1. 首頁
  2. 問答
  3. 更新查詢將不起作用

更新查詢將不起作用

2016-03-17 59 views
0

你好即時嘗試更新我的數據庫,但似乎還沒有工作仍有點新到PHP所以不真的知道,如果我提出的查詢是正確的......但我沒有得到任何錯誤我認爲香港專業教育學院給出正確的變量更新查詢將不起作用

<?php 
      $username = "root"; 
      $password = null; 
      $host = "localhost"; 
      $dbname = "newspaper_system"; 
      $conn = new mysqli($host,$username,$password ,$dbname); 
     if (!$conn) { 
     die("Connection failed: " . mysqli_connect_error()); 
    } 
     mysqli_connect("localhost","root", $password ) or die(mysqli_error($conn)); 
     mysqli_select_db($conn,"newspaper_system") or die(mysqli_error($conn)); 
    if(!$conn){ 
     die("cant connect db". mysql_error()); 
    } 
    if(isset($_POST['update'])){ 

     $updatesql = "UPDATE newspaper_system SET Newspaper='$_POST[Newspaper]', Price='$_POST[Price]', Pricepersquare='$_POST[Pricepersquare]' WHERE News_ID='$_POST[hidden]'"; 
     $conn->query($updatesql); 
     print '<script type="text/javascript">'; 
     print 'alert("UPDATE successful")'; 
     print '</script>'; 
    } 
    $result = mysqli_query($conn,"SELECT * FROM newspaper_library") or die(mysql_error($conn)); 
    echo "<center><table border=1> 
    <tr> 
    <td><label>News ID</td> 
    <td><label>Newspaper</td> 
    <td><label>Price</td> 
    <td><label>Pricepersquare</td> 

    </tr>"; 
    while($record= mysqli_fetch_array($result)){ 
     echo "<form action=Update.php method=post>"; 
     echo "<tr>"; 
     echo "<td> <label>". $record['News_ID'] . " </td>"; 
     echo "<td>". "<input type=text name=Newspaper value =\"" . $record['Newspaper']. "\"> </td>"; 
      echo "<td>". "<input type=text name=Price value=\"" . $record['Price']. "\"> </td>"; 
     echo "<td>". "<input type=text name=Pricepersquare value=\"" . $record['Pricepersquare']. "\"> </td>"; 
     echo "<td>". "<input type=hidden name=hidden value=" . $record['News_ID']. " </td>"; 
     echo "<td>". "<input type=submit name=update value=update " . " </td>"; 
     echo "</tr>"; 
     echo "</form>";  


    } 
    echo "</table>"; 

    $conn-> 

     close();  

     ? 

    >

來源

2016-03-17 Joshua Triumfante De Vera III

+0

您是否檢查過數據庫並且沒有更新?沒有錯誤信息?您的display_errors是否正確設置爲php.ini? –

+0

是的,我檢查了我的phpmyadmin和我製作的顯示錶..是的它正確設置 –

+0

您正在從'newspaper_library' - >'SELECT * FROM newspaper_library'中選擇,但更新'newspaper_system' - >'UPDATE newspaper_system'。這是否意圖/正確? – Sean

回答

0

首先,你不能mysqli_*功能混合mysql_*功能:

if(!$conn){ 
    //should be 'die("cant connect db". mysqli_error($conn));' 
    die("cant connect db". mysql_error()); 
}

這裏也:

// should be 'or die(mysqli_error($conn))' 
$result = mysqli_query($conn,"SELECT * FROM newspaper_library") or die(mysql_error($conn));

其次,你的關閉標記是錯誤的:

 ? 

    >

應該?>

第三,你UPDATE查詢很容易受到潛在的SQL注入(感謝@sean您指出)

$updatesql = "UPDATE newspaper_system SET Newspaper='$_POST[Newspaper]', Price='$_POST[Price]', Pricepersquare='$_POST[Pricepersquare]' WHERE News_ID='$_POST[hidden]'";

這是給它分配給一個變量第一個更好的辦法:

$newspaper = $_POST['Newspaper']; 
$price = $_POST['Price']; 
$pricepersquare = $_POST['Pricepersquare']; 
$news_id = $_POST['hidden']; 

$updatesql = "UPDATE newspaper_system SET Newspaper='$newspaper', Price='$price', Pricepersquare='$pricepersquare' WHERE News_ID='$news_id'";

注:

您從newspaper_library選擇:

SELECT * FROM newspaper_library

但更新newspaper_system

UPDATE newspaper_system

不知道是否它的意圖。

來源

2016-03-17 02:41:06 Panda

+1

至於你的'Thirdly',''$ _POST [Newspaper]''是雙引號內的有效PHP語法(儘管由於sql注入或可能的引用問題而造成非常糟糕的主意)。如果他們引用密鑰,那麼他們會使用大括號 - >''{$ _POST ['Newspaper']}'' – Sean

+0

@Sean注意到,謝謝指出:) – Panda

+0

ohh tnx生病嘗試修復正確的表單寫作up php代碼 –

相關問題

 相關問題