1
我有一个数据库,我正在使用它来收集测试数据。编辑mysql数据库中的一行
它显示在一个新行上的每条记录,并在末尾添加一个编辑和删除链接,并添加新的记录链接。
除编辑部分外,所有内容均有效。我看不到我要去哪里错了?
当我点击编辑链接时,它会显示带有字段等的表的布局,但它只传递行ID,并在日期字段中显示。如果我输入字段并提交,它将会改变。它只是不会传递数据。
这是我的编辑页面和编辑脚本。
<?php
function valid($date,$error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Records</title>
</head>
<body>
<?php
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $date; ?>"/>
<table border="1">
<tr>
<td colspan="2"><b><font color='Red'>Edit Records </font></b></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Date</font></b></td>
<td><label>
<input type="text" name="date" value="<?php echo $date; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Ammonia</em></font></b></td>
<td><label>
<input type="text" name="amm" value="<?php echo $amm; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Nitrate</font></b></td>
<td><label>
<input type="text" name="nat" value="<?php echo $nat; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Nitrite</font></b></td>
<td><label>
<input type="text" name="nit" value="<?php echo $nit; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>pH</font></b></td>
<td><label>
<input type="text" name="ph" value="<?php echo $ph; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Alkalinity</font></b></td>
<td><label>
<input type="text" name="alk" value="<?php echo $alk; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>SG</font></b></td>
<td><label>
<input type="text" name="sg" value="<?php echo $sg; ?>" />
</label></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Temperature</font></b></td>
<td><label>
<input type="text" name="temp" value="<?php echo $temp; ?>" />
</label></td>
</tr>
<tr align="Right">
<td colspan="2"><label>
<input type="submit" name="submit" value="Edit Records">
</label></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
include('config.php');
if (isset($_POST['submit']))
{
if (is_numeric($_POST['id']))
{
$id = $_POST['id'];
$date = mysql_real_escape_string(htmlspecialchars($_POST['date']));
$amm = mysql_real_escape_string(htmlspecialchars($_POST['amm']));
$nat = mysql_real_escape_string(htmlspecialchars($_POST['nat']));
$nit = mysql_real_escape_string(htmlspecialchars($_POST['nit']));
$ph = mysql_real_escape_string(htmlspecialchars($_POST['ph']));
$alk = mysql_real_escape_string(htmlspecialchars($_POST['alk']));
$sg = mysql_real_escape_string(htmlspecialchars($_POST['sg']));
$temp = mysql_real_escape_string(htmlspecialchars($_POST['temp']));
if ($date == '')
{
$error = 'ERROR: Please fill in all required fields!';
valid($date, $error);
}
else
{
mysql_query("UPDATE employee SET date='$date', amm='$amm', nat='$nat', nit='$nit', ph='$ph', alk='$alk', sg='$sg', temp='$temp'")
or die(mysql_error());
header("Location: view.php");
}
}
else
{
echo 'Error!';
}
}
else
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM employee WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
if($row)
{
$date = $row['date'];
$amm = $row['amm'];
$nat = $row['nat'];
$nit = $row['nit'];
$ph = $row['ph'];
$alk = $row['alk'];
$sg = $row['sg'];
$temp = $row['temp'];
valid($id,'');
}
else
{
echo "No results!";
}
}
else
{
echo 'Error!';
}
}
?>
你真的保持与0的代码格式参与? –
'$ id = $ _GET ['id']; $ result = mysql_query(“SELECT * FROM employee WHERE id = $ id”)'它容易受到sql注入 –