更新:我縮小了它,當我在header.php文件中刪除了這個標籤時,它可以工作,有人可以請解釋這一點。PHP更新表插入空白字段
<script src="#" type="text/javascript"></script>
嗨我有一個相當惱人的問題,我的PHP代碼。我正在嘗試從表單更新一個php數據庫,但是當我這樣做時,數據庫中的字段在提交後變爲空。請幫忙!你可以在這裏查看它的動作http://andcreate.com/shoelace/admin/edit1.php點擊右邊的列表來編輯它們,看看會發生什麼。
<?php
include("header.php");
echo "<h2>Edit Posts</h2>";
echo "<div id='editNav'>";
echo "<p>Choose Post to Edit</p>";
//////////GET ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
$results = mysql_query("SELECT * FROM shoeData ");
while($row = mysql_fetch_array($results)){
$id = $row['id'];
$name = $row['name'];
$about = $row['about'];
echo "$date <a href=\"" . $_SERVER['PHP_SELF'] . "?id=$id" . "\">" . substr($name, 0, 40) . " </a> <br/> ";
}
$thisID = $_GET['id'];
if(!isset($thisID)){
$thisID = 22;
}
//////////FINISH ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
echo "</div>";
///////IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
//has user pressed the button
$update = $_GET['update'];
if($update == "yes") {
$name = $_POST['name'];
$about = $_POST['about'];
$company = $_POST['company'];
$buy = $_POST['buy'];
//update data for this record
$sql = "UPDATE shoeData SET
name = \"$name\",
about = \"$about\",
company = \"$company\",
buy = \"$buy\"
WHERE id= $thisID";
$thisUpdate = mysql_query($sql) or die(mysql_error());
}
///////END IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
/////////// HERE WE GET THE INFO FOR ONE RECORD ONLY////////
$results = mysql_query("SELECT * FROM shoeData WHERE id=$thisID");
while($row = mysql_fetch_array($results)){
$name = $row['name'];
$about = $row['about'];
$company = $row['company'];
$buy = $row['buy'];
}
//////////////FINISH GETTING INFO FOR ONE RECORD ONLY/////////////
?>
<form name="formS" method="post" action="<?php echo $_SERVER['PHP_SELF']."?id=$thisID&update=yes";?>">
Name
<p>
<input type="text" name="name" id="name" value="<?php echo $name;?>" />
</p>
About
<p>
<input type="text" name="about" id="about" value="<?php echo $about;?>" />
</p>
Company
<p>
<input type="text" name="company" id="company" value="<?php echo $company;?>" />
</p>
Name
<p>
<input type="text" name="buy" id="buy" value="<?php echo $buy;?>" />
</p>
<p>
<input type="submit" name="submit" id="submit" />
</p>
</form>
<p><a class="delete" href="delete.php?id=<?php echo $thisID;?>">Delete this post</a></p>
<?php
include("footer.php");
?>
將'$ _POST'變量直接包含到SQL查詢中,而無需首先進行消毒/驗證,這是一個巨大的安全漏洞。不要這樣做。 – Amber 2009-12-16 07:03:01
好的,我會採取任何建議來解決這個問題,以及我遇到的問題。 – 2009-12-16 07:05:07
您是否檢查了數據庫以確保shoeData中有一行id列實際上等於'$ thisID'?愚蠢的,我知道,但它發生 – munch 2009-12-16 07:16:09