1. 首頁
  2. 問答
  3. PHP中的SQL更新

PHP中的SQL更新

2017-10-28 69 views
0

試圖從Web UI中查詢數據庫以更新行(及其中的數據)。 我有一個表「客戶」 - 只是想更新記錄(我已經實現了INSERT和DELETE)。PHP中的SQL更新

我呼應表,包括通過這種語法要更新的選項:

<td><a href =Scripts/Update.php?id=".$row['Customer_ID'].">Update</a> </td>";

這說明「更新」,在每一行,就像我所需要的,而當我點擊它,它運行結束更新腳本。大。

同時回顯表格我也將輸入類型更改爲文本,因此用戶可以單擊那裏,編輯數據並單擊更新按鈕。

然而問題是,當我嘗試更新表中的一條記錄時,它刷新回選定的頁眉頁,但沒有更新任何信息,只返回帶有清除數據單元格的行。 (它不會從數據庫中刪除該行,因爲我在表格中顯示了客戶ID並且仍然存在)。

我Update.php腳本如下:

 <?php 
    include "../Connection.php"; 

    $Firstname = mysqli_real_escape_string($con, $_POST['FirstName']); 
    $Lastname = mysqli_real_escape_string($con, $_POST['LastName']); 
    $CusEmail = mysqli_real_escape_string($con, $_POST['Email']); 
    $CusUsername = mysqli_real_escape_string($con, $_POST['Username']); 
    $CusPhone = mysqli_real_escape_string($con, $_POST['Phone']); 
    $CusCountry = mysqli_real_escape_string($con, $_POST['Country']); 
    $CusTown = mysqli_real_escape_string($con, $_POST['Town']); 
    $CusAddress = mysqli_real_escape_string($con, $_POST['Address']); 
    $CusPostcode = mysqli_real_escape_string($con, $_POST['Postcode']); 

      $sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$GET_[id]'"; 

mysqli_query($con, $sqlupdate); 
mysqli_close($con); 

    if($sqlupdate){ 
     header('Location:../CustomerRecords.php'); 
     } 
     else{ 
      echo "Failed!"; 
      }

還有我都試過了,例如,我通常做這從一個HTML表單,用POST方法的幾件事情,而這樣一來我我從一個href回聲...(這是我第一次)。我在DELETE函數中使用了這種方法,它工作得很好。 從後面上,我通常會增加:

if ($_SERVER["REQUEST_METHOD"] == "POST") {

而且

if(isset($_POST)){

在必要情況下,但同樣,嘗試這樣做,得到相同的結果。

這可能是我的SQL語法是錯誤的,但我無法弄清楚,如果任何人都可以建議那簡直太好了。

謝謝。

UPDATE:

我做了上述一些變化,我一直在這個代碼盯着一段時間了,只是現在「玩」吧......我也嘗試過這一點,但它會拋出錯誤,似乎更糟比現在:

 $sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$_GET[id]'"; 


    if(mysqli_query($con, $sqlupdate)){ 
     header('Location:../CustomerRecords.php'); 
     } 
     else{ 
      echo "Failed!"; 
      }

來源

2017-10-28 Tipping44

+1

$ _GET,而不是$ GET在查詢結束。然後見下文因爲你沒有運行該查詢的答案 –

+0

你的腳本是[SQL注入攻擊]的風險(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in -php) 即使[如果你逃避的投入,它不是安全!(http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[準備參數化語句(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly

+0

在字符串文本不執行對您的數據庫查詢放置一個SQL查詢。你的'mysqli_query()'調用在哪裏? – RiggsFolly

回答

0

你沒有真正執行查詢。後:

$sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$GET[id]'";

您需要添加:

mysqli_query($con,$sqlupdate);

來源

2017-10-28 15:34:29 Chris

+0

嘿Chris-編輯了上面的內容,是你是什​​麼意思?謝謝。 – Tipping44

相關問題

 相關問題