0
我无法以我的CRUD Web应用程序的表格形式更新现有数据。查询有什么问题吗?这是我的参考资料来源,我完全按照这里的UPDATE查询INSERT, UPDATE and DELETE with mysqli。这是我的代码。mysqli更新查询有什么问题吗?
<?php
//error_reporting(E_ALL^E_NOTICE);
function chgDate($date){
$temp=explode("-",$date);
return $temp[2]."-".$temp[1]."-".$temp[0];
}
$json=array();
$ic = $_POST['IC'];
$Fic = $_POST['fromIC'];
$name = $_POST['formName'];
$tel = $_POST['formTelephone'];
$gender = $_POST['formGender'];
$email = $_POST['formEmail'];
if(isset($_POST['formUni'])){
$uni = $_POST['formUni'];
}
$age = $_POST['formAge'];
$address = $_POST['formAddress'];
$dob = $_POST['formDOB'];
$process= $_POST['process'];
//include ("connect_db.php");
//include_once('connect_db.php');
$db = mysqli_connect("localhost","root","admin","li") or die("Connection Error: " . mysqli_error());
if($process == 'save'){
$SQL="Insert into biodata (IC, Name, Telephone, Gender, Email, University, Age, Address, DOB) values ('$Fic', '$name', '$tel', '$gender', '$email', '$uni', '$age', '$address', '".chgDate ($dob)."')";
$json['newrow']=$Fic;
} else if ($process == 'edit') {
$SQL="UPDATE biodata SET IC='$Fic', Name='$name', Telephone='$tel', Gender='$gender', Email='$email', University='$uni', Age='$age', Address='$address, DOB ='".chgDate ($dob)."' WHERE IC= '$ic'";
} else if ($process == 'delete') {
$SQL = "DELETE FROM biodata WHERE IC='$ic'";
}
$data = mysqli_query($db, $SQL);
if($data){
$json['msg']='success';
}else{
$json['msg']='fail';
}
echo json_encode($json);
?>
对于一个没有使用参数化查询并接受未经过滤的数据从用户......这将很容易受到SQL注入攻击 – Orangepill
你有自动提交启用?因为我没有看到任何'commit'调用,所以可能数据没有保存在数据库中...... – GHajba
echo $ SQL查看实际的语法以及它是否正确。另外,$ uni仅在$ formUni被设置的情况下设置。这可能会导致错误。 – jeff