer172

這個代碼寫在非常惡劣的方式，雖然我已經改正代碼。

mysqli_query($dbconnect, "update shirts set 
    shirtName='".mysqli_real_escape_string($dbconnect, $_POST['shirtName'])."', 
    shirtDescription='".mysqli_real_escape_string($dbconnect, $_POST['shirtDescription'])."', 
    shirtGender='".mysqli_real_escape_string($dbconnect, $_POST['shirtGender'])."', 
    shirtColor='".mysqli_real_escape_string($dbconnect, $_POST['shirtColor'])."', 
    shirtPrice='".mysqli_real_escape_string($dbconnect, $_POST['shirtPrice'])."', 
    shirtPicture='".mysqli_real_escape_string($dbconnect, $_POST['shirtPicture'])."', 
    where shirts.shirtId='".mysqli_real_escape_string($dbconnect, $_POST['shirtId'])."'");

希望這會有所幫助。

來源

2016-12-07 12:52:33 ManuSharma

雖然馬諾的回答應該工作（問題與引用），它仍然不是解決問題的正確方法。

以下略效率較低（但儘量測量的差別），但是（恕我直言）它的很多更具可讀性：

$d=array_map(array($dbconnect, 'real_escape_string'), $_POST); 
     // returns a numbered array 
$d=array_combine(array_keys($_POST), $d); 
     // restores the key names 
$upd="update shirts set 
    shirtName  ='$d[shirtName]', 
    shirtDescription='$d[shirtDescription]', 
    shirtGender  ='$d[shirtGender]', 
    shirtColor  ='$d[shirtColor]', 
    shirtPrice  ='$d[shirtPrice]', 
    shirtPicture ='$d[shirtPicture]', 
    where shirts.shirtId='$d[shirtId]'"; 
if (!mysqli_query($dbconnect, $upd) { 
     your_error_handler(mysqli_error($dbconnect) . "\nin\n" . $upd); 
     exit; 
}

這裏，我已經消除了重複調用mysqli_real_excape_string這樣我就可以單獨進行調試調試PHP的SQL。

但重要的一點是，冗長的sql語句生成與條件調用保持分離（並且如果我們隨後需要，保存查詢字符串），然後添加對函數的調用以報告發生了什麼錯誤！

但真正構建這個正確的，我將創建描述記錄的屬性的數組，並遍歷它生成的形式和MySQL的更新語句。

來源

2016-12-09 22:53:11 symcbean

更新數據無法在Php和MySql中工作

回答

相關問題