1. 首頁
  2. 問答
  3. 更新記錄,通過從網址獲取一個ID

更新記錄,通過從網址獲取一個ID

2014-05-14 55 views
0

大家好我是從一個URL獲取值並將其傳遞到更新語句,當我把WHERE ID = 1時,它工作正常,但是當我把ID = $ ID,代碼工作,但沒有及時更新,記錄保持不變,可有的幫我解決這個問題,請更新記錄,通過從網址獲取一個ID

<?php 
    require 'db2.php'; 
    $id = null; 
    if (!empty($_GET['id'])) { 
    $id = $_REQUEST['id']; 

$dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error()); 
    $q = mysqli_query($dbc,"SELECT * FROM movie WHERE MovieID = '$id' "); 
    while($r=mysqli_fetch_array($q)) 
    { 
    $title = $r["Title"]; 
    $tag = $r["Tag"]; 
    $year = $r["YEAR"]; 
    $cast = $r["Cast"]; 
    $comment = $r["Comment"]; 
    $IDBM = $r["IMDB"]; 
    } 


    } 


if (!empty($_POST)) { 
if (!empty($_GET['id'])) { 
    $id = $_REQUEST['id']; 

    // keep track post values 
    $cast = $_POST['cast']; 
    $title = $_POST['title']; 
    $comment =$_POST['comment']; 
    $year = $_POST['year']; 
     $tag = $_POST['tags']; 
     $IDBM = $_POST['idbm']; 
    $cast = htmlspecialchars($cast); 
    $title = htmlspecialchars($title); 
    $comment = htmlspecialchars($comment); 

    // validate input 
    $valid = true; 
    if (empty($cast)) { 
     $castError = 'Please enter Cast'; 
     $valid = false; 
    } 

    if (empty($title)) { 
     $titleError = 'Please enter Title'; 
     $valid = false; 
    } 
     if (empty($comment)) { 
     $commentError = 'Please enter Comment'; 
     $valid = false; 
    } 


    if ($valid) { 

    $path = "uploads/"; 



$valid_formats = array("jpg", "png", "gif", "bmp"); 
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST") 
    { 
     $name = $_FILES['photoimg']['name']; 
     $size = $_FILES['photoimg']['size']; 

     if(strlen($name)) 
      { 
       list($txt, $ext) = explode(".", $name); 
       if(in_array($ext,$valid_formats)) 
       { 
       if($size<(1024*1024)) 
        { 
         $actual_image_name = time().substr(str_replace(" ", "_", $txt), 5).".".$ext; 
         $tmp = $_FILES['photoimg']['tmp_name']; 
         if(move_uploaded_file($tmp, $path.$actual_image_name)) 
          { 

           mysqli_query($dbc,"UPDATE movie SET Title='$title',Year = '$year',Cast='$cast',Cover='$actual_image_name',Tag='$tag',Comment='$comment',IMDB ='$IDBM' WHERE MovieID=".$id); 
           header ("Location: index.php"); 
          } 
         else 
          echo "failed"; 
        } 
        else 
        echo "Image file size max 1 MB";      
        } 
        else 
        echo "Invalid file format.."; 
      } 

     else 
      echo "Please select image..!"; 

     exit; 
    } 


    } 
    } 
    echo"error"; 
    }

來源

2014-05-14 user3626062

+0

你檢查了什麼是executin查詢 –

+1

你很容易受到[SQL注入攻擊](http://bobby-tables.com)。你有沒有確認你的'$ _GET ['id']'是你認爲的?就php而言,'example.com?ID = foo'和'example.com?id = foo'是兩個完全不同的查詢字符串。 –

+2

「WHERE ID = 1有效」OK,那麼爲什麼如果字段是'ID',爲什麼要使用'WHERE MovieID ='?這是什麼? – MrCode

回答

0

保護GET如何:

的$ id =用strip_tags(INTVAL ($ _GET [ 'ID']));

mysqli_query($ DBC,「UPDATE`movie` SET`Title` = '{$標題}','Year` = '{$年份}',`Cast` = '{$投}', 'Cover'='{$ actual_image_name}','Tag` ='{$ tag}',`Comment` ='{$ comment}', `IMDB` ='{$ IDBM}'其中`MovieID` =' {$ ID}「;」);

要驗證是否$ ID具有相同的價值:

回聲的$ id;

來源

2014-05-14 17:53:54 Nikba

+0

它正在打印值等於零,但在URL我看到值1 – user3626062

+0

您的網址是:example.com?ID=1或example.com?id=1? – Nikba

+0

ID = 1,我把我在這裏的所有代碼,以便您能幫助確定 – user3626062

0

聽起來也許你MovieID沒有被定義爲一個整數,但我們無法確定,因爲您沒有告訴我們mysqli_query正在拋出的錯誤消息。

您需要檢查由mysqli_query創建的錯誤消息才能知道。見http://www.php.net/manual/en/mysqli.error.php

來源

2014-05-14 16:58:43

0

試試這個

$id = $_GET['id']; // taking the value from URL 

mysqli_query($dbc,"UPDATE movie SET Title='$title',Year = '$year',Cast='$cast',Cover='$actual_image_name',Tag='$tag',Comment='$comment',IMDB ='$IDBM' WHERE MovieID=".$id); // the sql statement of the query

和你最好使用intval()以防止注射

$id = intval($_GET['id']); // taking the value from URL

來源

2014-05-14 17:08:09

+0

不工作,它不會使更新 – user3626062

相關問題

 相關問題