2015-02-09 47 views
-1

我試圖通過表單更新我的數據庫。SQL更新代碼不改變數據庫數據

部分代碼正在工作,因爲它從表中檢索數據並將其顯示在窗體中,但sql更新代碼未在後端更改值。

的代碼片段如下,任何幫助都將讚賞:

<html> 
<head> 
    <body> 

<?php 
$con = mysql_connect("localhost","user","pass"); 
if(!$con){ 
die("Cannot Connect to database:" . mysql_error()); 
} 
mysql_select_db("intranet",$con); 
$sql = "SELECT * FROM progress_sheet"; 
$myData = mysql_query($sql,$con); 
if(isset($_POST['update'])){ 
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$_POST[jobdescription]' WHERE id='$_POST[hidden]'"; 
mysql_query($UpdateQuery, $con);  
}; 
echo "<table border=1> 
<tr> 
<th>Job Description</th> 
</tr>"; 
while($record = mysql_fetch_array($myData)){ 
echo "<form action=save.php method=post>"; 
echo "<tr>"; 
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
echo "<td>" . "<input type=hidden name=hidden value=" . $record['hidden'] . " </td>"; 
echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
echo "</form>"; 
} 
echo "</table>"; 
?> 
    </body> 
    </head> 
</html> 

*

+0

試圖看到有一個錯誤還檢查發佈數據mysql_query($ updatequery,$ con)或死亡(mysql_error()) – Sedz 2015-02-09 09:56:08

+1

請注意,這可能會讓你陷入一個很大的麻煩,由於SQL注入.. 。 – DonCallisto 2015-02-09 09:57:32

+0

您嘗試與非集PARAMS – donald123 2015-02-09 09:59:24

回答

0

在你的代碼不止一個發現錯誤,

1缺少單引號和雙引號。

2形式發佈到另一個文件save.php(行情也不見了)

<html> 
<head> 
    <body> 

<?php 
$con = mysql_connect("localhost","user","pass"); 
if(!$con){ 
die("Cannot Connect to database:" . mysql_error()); 
} 
mysql_select_db("intranet",$con); 
$sql = "SELECT * FROM progress_sheet"; 
$myData = mysql_query($sql,$con); 

if(isset($_POST['update'])){ 
$jobdescription = $_POST['jobdescription']; // See here 
$id = $_POST['hidden'];      // See here 
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$id'"; 
mysql_query($UpdateQuery, $con);  
}; 
echo "<table border=1> 
<tr> 
<th>Job Description</th> 
</tr>"; 
while($record = mysql_fetch_array($myData)){ 
echo "<form action='' method='post'>"; // See Here. The form is posted to another page 
echo "<tr>"; 
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>"; 
echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
echo "</form>"; 
} 
echo "</table>"; 
?> 
    </body> 
    </head> 
</html> 
-2

如下更改更新查詢,然後嘗試:

$UpdateQuery = "UPDATE progress_sheet SET jobdescription='".$_POST['jobdescription']."' WHERE id='".$_POST['hidden']."'"; 
+0

你應該意識到關於SQL注入的OP ... – DonCallisto 2015-02-09 09:57:06

+0

你需要顯示OP來檢查是否設置$ _POST x和y以避免E_NOTICE錯誤 – donald123 2015-02-09 09:57:53

0

這是用簡單的檢查來防止sql注入的基本示例。請注意,mysql函數已被棄用。你可以使用mysqli函數。

<html> 
    <head> 
    <body> 

    <?php 
     $con = mysql_connect("localhost","user","pass"); 
     if(!$con){ 
      die("Cannot Connect to database:" . mysql_error()); 
     } 
     mysql_select_db("intranet",$con); 
     $sql = "SELECT * FROM progress_sheet"; 
     $myData = mysql_query($sql,$con); 
     if(isset($_POST['update'])){ 

      //do basic checks to prevent sql injections 
      $jobdescription = isset($_POST['jobdescription']) ? trim($_POST['jobdescription'] : ''); 
      $hidden = isset($_POST['hidden']) ? trim($_POST['hidden'] : ''); 

      $jobdescription = mysql_real_escape_string($jobdescription); 
      $hidden = mysql_real_escape_string($hidden); 



      if(empty($jobdescription) || empty($hidden)){ 

       //handle errors here 
       //exit; 
       //or do error logging $errors[] = "Your error message" 
       //or redirect with header(...); 
      } 

      $UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$hidden'"; 
      mysql_query($UpdateQuery, $con); 
     }; 
     echo "<table border=1> 
     <tr> 
     <th>Job Description</th> 
     </tr>"; 
     while($record = mysql_fetch_array($myData)){ 
      echo "<form action=save.php method=post>"; 
      echo "<tr>"; 
      echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>"; 
      echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>"; 
      echo "<td>" . "<input type=submit name=update value=update" . " </td>"; 
      echo "</form>"; 
     } 
     echo "</table>"; 
    ?> 
</body> 
</head> 
</html> 

在你的PHP文件,你應該啓用錯誤報告的頂部,這將有助於您進行調試:

<?php 
// Turn off error reporting 
error_reporting(0); 

// Report runtime errors 
error_reporting(E_ERROR | E_WARNING | E_PARSE); 

// Report all errors 
error_reporting(E_ALL); 

// Same as error_reporting(E_ALL); 
ini_set("error_reporting", E_ALL); 

// Report all errors except E_NOTICE 
error_reporting(E_ALL & ~E_NOTICE); 
?> 
0
$UpdateQuery = 'UPDATE progress_sheet SET jobdescription="'.mysql_real_escape_string(isset($_POST['jobdescription']) ? $_POST['jobdescription'] : '').'" WHERE id='.(isset($_POST['hidden']) ? $_POST['hidden']*1 : 0); 

,並停止使用mysql_*功能,並移動到mysqli_*功能使用的是已過時的人。

+0

你已經缺少$ _POST附近的引號[jobdescription] – Whirlwind 2015-02-09 10:18:37

+0

是的,沒想過在那裏,在那裏編輯它們增加了變量存在的簡單詭計。 – Seti 2015-02-09 10:19:32