1
我有一個數據庫,我正在使用它來收集測試數據。編輯mysql數據庫中的一行
它顯示在一個新行上的每條記錄,並在末尾添加一個編輯和刪除鏈接,並添加新的記錄鏈接。
除編輯部分外,所有內容均有效。我看不到我要去哪裏錯了?
當我點擊編輯鏈接時,它會顯示帶有字段等的表的佈局,但它只傳遞行ID,並在日期字段中顯示。如果我輸入字段並提交,它將會改變。它只是不會傳遞數據。
這是我的編輯頁面和編輯腳本。
<?php
function valid($date,$error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Records</title>
</head>
<body>
<?php
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $date; ?>"/>
<table border="1">
<tr>
<td colspan="2"><b><font color='Red'>Edit Records </font></b></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Date</font></b></td>
<td><label>
<input type="text" name="date" value="<?php echo $date; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Ammonia</em></font></b></td>
<td><label>
<input type="text" name="amm" value="<?php echo $amm; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Nitrate</font></b></td>
<td><label>
<input type="text" name="nat" value="<?php echo $nat; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Nitrite</font></b></td>
<td><label>
<input type="text" name="nit" value="<?php echo $nit; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>pH</font></b></td>
<td><label>
<input type="text" name="ph" value="<?php echo $ph; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Alkalinity</font></b></td>
<td><label>
<input type="text" name="alk" value="<?php echo $alk; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>SG</font></b></td>
<td><label>
<input type="text" name="sg" value="<?php echo $sg; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Temperature</font></b></td>
<td><label>
<input type="text" name="temp" value="<?php echo $temp; ?>" />
</label></td>
</tr>
<tr align="Right">
<td colspan="2"><label>
<input type="submit" name="submit" value="Edit Records">
</label></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
include('config.php');
if (isset($_POST['submit']))
{
if (is_numeric($_POST['id']))
{
$id = $_POST['id'];
$date = mysql_real_escape_string(htmlspecialchars($_POST['date']));
$amm = mysql_real_escape_string(htmlspecialchars($_POST['amm']));
$nat = mysql_real_escape_string(htmlspecialchars($_POST['nat']));
$nit = mysql_real_escape_string(htmlspecialchars($_POST['nit']));
$ph = mysql_real_escape_string(htmlspecialchars($_POST['ph']));
$alk = mysql_real_escape_string(htmlspecialchars($_POST['alk']));
$sg = mysql_real_escape_string(htmlspecialchars($_POST['sg']));
$temp = mysql_real_escape_string(htmlspecialchars($_POST['temp']));
if ($date == '')
{
$error = 'ERROR: Please fill in all required fields!';
valid($date, $error);
}
else
{
mysql_query("UPDATE employee SET date='$date', amm='$amm', nat='$nat', nit='$nit', ph='$ph', alk='$alk', sg='$sg', temp='$temp'")
or die(mysql_error());
header("Location: view.php");
}
}
else
{
echo 'Error!';
}
}
else
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM employee WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
if($row)
{
$date = $row['date'];
$amm = $row['amm'];
$nat = $row['nat'];
$nit = $row['nit'];
$ph = $row['ph'];
$alk = $row['alk'];
$sg = $row['sg'];
$temp = $row['temp'];
valid($id,'');
}
else
{
echo "No results!";
}
}
else
{
echo 'Error!';
}
}
?>
你真的保持與0的代碼格式參與? –
'$ id = $ _GET ['id']; $ result = mysql_query(「SELECT * FROM employee WHERE id = $ id」)'它容易受到sql注入 –