更新:我缩小了它,当我在header.php文件中删除了这个标签时,它可以工作,有人可以请解释这一点。PHP更新表插入空白字段
<script src="#" type="text/javascript"></script>
嗨我有一个相当恼人的问题,我的PHP代码。我正在尝试从表单更新一个php数据库,但是当我这样做时,数据库中的字段在提交后变为空。请帮忙!你可以在这里查看它的动作http://andcreate.com/shoelace/admin/edit1.php点击右边的列表来编辑它们,看看会发生什么。
<?php
include("header.php");
echo "<h2>Edit Posts</h2>";
echo "<div id='editNav'>";
echo "<p>Choose Post to Edit</p>";
//////////GET ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
$results = mysql_query("SELECT * FROM shoeData ");
while($row = mysql_fetch_array($results)){
$id = $row['id'];
$name = $row['name'];
$about = $row['about'];
echo "$date <a href=\"" . $_SERVER['PHP_SELF'] . "?id=$id" . "\">" . substr($name, 0, 40) . " </a> <br/> ";
}
$thisID = $_GET['id'];
if(!isset($thisID)){
$thisID = 22;
}
//////////FINISH ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
echo "</div>";
///////IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
//has user pressed the button
$update = $_GET['update'];
if($update == "yes") {
$name = $_POST['name'];
$about = $_POST['about'];
$company = $_POST['company'];
$buy = $_POST['buy'];
//update data for this record
$sql = "UPDATE shoeData SET
name = \"$name\",
about = \"$about\",
company = \"$company\",
buy = \"$buy\"
WHERE id= $thisID";
$thisUpdate = mysql_query($sql) or die(mysql_error());
}
///////END IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
/////////// HERE WE GET THE INFO FOR ONE RECORD ONLY////////
$results = mysql_query("SELECT * FROM shoeData WHERE id=$thisID");
while($row = mysql_fetch_array($results)){
$name = $row['name'];
$about = $row['about'];
$company = $row['company'];
$buy = $row['buy'];
}
//////////////FINISH GETTING INFO FOR ONE RECORD ONLY/////////////
?>
<form name="formS" method="post" action="<?php echo $_SERVER['PHP_SELF']."?id=$thisID&update=yes";?>">
Name
<p>
<input type="text" name="name" id="name" value="<?php echo $name;?>" />
</p>
About
<p>
<input type="text" name="about" id="about" value="<?php echo $about;?>" />
</p>
Company
<p>
<input type="text" name="company" id="company" value="<?php echo $company;?>" />
</p>
Name
<p>
<input type="text" name="buy" id="buy" value="<?php echo $buy;?>" />
</p>
<p>
<input type="submit" name="submit" id="submit" />
</p>
</form>
<p><a class="delete" href="delete.php?id=<?php echo $thisID;?>">Delete this post</a></p>
<?php
include("footer.php");
?>
将'$ _POST'变量直接包含到SQL查询中,而无需首先进行消毒/验证,这是一个巨大的安全漏洞。不要这样做。 – Amber 2009-12-16 07:03:01
好的,我会采取任何建议来解决这个问题,以及我遇到的问题。 – 2009-12-16 07:05:07
您是否检查了数据库以确保shoeData中有一行id列实际上等于'$ thisID'?愚蠢的,我知道,但它发生 – munch 2009-12-16 07:16:09