1. 首页
  2. 问答
  3. 输入不会在MySQL表更新

输入不会在MySQL表更新

2011-12-05 129 views
0

我不明白为什么这不更新我的数据,从文本输入接收:输入不会在MySQL表更新

include "config.php" 
printf ("Update PriceList\n"); 
printf ("<form method=\"post\" action=\"price_red.php\">"); 
printf ("Select PhoneID: <input type = \"Text\" name = \"PhonID\"><br>"); 
printf ("PhoneName:<input type = \"Text\" name = \"PhoneName\"><br>"); 
printf ("PhoneType:<input type = \"Text\" name = \"PhoneType\"><br>"); 
printf ("ScreenType:<input type = \"Text\" name = \"ScreenType\"><br>"); 
printf ("Camera: <input type = \"Text\" name = \"Camera\"><br>"); 
printf ("Quantity: <input type = \"Text\" name = \"Quantity\"><br>"); 
printf ("Price:<input type = \"Text\" name = \"Price\"><br>"); 
printf ("Out of stock:<input type = \"Text\" name = \"outofstock\"><br>"); 
printf ("<input type=\"Submit\" name=\"submit\" value=\"Update\">"); 
printf ("</form>"); 

$sql = mysql_query("UPDATE PhonesPriceList SET PhoneName = '$PhoneName', Price = '$Price',  Quantity = '$Quantity', Outofstock = '$outofstock' WHERE PhoneID = '$PhonID';"); 
$sql1 = mysql_query("UPDATE PhonesDetails SET PhoneType = '$PhoneType', ScreenType = '$ScreenType', Camera ='$Camera' WHERE PhoneID = '$PhonID';");

来源

2011-12-05 soryan

+1

欢迎来到堆栈溢出!您在查询中没有执行任何错误检查。在* mysql_query()'调用之后,你需要*来做到这一点。否则,如果查询失败,脚本将中断。如何做到这一点在[mysql_query()'](http://php.net/mysql_query)手册或本[参考问题。](http://stackoverflow.com/questions/6198104/reference -what-a-perfect-code-sample-using-the-mysql-extension) –

+0

你显示的代码也容易受到[SQL注入](http://php.net/manual/en/security.database .SQL-injection.php)。使用适当的卫生方法(例如'mysql_real_escape_string()'用于传统的mysql库),或切换到PDO并准备好语句。 –

+0

$ PhoneName变量定义的变量 – craig1231

回答

0

尝试这样的事情。只要确保您添加适当的卫生设施,以防止注射

include "config.php" 

    if(isset('submit'){ 
$Phoneid= $_POST['PhoneID']; 
    $Phone_name= $_POST['PhoneName']; 
    $Phone_type = $_POST['PhoneType']; 
    $screen_type= $_POST['ScreenType']; 
    $camera = $_POST['Camera']; 
    $Quantity = $_POST['Quantity']; 
    $price = $_POST['Price']; 
$outofstock = $_POST['outofstock']; 

$dbc = mysqli_connect(data info) 
or die ('Error connecting'); 
    $query = "UPDATE PhonesPriceList SET PhoneName = '$PhoneName', Price = '$price',  
     Quantity =  '$Quantity', Outofstock = '$outofstock' WHERE PhoneID = '$PhonID' "; 

    msqli_query($dbc, $query) or die (' failed to query'); 

    echo ' Update successful'; 

    mysqli_close($dbc); 
    }

来源

2011-12-05 17:01:52 dansasu11

+0

非常感谢! – soryan

1

表单的数据不会自动转化成变量。数据应该在$_POST[ 'name' ]其中“name”是输入字段的名称属性。

请记住在进行任何数据库操作之前清理传入数据(查找mysql_real_escape_string())。

还有一个小建议:不要使用printf()来输出大块文本,您可以退回到纯HTML。代码看起来会更干净。

include "config.php" 
// go back to pure HTML 
?> 
Update PriceList 
<form method="post" action="price_red.php"> 
... 
<?php // back to PHP

来源

2011-12-05 16:19:53 JJJ

+0

非常感谢,我会尝试 – soryan

相关问题

 相关问题