2017-06-05 109 views
0

我目前正在爲客戶端數據庫管理製作一個系統。 mySQL中有四個表格用於這個系統,管理員,員工,客戶和項目。項目表中有一個來自客戶端表的外鍵,它是clientid。PHP表格無法更新

現在,我已經爲所有這些表格製作了表格,以便用戶可以將數據輸入到它們中。奇怪的是,唯一可以成功更新的形式是工作人員。客戶和項目表格都不能更新。它會成功返回,但數據不會被更改。

以下是員工更新代碼。

<?php 
    include 'database.php'; 

    $staffid = $_GET['staffid']; 
    $sql = "SELECT * FROM staff WHERE staffid='$staffid'"; 
    $result = mysqli_query($conn,$sql); 

    while ($row=mysqli_fetch_array($result)){ 
     $staffname = $row['staffname']; 
     $staffemail = $row['staffemail']; 
     $staffphone = $row['staffphone']; 
    } 

    if(isset($_POST['submit'])){ 
    $staffname = $_POST['staffname']; 
    $staffemail = $_POST['staffemail']; 
    $staffphone = $_POST['staffphone']; 

    $sql = "UPDATE staff SET 

    staffname='$staffname',staffemail='$staffemail',staffphone='$staffphone' WHERE staffid='$staffid'"; 

    $result = mysqli_query($conn,$sql); 

    if($result){ 
     echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>"; 
    } 
    else { 
     echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>"; 
    } 
} 
?> 


<form action="" method="post"> 
<table class ="table1"> 
<tr> 
<td>Staff Name:</td> <td><input type="text" name="staffname" size="50" value="<?php echo $staffname;?>"></td> 
</tr> 

<tr> 
<td>Staff Email:</td> <td><input type="text" name="staffemail" size="50" value="<?php echo $staffemail;?>"></td> 
</tr> 

<tr> 
<td>Staff Phone No:</td> <td><input type="text" name="staffphone" size="50" value="<?php echo $staffphone;?>"></td> 
</tr> 

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewstaff.php"'></td> 
</table> 
</form> 

好了,現在是客戶端表的更新代碼。

<?php 
include 'database.php'; 

$clientid = $_GET['clientid']; 
$sql = "SELECT * FROM client WHERE clientid='$clientid'"; 
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error()); 

while ($row=mysqli_fetch_array($result)){ 
    $clientid = $row['clientid']; 
    $clientname = $row['clientname']; 
    $clientno = $row['clientno']; 
    $clientemail = $row['clientemail']; 
    $clientadd = $row['clientadd']; 
} 

if(isset($_POST['submit'])){ 
    $clientid = $row['clientid']; 
    $clientname = $row['clientname']; 
    $clientno = $row['clientno']; 
    $clientemail = $row['clientemail']; 
    $clientadd = $row['clientadd']; 

    $sql = "UPDATE client SET clientid='$clientid',clientname='$clientname',clientno='$clientno',clientemail='$clientemail',clientadd='$clientadd' WHERE clientid='$clientid'"; 

    $result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error()); 

    if($result){ 
     echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>"; 
    } 
    else { 
     echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>"; 
    } 
} 
?> 


<form action="" method="post"> 
<table class ="table1"> 
<tr> 
<td>Client ID:</td> <td><input type="text" name="clientid" size="50" value="<?php echo $clientid;?>"></td> 
</tr> 

<tr> 
<td>Client Name:</td> <td><input type="text" name="clientname" size="50" value="<?php echo $clientname;?>"></td> 
</tr> 

<tr> 
<td>Client Phone No.:</td> <td><input type="text" name="clientno" size="50" value="<?php echo $clientno;?>"></td> 
</tr> 

<tr> 
<td>Client Email:</td> <td><input type="text" name="clientemail" size="50" value="<?php echo $clientemail;?>"></td> 
</tr> 

<tr> 
<td>Client Address:</td> <td><input type="text" name="clientadd" size="50" value="<?php echo $clientadd;?>"></td> 
</tr> 

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewclient.php"'></td> 
</table> 
</form> 

也許我是傻還是什麼,但我一直在試圖找出問題3小時,我這個接近哭了笑。一直在閱讀關於更新表單的所有主題,但仍然沒有答案。希望這裏的任何人都能幫助我。謝謝。

+4

**危險**:您很容易[SQL注入攻擊](http://bobby-tables.com/)**,您需要[防禦](http://stackoverflow.com/問題/ 60174/best-way-to-prevent-sql -injection-in-php)自己從。 – Quentin

+1

借調上述,如果可能的話,我會建議使用[PDO Prepared Statements](http://php.net/manual/en/pdo.prepared-statements.php)。 –

+0

您還應該從更新查詢集字段中刪除'clientid'; – itzmukeshy7

回答

0

您使用的客戶端表更新的代碼使用此代碼:

if(isset($_POST['submit'])){ 
    $clientid = $row['clientid'];  // $row should be $_POST 
    $clientname = $row['clientname']; // $row should be $_POST 
    $clientno = $row['clientno'];  // $row should be $_POST 
    $clientemail = $row['clientemail']; // $row should be $_POST 
    $clientadd = $row['clientadd'];  // $row should be $_POST 

但這些$row S的關係是$_POST,否則更新後的數據將是相同的之前的數據(因爲$row是結果來自查詢SELECT * FROM client WHERE clientid='$clientid')。您可以在工作人員表更新代碼做是正確的:

if(isset($_POST['submit'])){ 
    $staffname = $_POST['staffname']; 
    $staffemail = $_POST['staffemail']; 
    $staffphone = $_POST['staffphone']; 

請注意,你的腳本是在SQL Injection Attack風險。看看Little Bobby Tables發生了什麼事。即使是if you are escaping inputs, its not safe!。改爲使用prepared parameterized statements