1. 首页
  2. 问答
  3. 更新代码导致错误,但它看起来好像没什么问题:

更新代码导致错误,但它看起来好像没什么问题:

2012-01-13 38 views
2

问题2.更新代码导致错误,但它看起来好像没什么问题:

现在我得到在代码不输入实际的ID号到查询的错误...

这里是错误:

查询错误:您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册,以便在第1行“'附近使用正确的语法。

代码已更新以显示新代码。 (再次),这次是隐藏脚本,以及其他一些调整。我已经失去了希望得到这个工作。

Issue 1 Solved:  
This line of code is brining back and error: 

     $query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = "$_GET['id']""; 

    The error is: 

    **Parse error: syntax error, unexpected T_VARIABLE in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 49** 

I can't figure out why it is doing it, if someone can show me my mistake it be greatlyfully appreciated.

好的,这里是整个代码。

  <?php 
require_once('connectvars.php'); 
echo '<div id="postwrap">' 
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <title>PDI NCMR - Edit</title> 
    <link rel="stylesheet" type="text/css" href="CSS/postie.css" /> 
</head> 
<body> 
    <div id="logo"> 
    <img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" /> 
</div> 

<?php 

     $id=0; 
     if(isset($_GET['id'])) 
     $id= mysqli_real_escape_string($dbc, trim($_GET['id'])); 

     if (isset($_POST['submit'])) { 
      $id= mysqli_real_escape_string($dbc, trim($_POST["id"])); 
// Connect to the database 
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 

// Enter data into the database 
    $ab = mysqli_real_escape_string($dbc, trim($_POST['ab'])); 
    $date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date'])))); 
    $part = mysqli_real_escape_string($dbc, trim($_POST['part'])); 
    $rev = mysqli_real_escape_string($dbc, trim($_POST['rev'])); 
    $partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc'])); 
    $ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty'])); 
    $comp = mysqli_real_escape_string($dbc, trim($_POST['comp'])); 
    $ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid'])); 
    $rma = mysqli_real_escape_string($dbc, trim($_POST['rma'])); 
    $jno = mysqli_real_escape_string($dbc, trim($_POST['jno'])); 
    $fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt'])); 
    $cof = mysqli_real_escape_string($dbc, trim($_POST['cof'])); 
    $fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1'])); 
    $fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2'])); 
    $fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3'])); 
    $non= mysqli_real_escape_string($dbc, trim($_POST['non'])); 
    $dis= mysqli_real_escape_string($dbc, trim($_POST['dis'])); 
    $comm= mysqli_real_escape_string($dbc, trim($_POST['comm'])); 
    $caad= mysqli_real_escape_string($dbc, trim($_POST['caad'])); 
    $po= mysqli_real_escape_string($dbc, trim($_POST['po'])); 
    $pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod'])))); 
    $dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri'])))); 

    $query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = $id"; 

// echo your raw query and look for obvious errors 
    echo "Query is : " . $query . "<br />"; 

// and at least use a basic mechanism to trap possibles errors 
     mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc)); 


// Confirm success with the user 
     echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>'; 

     // echo your raw query and look for obvious errors 
    echo "Query is : " . $query . "<br />"; 
// Clear the form data 
    $id = ""; 
    $ab = ""; 
    $date = ""; 
    $part = ""; 
    $rev = ""; 
    $partdesc = ""; 
    $ncmrqty = ""; 
    $comp = ""; 
    $ncmrid = ""; 
    $rma = ""; 
    $jno = ""; 
    $fdt = ""; 
    $cof = ""; 
    $fab1= ""; 
    $fab2= ""; 
    $fab3= ""; 
    $non= ""; 
    $dis= ""; 
    $comm= ""; 
    $caad= ""; 
    $po= ""; 
    $pod = ""; 
    $dri = ""; 
      mysqli_close($dbc); 
      } 

    else {  

// Connect to the database 
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
// Grab the profile data from the database 
if (!isset($_GET['id'])) { 
    $query = "SELECT * FROM ncmr WHERE id = '$id'"; 
    } 
    else { 
    $query = "SELECT * FROM ncmr WHERE id = '$id'"; 
    } 

    $data = mysqli_query($dbc, $query); 

    if (mysqli_num_rows($data) == 1) { 
// The user row was found so display the user data 
    $row = mysqli_fetch_array($data); 
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>"; 
    echo '<fieldset>'; 

     echo '<div id="box1">'; 
      if (empty($row['ab'])) $row['ab'] = "Empty"; 
      if (empty($row['date'])) $row['date'] = "Empty"; 
      if (empty($row['part'])) $row['part'] = "Empty"; 
      if (empty($row['rev'])) $row['rev'] = "Empty"; 
      if (empty($row['partdesc'])) $row['partdesc'] = "Empty"; 
      if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty"; 
      echo '<div id="ab"><span class="b">Added By:&nbsp;&nbsp;</span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>'; 
      echo '<div id="date"><span class="b">Date Filed:&nbsp;&nbsp;</span><input type="text" name="date" value="' . $row['date'] . '" /></div>'; 
      echo '<div id="part"><span class="b">Part Number:&nbsp;&nbsp;</span><input type="text" name="part" value="' . $row['part'] . '" /></div>'; 
      echo '<div id="rev"><span class="b">Part Revision:&nbsp;&nbsp;</span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>'; 
      echo '<div id="partdesc"><span class="b">Part Description:&nbsp;&nbsp;</span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>'; 
      echo '<div id="ncmrqty"><span class="b">NCMR Qty:&nbsp;&nbsp;</span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>'; 
     echo '</div>'; 

//Company, Customer NCMR, Internal RMA, and Job Number 
     echo '<div id="box2">'; 
      if (empty($row['comp'])) $row['comp'] = "Empty"; 
      if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty"; 
      if (empty($row['rma'])) $row['rma'] = "Empty"; 
      if (empty($row['jno'])) $row['jno'] = "Empty"; 
       echo '<div id="comp"><span class="b">Company:&nbsp;&nbsp;</span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>'; 
        echo '<div id="ncmrid"><span class="b">Customer NCMR ID:&nbsp;&nbsp;</span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>'; 
        echo '<div id="rma"><span class="b">Internal RMA #:&nbsp;&nbsp;</span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>'; 
        echo '<div id="jno"><span class="b">Job #:&nbsp;&nbsp;</span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>'; 
     echo '</div>'; 

//Type of Failure and Class of Failure 
     echo '<div id="box3">'; 
      echo '<h2>Failure</h2>'; 
       echo '<div id="cof"><span class="b">Class of Failure:&nbsp;&nbsp;</span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>'; 
       echo '<div id="fdt"><span class="b">Failure Due To:&nbsp;&nbsp;</span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>'; 

      echo '</div>'; 

//Fabricators 
     echo '<div id="box4">'; 
      echo '<h2>Fabricators</h2>'; 
if ($row['fab1']="--None--") 
{ 
    echo'<div id="fab1">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo'<div id="fab1">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 


if ($row['fab2']="--None--") 
{ 
    echo'<div id="fab2">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab2'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>'; 
    echo '</div>'; 
} 
if ($row['fab3']="--None--") 
{ 
    echo'<div id="fab3">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab3'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>'; 
    echo '</div>'; 
}  echo '</div>'; 

//Nonconformity, Disposition, Comments and Comments & Additional Details 
     echo '<div id="box5">'; 
      if (empty($row['non'])) $row['non'] = "Empty"; 
      if (empty($row['dis'])) $row['dis'] = "Empty"; 
      if (empty($row['comm'])) $row['comm'] = "Empty"; 
      if (empty($row['caad'])) $row['caad'] = "Empty"; 

      echo '<div id="non"><span class="b">Nonconformity:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>'; 
      echo '<div id="dis"><span class="b">Disposition:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>'; 
      echo '<div id="comm"><span class="b">Comments:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>'; 
      echo '<div id="caad"><span class="b">Comments and/or Additional Details:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>'; 

       echo '<div id="podr">'; 
         if (empty($row['po'])) $row['po'] ="Empty"; 
         if (empty($row['pod'])) $row['pod'] ="Empty"; 
         if (empty($row['dir'])) $row['dri'] ="Empty"; 

        echo '<div id="po"><span class="b">PO:&nbsp;&nbsp;</span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>'; 
        echo '<div id="pod"><span class="b">PO Date:&nbsp;&nbsp;</span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>'; 
        echo '<div id="dri"><span class="b">Date Received:&nbsp;&nbsp;</span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>'; 
       echo '</div>'; 
      echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>'; 
//Save ID so it can be used with POST request. 
echo "<input type='hidden' value='$id' name='id'/>"; 

     echo '</div>'; 
    echo '</fieldset>'; 
echo '</form>'; 
     } 
    } 

echo '</div>'; 

?> 
</body> 
</html>

来源

2012-01-13 Matt Ridge

+2

**警告**您的代码对您的where子句中的SQL注入攻击是可以接受的! – 2012-01-13 13:29:40

+0

@ DanielA.White很高兴您警告可能的SQL注入的OP,但是您不提供解决此问题的任何指示。也许你可以添加一个链接或OP为了阅读和学习? – Bazzz 2012-01-13 13:32:22

+0

除了针对原始问题的解决方案之外,还可以在我的答案中找到方向! :) – Connum 2012-01-13 13:35:40

回答

6

你需要前后$_GET['id']的thingie使用连接运算符.。或将其嵌入到字符串:

".... WHERE id = {$_GET['id']}";

(请注意,您$_GET['id']不消毒,直接从网络上输入取不是最好的事情。)。

来源

2012-01-13 13:28:56

3

你忘了连接操作在这里:"$_GET['id']"",应该是".$_GET['id'].";"

每次看到解析错误时间:语法错误,故障就在你身边。你有文件名和行号,你只需要看看:-)

来源

2012-01-13 13:29:05 Damien

+0

我不认为“;”是正在生成的字符串的一部分... – Chris 2012-01-13 13:31:39

+0

由于整个代码在这里,我认为没有其他的SQL条件,所以;可以安全地添加(它只是更干净)。 – Damien 2012-01-13 13:33:08

+0

* nod *它更多的是我认为'''原文中的';'是语句的结尾';'而不是字符串的一部分。我个人不认为加入;使它更清洁,但这是个人喜好。 – Chris 2012-01-13 13:35:08

0

我的PHP的记忆越来越模糊,但是这部分看起来错误:

WHERE id = "$_GET['id']"";

我假设你使用双引号那里避免与变量中的单引号混淆,但我会想象你会想要某种连接运算符。即:

WHERE id = ".$_GET['id'];

或者你可以只是做

$getid = $_GET['id']

前手和你的表达式中使用简单的变量名。这将更符合你如何处理其余变量...

来源

2012-01-13 13:30:07 Chris

0

逃避得到id关闭querystring就像你做其他值。这不是合适的。

来源

2012-01-13 13:30:24

0

您忘记为字符串连接添加运算符.。这是它应该如何看:

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".$_GET['id'];

而且,非常重要:不要在SQL查询中使用未经核实的请求数据,否则将容易受到MySQL injections!在这种情况下,如果ID始终是一个整数,加入(INT)$_GET['id']之前将帮助:

WHERE id = "$_GET['id']" 
// should be 
WHERE id = '{$_GET['id']}'

然而,你应该先逃避它:

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".(int)$_GET['id'];

来源

2012-01-13 13:30:24 Connum

2

您已经在最后断章取义$_GET['id']mysql_real_escape_string()

$id = mysql_real_escape_string($_GET['id']); 
// Then use 
WHERE id = '$id'

来源

2012-01-13 13:31:12

+0

为什么大家都会错过它?\t $ id = mysqli_real_escape_string($ dbc,trim($ _ GET ['id']));卫生脚本的第一行 – 2012-01-13 13:58:13

+0

@MattRidge I看到它在那里,但你仍然直接在你的查询中使用'$ _GET ['id']'。 – 2012-01-13 14:00:09

+0

@MattRidge对我们而言,突出的不是逃脱变量的大块,而是非字节化的SQL字符串中的唯一一个变量。 – 2012-01-13 14:00:52

0

好,大量的工作,围绕切换代码和不眠之夜后,我好像在这里一提的回答我自己有帮助的问题我向那些确实给出正确方向的答案的人表示赞赏。

这是我做什么,从原来的代码,我改变了这些位:

线20〜28:我把访问数据库的脚本之前,不要问我,为什么我没有看到这之前,但我做到了,我肯定是一个初学者的错误,但仍然发生,尤其是因为我还是一名初学者。

这是第20-28行之间的代码,因为它现在看起来像。

// Connect to the database 
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 

     $id= mysqli_real_escape_string($dbc, trim(0)); 
     if(isset($_GET['id'])) 
     $id= mysqli_real_escape_string($dbc, trim($_GET['id'])); 

     if (isset($_POST['submit'])) { 
      $id= mysqli_real_escape_string($dbc, trim($_POST["id"]));

第54行按照此处的建议进行了重写。

它现在在结尾处有正确数量的引号,看起来像这样。

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";[/code]

我删除线67.

这一个:

echo "Query is : " . $query . "<br />";

我删除线97和98

// Connect to the database 
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

即所有的编辑。

这里是完整的代码。

<?php 
require_once('connectvars.php'); 
echo '<div id="postwrap">' 
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <title>Edit</title> 
     <link rel="stylesheet" type="text/css" href="CSS/postie.css" /> 
</head> 
<body> 
    <div id="logo"> 
    <img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" /> 
</div> 

<?php 
// Connect to the database 
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 

     $id= mysqli_real_escape_string($dbc, trim(0)); 
     if(isset($_GET['id'])) 
     $id= mysqli_real_escape_string($dbc, trim($_GET['id'])); 

     if (isset($_POST['submit'])) { 
      $id= mysqli_real_escape_string($dbc, trim($_POST["id"])); 

// Enter data into the database 
    $ab = mysqli_real_escape_string($dbc, trim($_POST['ab'])); 
    $date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date'])))); 
    $part = mysqli_real_escape_string($dbc, trim($_POST['part'])); 
    $rev = mysqli_real_escape_string($dbc, trim($_POST['rev'])); 
    $partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc'])); 
    $ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty'])); 
    $comp = mysqli_real_escape_string($dbc, trim($_POST['comp'])); 
    $ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid'])); 
    $rma = mysqli_real_escape_string($dbc, trim($_POST['rma'])); 
    $jno = mysqli_real_escape_string($dbc, trim($_POST['jno'])); 
    $fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt'])); 
    $cof = mysqli_real_escape_string($dbc, trim($_POST['cof'])); 
    $fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1'])); 
    $fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2'])); 
    $fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3'])); 
    $non= mysqli_real_escape_string($dbc, trim($_POST['non'])); 
    $dis= mysqli_real_escape_string($dbc, trim($_POST['dis'])); 
    $comm= mysqli_real_escape_string($dbc, trim($_POST['comm'])); 
    $caad= mysqli_real_escape_string($dbc, trim($_POST['caad'])); 
    $po= mysqli_real_escape_string($dbc, trim($_POST['po'])); 
    $pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod'])))); 
    $dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri'])))); 

    $query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'"; 

// echo your raw query and look for obvious errors 
    echo "Query is : " . $query . "<br />"; 

// and at least use a basic mechanism to trap possibles errors 
     mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc)); 


// Confirm success with the user 
     echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>'; 

// Clear the form data 
    $id = ""; 
    $ab = ""; 
    $date = ""; 
    $part = ""; 
    $rev = ""; 
    $partdesc = ""; 
    $ncmrqty = ""; 
    $comp = ""; 
    $ncmrid = ""; 
    $rma = ""; 
    $jno = ""; 
    $fdt = ""; 
    $cof = ""; 
    $fab1= ""; 
    $fab2= ""; 
    $fab3= ""; 
    $non= ""; 
    $dis= ""; 
    $comm= ""; 
    $caad= ""; 
    $po= ""; 
    $pod = ""; 
    $dri = ""; 
      mysqli_close($dbc); 
      } 

    else {  

// Grab the profile data from the database 
if (!isset($_GET['id'])) { 
    $query = "SELECT * FROM ncmr WHERE id = '$id'"; 
    } 
    else { 
    $query = "SELECT * FROM ncmr WHERE id = '$id'"; 
    } 

    $data = mysqli_query($dbc, $query); 

    if (mysqli_num_rows($data) == 1) { 
// The user row was found so display the user data 
    $row = mysqli_fetch_array($data); 
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>"; 
    echo '<fieldset>'; 

     echo '<div id="box1">'; 
      if (empty($row['ab'])) $row['ab'] = "Empty"; 
      if (empty($row['date'])) $row['date'] = "Empty"; 
      if (empty($row['part'])) $row['part'] = "Empty"; 
      if (empty($row['rev'])) $row['rev'] = "Empty"; 
      if (empty($row['partdesc'])) $row['partdesc'] = "Empty"; 
      if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty"; 
      echo '<div id="ab"><span class="b">Added By:&nbsp;&nbsp;</span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>'; 
      echo '<div id="date"><span class="b">Date Filed:&nbsp;&nbsp;</span><input type="text" name="date" value="' . $row['date'] . '" /></div>'; 
      echo '<div id="part"><span class="b">Part Number:&nbsp;&nbsp;</span><input type="text" name="part" value="' . $row['part'] . '" /></div>'; 
      echo '<div id="rev"><span class="b">Part Revision:&nbsp;&nbsp;</span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>'; 
      echo '<div id="partdesc"><span class="b">Part Description:&nbsp;&nbsp;</span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>'; 
      echo '<div id="ncmrqty"><span class="b">NCMR Qty:&nbsp;&nbsp;</span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>'; 
     echo '</div>'; 

//Company, Customer NCMR, Internal RMA, and Job Number 
     echo '<div id="box2">'; 
      if (empty($row['comp'])) $row['comp'] = "Empty"; 
      if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty"; 
      if (empty($row['rma'])) $row['rma'] = "Empty"; 
      if (empty($row['jno'])) $row['jno'] = "Empty"; 
       echo '<div id="comp"><span class="b">Company:&nbsp;&nbsp;</span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>'; 
        echo '<div id="ncmrid"><span class="b">Customer NCMR ID:&nbsp;&nbsp;</span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>'; 
        echo '<div id="rma"><span class="b">Internal RMA #:&nbsp;&nbsp;</span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>'; 
        echo '<div id="jno"><span class="b">Job #:&nbsp;&nbsp;</span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>'; 
     echo '</div>'; 

//Type of Failure and Class of Failure 
     echo '<div id="box3">'; 
      echo '<h2>Failure</h2>'; 
       echo '<div id="cof"><span class="b">Class of Failure:&nbsp;&nbsp;</span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>'; 
       echo '<div id="fdt"><span class="b">Failure Due To:&nbsp;&nbsp;</span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>'; 

      echo '</div>'; 

//Fabricators 
     echo '<div id="box4">'; 
      echo '<h2>Fabricators</h2>'; 
if ($row['fab1']=="--None--") 
{ 
    echo'<div id="fab1">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo'<div id="fab1">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 


if ($row['fab2']="--None--") 
{ 
    echo'<div id="fab2">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab2'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>'; 
    echo '</div>'; 
} 
if ($row['fab3']="--None--") 
{ 
    echo'<div id="fab3">'; 
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user'); 
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab3'>\n"; 
    while($row = $result->fetch_assoc()) 
    { 
     echo "<option value='{$row['user']}'>{$row['user']}</option>\n"; 
    } 
    echo "</select>\n"; 
    echo '</div>'; 
} 
else 
{ 
    echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>'; 
    echo '</div>'; 
}  echo '</div>'; 

//Nonconformity, Disposition, Comments and Comments & Additional Details 
     echo '<div id="box5">'; 
      if (empty($row['non'])) $row['non'] = "Empty"; 
      if (empty($row['dis'])) $row['dis'] = "Empty"; 
      if (empty($row['comm'])) $row['comm'] = "Empty"; 
      if (empty($row['caad'])) $row['caad'] = "Empty"; 

      echo '<div id="non"><span class="b">Nonconformity:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>'; 
      echo '<div id="dis"><span class="b">Disposition:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>'; 
      echo '<div id="comm"><span class="b">Comments:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>'; 
      echo '<div id="caad"><span class="b">Comments and/or Additional Details:&nbsp;&nbsp;</span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>'; 

       echo '<div id="podr">'; 
         if (empty($row['po'])) $row['po'] ="Empty"; 
         if (empty($row['pod'])) $row['pod'] ="Empty"; 
         if (empty($row['dir'])) $row['dri'] ="Empty"; 

        echo '<div id="po"><span class="b">PO:&nbsp;&nbsp;</span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>'; 
        echo '<div id="pod"><span class="b">PO Date:&nbsp;&nbsp;</span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>'; 
        echo '<div id="dri"><span class="b">Date Received:&nbsp;&nbsp;</span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>'; 
       echo '</div>'; 
      echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>'; 
//Save ID so it can be used with POST request. 
echo "<input type='hidden' value='$id' name='id'/>"; 

     echo '</div>'; 
    echo '</fieldset>'; 
echo '</form>'; 
     } 
    } 

echo '</div>'; 

?> 
</body> 
</html>

来源

2012-01-14 14:52:29

相关问题

 相关问题