0
我想知道是否有人可以帮助我。PHP保存记录错误消息
我想把管理表格放在一起,可以修改成员记录。
我放在一起的代码如下,我可以成功从mySQL数据库检索记录,如果没有提供的电子邮件地址的记录,就会收到相应的消息。
<?php
mysql_connect ("host","user","password") or die (mysql_error());
mysql_select_db ("database");
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['search'])) {
$searchemailaddress = $_POST['searchemailaddress'];
$sql = mysql_query("select * from userdetails where emailaddress like '$searchemailaddress'");
if (mysql_num_rows($sql) == 0)
$msg = 'There are no member records set up with this email address, please try again!';
}
while ($row = mysql_fetch_array($sql)){
$emailaddress = $row['emailaddress'];
$forename = $row['forename'];
$surname = $row['surname'];
$subscriptionexpiration = $row['subscriptionexpiration'];
}
}
if (isset($_POST['update'])) {
$emailaddress = $_POST['emailaddress'];
$forename = $_POST['forename'];
$surname = $_POST['surname'];
$subscriptionexpiration = $_POST['subscriptionexpiration'];
$sql = mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress', `forename` = '$forename',`surname` = '$surname',`subscriptionexpiration` = '$subscriptionexpiration' LIMIT 1");
$msg = 'This members records have been successfully updated!';
}
?>
<html>
<head>
<title>Search the Database</title>
<style type="text/css">
<!--
.style1 {font-family: Calibri
}
.style9 { font-family: Calibri;
font-size: 24px;
background-color: #78AFC5;
}
.style7 {
font-family: Calibri;
font-size: 16px;
background-color: #FFFFFF;
}
-->
</style>
</head>
<body>
</p>
<p class="style1"> </p>
<div align="center"><span class="style9">Search & Amend User Records </span></div>
<p class="style7"><span class="style10">
<?php
if (isset($msg)) // this is special section for
// outputing message
{
?>
</span>
<p class="style7">
<?=$msg?>
<p class="style7"><span class="style10">
<?php
}
?>
</span>
<form action="searchandamend.php" method="post">
<table width="393" border="1">
<tr>
<td width="161"><span class="style1">Search:</span></td>
<td width="207"><span class="style1">
<input name="searchemailaddress" type="text" id="searchemailaddress" size="25"/>
</span></td>
</tr>
<tr>
<td><span class="style1">Email Address:</span></td>
<td><span class="style1">
<input name="emailaddress" type="text"value="<?php echo $emailaddress;?>" size="25"/>
</span></td>
</tr>
<tr>
<td><span class="style1">First Name:</span></td>
<td><span class="style1">
<input name="forename" type="text" value="<?php echo $forename;?>" size="20"/>
</span></td>
</tr>
<tr>
<td><span class="style1">Surname:</span></td>
<td><input name="surname" type="text" value="<?php echo $surname;?>" size="20"/></td>
</tr>
<tr>
<td><span class="style1">Subscription Expiry Date:</span> </td>
<td><input name="subscriptionexpiration" type="text" id="subscriptionexpiration" value="<?php echo $subscriptionexpiration;?>" size="10"/></td>
</tr>
</table>
<p><br/>
<input type="submit" name="search" value="Search Records">
<input name="update" type="submit" value="Update Record">
</p>
</form>
</body>
</html>
但是,当我尝试更改记录的任何部分时遇到问题。更改已保存,并且我收到了正确的“记录更新”消息,但我也收到此错误: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /homepages/2/d333603417/htdocs/development/searchandamend.php on line 14第14行是我的代码中的此行:while ($row = mysql_fetch_array($sql)){我一直在研究这一段时间,现在我只能似乎无法解决问题所在。
我只是想知道是否有人可以看看这个请让我知道我哪里出了问题。
非常感谢
好像'[ '搜索']'是,当你执行更新设置$ _ POST均匀。 – Cyclonecode 2012-01-15 15:14:26
'mysql_real_escape_string()'包含在SQL查询字符串中的变量。你在这里有一个巨大的安全漏洞! – 2012-01-15 16:47:40