2016-07-24 106 views
2

我想編輯數據到數據庫我不知道爲什麼我不能這樣做。我一直在嘗試一些東西。也許有人可以看看。我試圖建立一個更新,我可以改名字,姓氏等等等等,但我不能配置甚至只是一個名頭..無法編輯數據庫中的數據,無法使用ID獲取名稱?

首頁文件 Managament系統

<body> 

    <h1>TU Chemnitz Student managament system</h1> 

    <br> 
    <a href="insert_form.html" class="myButton">ADD Person</a> 
    <a href="insert_form.html" class="myButton">Edit Person</a> 
    <a href="insert_form.html" class="myButton">Manage Boards</a> 
    <a href="insert_form.html" class="myButton">Manage Departments</a> 
    <a href="search_personel.html" class="myButton">Search N&S</a> 
    <a href="three_search.html" class="myButton">Triple Search</a> 
    <a href="mtable.php" class="myButton">Membership</a> 

    <br> 
    <br> 

<?php 

include_once('coneksioni.php'); 


// create query 
$querys = "SELECT * FROM tblperson"; 

// execute query 
$result = mysql_query($querys) or die ("Error in query: $query. ".mysql_error()); 

    $res = mysql_query("SELECT * FROM tblperson"); 

echo "<table border=1 align=center> 
<tr> 
<th>Personal ID</th> 
<th>First Name</th> 
<th>Last Name</th> 
<th>Deparment</th> 
<th>Board</th> 
<th>Marticulation Number</th> 
<th>Reg Date</th> 
<th>Action</th> 

</tr>"; 
while($row = mysql_fetch_array($res)) { 
    ?> 
    <tr> 
     <td><?=$row['personid']?></td> 
     <td><?=$row['personname']?></td> 
     <td><?=$row['personsurname']?></td> 
     <td><?=$row['persondepartment']?></td> 
     <td><?=$row['personboard']?></td> 
     <td><?=$row['martinumber']?></td> 
     <td><?=$row['personregdate']?></td> 
     <td> 
      <a href="edit20.php?edit<?=$row['personid']?>">edit</a> | 
      <a href="edit.php?id=$row[id]">del</a> 

     </td> 
    </tr> 

<?php 
    } 

?> 
</body> 
</html> 

和edit20.php

<?php 
    include_once('coneksioni.php'); 

    if(isset($_GET['edit'])) 
    { 
     $personid = $_GET['edit']; 
     $res= mysql_query("SELECT * FROM tblperson WHERE personid='$personid'"); 
     $row= mysql_fetch_array($res); 
    } 

    if(isset($_POST['personname'])) 
    { 
     $personname = $_POST['personname']; 
     $personid = $_POST['personid']; 
     $sql  = "UPDATE tblperson SET personname='$personname' WHERE personid='$personid'"; 
     $res  = mysql_query($sql) 
            or die("Could not update".mysql_error()); 
     echo "<meta http-equiv='refresh' content='0;url=home.php'>"; 
    } 

?> 
<form action="edit20.php" method="POST"> 
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br /> 
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>"> 
<input type="submit" value=" Update "/> 
</form> 

,並在我的數據庫表中的主鍵是PERSONIDñ ame字段personname(不是主鍵)。

回答

1

請使用預處理語句用於減少SQL注入

檢查coneksioni.php

$conn = new mysqli(HOST, USER, PASS, DBNAME); 

的edit.php

require_once ('coneksioni.php'); 

$edit_person = $conn->prepare(" 
    UPDATE tblperson SET 
    personname = ? WHERE personid = ? 
"); 

$edit_person->bind_param( 
    "si", 
    $personname, $personid 
); 

if(isset($_POST['personname']) && isset($_POST['personid'])) { 
    $personname = $_POST['personname']; 
    $personid = $_POST['personid']; 


    if (!$edit_person->execute()) { 
     // action if failed 
    } else { 
     // action if success 
    } 

    $edit_person->close(); 

} 

的form.html的風險

<form action="edit.php" method="POST"> 
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br /> 
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>"> 
<input type="submit" value=" Update "/> 
</form> 

Cheers