如何从数据库编辑单个记录？

Question

代码为20的2014年1月

<?php 
session_start(); 
// connect to the database 
include('connect.php'); 
$message = $_GET['message']; 
// check if the form has been submitted then process it 
if (isset($_POST['submit'])) 
{ 
// Get data from table 
//set the id manually for test purposes 
$id = "429"; 
$forename = mysql_real_escape_string(htmlspecialchars($_POST['forename'])); 
$surname = mysql_real_escape_string(htmlspecialchars($_POST['surname'])); 
$username = mysql_real_escape_string(htmlspecialchars($_POST['username'])); 
$email = mysql_real_escape_string(htmlspecialchars($_POST['email'])); 
$password = mysql_real_escape_string(htmlspecialchars($_POST['password'])); 
// check for empty fields and display error message 
if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '') 
{ 
$message = "Please enter data in all fields" ; 
header("Location: edit.php?message=$message"); 
} 
else 
{ 
// save the data to the table 
mysql_query("UPDATE registration SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'") 
or die(mysql_error()); 
} 
// redirecr and display message 
$message = "Your changes have been saved"; 
header("Location: edit.php?message=$message"); 
exit; 
} 
$id=429;// this line could have been $id=$_SESSION['id']; 
$result = mysql_query("SELECT * FROM registration WHERE id=$id LIMIT 1") 
or die(mysql_error()); 
$row = mysql_fetch_array($result); 
// check that the 'id' matches up with a row in the databse 
if($row) 
{ 
// get data from the table 
$forename = $row['forename']; 
$surname = $row['surname']; 
$username = $row['username']; 
$email = $row['email']; 
$password = $row['password']; 
//dummy echo 
print $message; 
} 
?> 

<!doctype html> 
<html> 
<head> 
<meta charset="utf-8"> 

<link rel="stylesheet" href="styles/all.css" /> 
<link rel="stylesheet" href="styles/forms.css" /> 

<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script> 

<link href='//fonts.googleapis.com/css?family=Cantora+One' rel='stylesheet' type='text/css'> 
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'> 
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'> 

<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> 

</head> 

<div class="container"> 

<form action="" method="post" enctype="multipart/form-data" name="edit" id="editrecord"> 
<fieldset> 
<legend><span class="headingreg">Edit Details</span></legend> 
<div class="formreg"> 

<input type="hidden" name="id" value="<?php echo $id; ?>"/> 

<br style="clear:left;"/> 
<label for="forename">Forename</label><div><input type="text" id="forename" name="forename" class="insetedit" value="<?php echo $forename; ?>"/><br/></div> 
<label for="forename">Surname</label><div><input type="text" name="surname" class="insetedit" value="<?php echo $surname; ?>"/><br/></div> 
<label for="forename">Username</label><div><input type="text" name="username" class="insetedit" value="<?php echo $username; ?>"/><br/></div> 
<label for="forename">Password</label><div><input type="text" name="password" class="insetedit" value="<?php echo $password; ?>"/><br/></div> 
<label for="forename">email</label><div><input type="text" name="email" class="insetedit" value="<?php echo $email; ?>"/><br/></div> 

<input type="submit" name="submit" class="submit2" value="submit"> 
</div> 
</fieldset> 
</form> 

<br style="clear:left;"/> 
<br style="clear:left;"/> 

</body> 
</html> 

缩进REMOVED

我下面要编辑的教程，并在数据库中删除存储的记录。

http://www.falkencreative.com/forum/records/view.php

在本教程中一个页面显示记录在数据库中，另一个用来编辑记录：

http://www.falkencreative.com/forum/records/edit.php?id=33004

的问题是数据库中的所有记录都显示出来。我需要做什么更改才能显示和编辑基于单个页面上指定ID的记录？例如

$ id =“429”;

最终我会使用会话，但为了测试目的，我想手动设置ID。

我试着把代码放在一个页面中，但有很多错误，例如标题已发送。

这是edit.php页面，我尝试手动设置ID。

<?php 
/* 
EDIT.PHP 
Allows user to edit specific entry in database 
*/ 

// creates the edit record form 
// since this form is used multiple times in this file, I have made it a function that is easily reusable 
function renderForm($id, $forename, $surname, $username, $password, $email, $error) 
{ 
?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 
<html> 
<head> 
<title>Edit Record</title> 
</head> 
<body> 
<?php 
// if there are any errors, display them 
if ($error != '') 
{ 
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; 
} 
?> 

<form action="" method="post"> 
<input type="hidden" name="id" value="<?php echo $id; ?>"/> 
<div> 
<p><strong>ID:</strong> <?php echo $id; ?></p> 
<strong>Forename: *</strong> <input type="text" name="forename" value="<?php echo $forename; ?>"/><br/> 
<strong>Surname: *</strong> <input type="text" name="surname" value="<?php echo $surname; ?>"/><br/> 
<strong>Username: *</strong> <input type="text" name="username" value="<?php echo $username; ?>"/><br/> 
<strong>email: *</strong> <input type="text" name="password" value="<?php echo $password; ?>"/><br/> 
<strong>password: *</strong> <input type="text" name="email" value="<?php echo $email; ?>"/><br/> 
<p>* Required</p> 
<input type="submit" name="submit" value="Submit"> 
</div> 
</form> 
</body> 
</html> 
<?php 
} 


// connect to the database 
include('connect-db.php'); 

// check if the form has been submitted. If it has, process the form and save it to the database 
if (isset($_POST['submit'])) 
{ 
// confirm that the 'id' value is a valid integer before getting the form data 
if (is_numeric($_POST['id'])) 
{ 
// get form data, making sure it is valid 
$id = "429"; 
$forename = mysql_real_escape_string(htmlspecialchars($_POST['forename'])); 
$surname = mysql_real_escape_string(htmlspecialchars($_POST['surname'])); 
$username = mysql_real_escape_string(htmlspecialchars($_POST['username'])); 
$email = mysql_real_escape_string(htmlspecialchars($_POST['email'])); 
$password = mysql_real_escape_string(htmlspecialchars($_POST['password'])); 

// check that forename/surname fields are both filled in 
if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '') 
{ 
// generate error message 
$error = 'ERROR: Please fill in all required fields!'; 

//error, display form 
    renderForm($id, $forename, $surname, $username, $password, $email, $error); 
} 
else 
{ 
// save the data to the database 
mysql_query("UPDATE login SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'") 
or die(mysql_error()); 


// once saved, redirect back to the view page 
header("Location: view.php"); 
} 
} 
else 
{ 
// if the 'id' isn't valid, display an error 
echo 'Error!'; 
} 
} 
else 
// if the form hasn't been submitted, get the data from the db and display the form 
{ 

// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0) 
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) 
{ 
// query db 
$id = $_GET['id']; 
$result = mysql_query("SELECT * FROM login WHERE id=$id") 
or die(mysql_error()); 
$row = mysql_fetch_array($result); 

// check that the 'id' matches up with a row in the databse 
if($row) 
{ 

// get data from db 
$forename = $row['forename']; 
$surname = $row['surname']; 
$username = $row['username']; 
$email = $row['email']; 
$password = $row['password']; 

// show form 
renderForm($id, $forename, $surname, $username, $password, $email, ''); 
    } 
else 
// if no match, display result 
{ 
echo "No results!"; 
} 
} 
else 
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error 
{ 
echo 'Error!'; 
} 
} 
?> 

而且view.php页面：

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 
<html> 
<head> 
<title>View Records</title> 
</head> 
<body> 

<?php 
/* 
VIEW.PHP 
Displays all data from 'players' table 
*/ 

// connect to the database 
include('connect-db.php'); 

// get results from database 
$result = mysql_query("SELECT * FROM login") 
or die(mysql_error()); 

// display data in table 
echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>"; 

echo "<table border='1' cellpadding='10'>"; 
echo "<tr> <th>ID</th> <th>Forename</th> <th>Surname</th> <th>Username</th> <th>eMail</th> <th>Password</th></tr>"; 

// loop through results of database query, displaying them in the table 
while($row = mysql_fetch_array($result)) { 

// echo out the contents of each row into a table 
echo "<tr>"; 
echo '<td>' . $row['id'] . '</td>'; 
echo '<td>' . $row['forename'] . '</td>'; 
echo '<td>' . $row['surname'] . '</td>'; 
echo '<td>' . $row['username'] . '</td>'; 
echo '<td>' . $row['password'] . '</td>'; 
echo '<td>' . $row['email'] . '</td>'; 
echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>'; 
echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>'; 
echo "</tr>"; 
} 

// close table> 
echo "</table>"; 
?> 
<p><a href="new.php">Add a new record</a></p> 

</body> 
</html> 

REMOVED功能和错误变量

<?php 
include('connect.php'); 
// check if the form has been submitted. If it has, process the form and save it to the database 
if (isset($_POST['submit'])) 
{ 
// get form data 
$id = "429"; 
$forename = mysql_real_escape_string(htmlspecialchars($_POST['forename'])); 
$surname = mysql_real_escape_string(htmlspecialchars($_POST['surname'])); 
$username = mysql_real_escape_string(htmlspecialchars($_POST['username'])); 
$email = mysql_real_escape_string(htmlspecialchars($_POST['email'])); 
$password = mysql_real_escape_string(htmlspecialchars($_POST['password'])); 
// check empty fields 
if ($forename == '' || $surname == '' || $username == '' || $password == '' || $email == '') 
{ 
// generate error message 
echo 'ERROR: Please fill in all required fields!'; 
} 
else 
{ 
// save the data to the database 
mysql_query("UPDATE registration SET forename='$forename', surname='$surname', username='$username', email='$email', password='$password' WHERE id='$id'") 
or die(mysql_error()); 
// Redirect 
echo "Your changes have been saved"; 
header("Location: edit.php"); 
} 
} 
$id=429;// this line could have been $id=$_SESSION['id']; 
$result = mysql_query("SELECT * FROM registration WHERE id=$id LIMIT 1") 
or die(mysql_error()); 
$row = mysql_fetch_array($result); 
// check that the 'id' matches up with a row in the databse 
if($row) 
{ 
// get data from db 
$forename = $row['forename']; 
$surname = $row['surname']; 
$username = $row['username']; 
$email = $row['email']; 
$password = $row['password']; 
//dummy echo 
echo 'formatting is messed up'; 
} 
?> 

Answer 1

你只需要与提供该ID的代码替换$_GET['id']。

如果您正在使用的会话，例如，与$_SESSION['id']

更换$_GET['id']在你的代码文件edit.php：

// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0) 
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) 
{ 
// query db 
$id = $_GET['id']; 
$result = mysql_query("SELECT * FROM login WHERE id=$id") 
or die(mysql_error()); 
$row = mysql_fetch_array($result); 

更改为：

$id=429;// this line could have been $id=$_SESSION['id']; 
$result = mysql_query("SELECT * FROM login WHERE id=$id LIMIT 1") 
    or die(mysql_error()); 
$row = mysql_fetch_array($result); 

当然，为了达到执行该代码的目的，您需要删除条件语句，因为您不再从第e $_GET。

我还为查询添加了一个LIMIT 1，以便您只返回一条记录;你可能会反正，但如果id没有唯一的索引（如主键），它可能会返回多个记录。

另外，在本例中，您几乎可以用mysqli_替换所有已弃用的mysql_参考号。它不会像mysqli那样通过准备好的语句来保护你，但它仍然应该起作用。

最后，renderForm函数是一个形式很差的函数。每个页面只能有一个<html>声明，如果您多次调用该函数，则会有多个声明。