1. 首頁
  2. 問答
  3. 更新查詢中顯然沒有錯誤,但記錄沒有更新

更新查詢中顯然沒有錯誤,但記錄沒有更新

2012-08-28 79 views
2

這是我的usersedit.php代碼,另一個是用戶編輯action.php 後更新其說,數據是成功更新,但它doesnot在MySQL改變什麼..請幫助我figureout問題,三江源 用戶-edit.php更新查詢中顯然沒有錯誤,但記錄沒有更新

<?php include("../includes/config.php"); ?> 
<?php 
if ($_SESSION["isadmin"]) 
{ 

$con=mysql_connect($dbserver,$dbusername,$dbpassword); 
if (!$con) { die('Could not connect: ' . mysql_error()); } 

mysql_select_db($dbname, $con); 
$accountid=$_GET["id"]; 
$result = mysql_query("SELECT * FROM accounts WHERE (id='".$accountid."')"); 
while($row = mysql_fetch_array($result)) 
{ 
$id=$row['id']; 
$firstname = $row['firstname']; 
$lastname = $row['lastname']; 
$email=$row['email']; 
$type=$row['type']; 
} 
mysql_close($con); 
?> 
<!DOCTYPE HTML> 
<html> 
<head> 
<title>Edit User</title> 
<link rel="StyleSheet" href="../admin/css/style.css" type="text/css" media="screen"> 
</head> 


<body> 
<?php include("../admin/includes/header.php"); ?> 
<?php include("../admin/includes/nav.php"); ?> 
<?php include("../admin/includes/manage-users-aside.php"); ?> 
<div id="maincontent"> 

<div id="breadcrumbs"> 
<a href="">Home</a> > 
<a href="">Manage Users</a> > 
<a href="">List Users</a> > 
Edit User 
</div> 
<h2>Edit User</h2> 

<form method="post" action="users-edit-action.php"> 
<input type="hidden" value="<?php echo $accountid; ?>" name="id" /> 
<label>Email/Username:</label><input type="text" name="email" value="<?php echo $email;  ?>" /><br /><br /> 
<label>Password:</label><input type="password" name="password" value="<?php echo  $password;?>" /><br /><br /> 
<label>First Name:</label><input type="text" name="firstname" value="<?php echo  $firstname; ?>" /><br /><br /> 
<label>Last Name:</label><input type="text" name="lastname" value="<?php echo $lastname; ?>" /><br /><br /> 
<label>Type:</label><br /> 
<input type="radio" name="type" value="S" <?php if ($type == 'S') echo  'checked="checked"'; ?> />Student<br /> 
<input type="radio" name="type" value="T" <?php if ($type == 'T') echo 'checked="checked"'; ?> /> Teacher<br /> 

<input type="submit" value="Edit" /> 
</form> 
</div> 
</body> 
<?php include("../admin/includes/footer.php"); ?> 
</html> 
<?php 

} else 
{ 
header("Location: ".$fullpath."login/unauthorized.php"); 
} 
?>

這是用戶編輯-action.php的

<?php include("../includes/config.php");?> 
<?php 

$id=$_POST["id"]; 
$firstname=$_POST["firstname"]; 
$lastname=$_POST["lastname"]; 
$email=$_POST["email"]; 
$type=$_POST["type"]; 


$con=mysql_connect($dbserver,$dbusername,$dbpassword); 
if (!$con) { die('Could not connect: ' . mysql_error()); } 


mysql_select_db($dbname, $con); 
$query=("UPDATE accounts SET firstname='".$firstname."' , lastname='".$lastname."   ,password='".$password."' , email='".$email."' type='".$type."' WHERE (id='".$id."')"); 
$result = mysql_query($query); 
echo "User has been updated Successfully!!"; 
mysql_close($con); 
?>

請幫我找出並解決問題

來源

2012-08-28 trouble creator

+0

你可以在這裏發佈'$ result'的值是什麼? –

+0

你不是逃避你構建查詢的任何變量,它們是否包含引號?請轉儲並檢查$查詢。 –

回答

4

逃生列名這是一個reserved keyword of MySQL

$query=("UPDATE accounts 
     SET firstname='" . $firstname . "' , 
      lastname='" . $lastname . "  , 
       `password`='" . $password . "' ,   
       email='" . $email . "'   ,   // <== forgot comma 
       type='" . $type . "' WHERE (id='".$id."') 
     ");

Password應該逃脫。
你忘了在emailtype之間插入逗號。

您當前的查詢很可能是SQL Injection。使用使用PDO擴展的PDOMYSQLI

例子:

<?php 

    $query = "UPDATE accounts 
       SET firstname = ?, 
        lastname = ?, 
        `PassWord` = ?,   
        email = ?,   
        type = ? 
      WHERE id = ? 
     "; 

    $stmt = $dbh->prepare($query); 
    $stmt->bindParam(1, $firstname); 
    $stmt->bindParam(2, $lastname); 
    $stmt->bindParam(3, $password); 
    $stmt->bindParam(4, $email); 
    $stmt->bindParam(5, $type); 
    $stmt->bindParam(6, $id); 

    $stmt->execute(); 
    echo ($stmt) ? "Successful" : "Error Occured"; 

?>

這將允許你插入單引號的記錄。

來源

2012-08-28 03:19:44

+1

爲'mysql_query()'添加結果檢查:'echo(!$ result)? 「錯誤」:「用戶已經更新成功!!」;' – deex

+0

這就是我如何將代碼僞造成你所說的,但它仍然沒有更新數據庫中的記錄......我以前從未遇到過這個問題..請幫忙 –

+0

$ con = mysql_connect($ dbserver,$ dbusername,$ dbpassword);如果(!$ con){die('Could not connect:'。mysql_error()); } mysql_select_db($ dbname,$ con); $ result =(「UPDATE accounts SET firstname ='」。$ firstname。「', lastname ='」。$ lastname。「, 'password'='」。$ password。「', email =' 「。$ email。」', type ='「。$ type。」'WHERE(id ='「。$ id。」')「); echo「用戶已成功更新!!」; mysql_close($ con); ?> –

相關問題

 相關問題