[英]update query, updating multiple data
I want to update multiple data by using this code, but the problem is, when i tried it, it updates the whole data which has the same category id and It supposed to update individually. 我想使用此代码更新多个数据,但是问题是,当我尝试使用它时,它会更新具有相同类别ID的整个数据,并且应该单独更新。 what could be the solution.
有什么解决方案。 Please help.
请帮忙。 Thanks in advance :)
提前致谢 :)
<?php
if (isset($_GET['pid'])){
$view="";
$targetID = $_GET['pid'];
$sql = mysql_query("SELECT specs, category_id, price FROM specs WHERE category_id='$targetID'");
$productCount = mysql_num_rows($sql);
if($productCount > 0){
while($row = mysql_fetch_array($sql)){
$specs = $row["specs"];
$category_id = $row["category_id"];
$price = $row["price"];
$view .= '<div class="control-group">
<label class="control-label" >Specs</label>
<div class="controls">
<input type="text" placeholder="Specs" name="specs" value="'.$specs.'">
</div>
</div>
<div class="control-group">
<label class="control-label" >Price</label>
<div class="controls">
<input type="text" placeholder="Price" name="price" value="PHP '.number_format($price, 2).'">
</div>
</div>';
}
}
}
?>
<?php
if (isset($_POST['specs'])){
$pid = mysql_real_escape_string($_POST['thisID']);
$specs = mysql_real_escape_string($_POST['specs']);;
$price = mysql_real_escape_string($_POST['price']);
$sql= mysql_query("UPDATE specs SET specs='$specs', price='$price' WHERE category_id='$pid'");
header("Location: manageproducts.php");
exit();
}
?>
And heres the html. 和继承人的HTML。
<div class="container">
<div class="page-header">
<h1>Manage Products</h1>
</div>
<div class="row-fluid ">
<div class="box span12center-align" >
<div class="box-header well" data-original-title>
<center><h2><i class="icon-edit"></i> Edit Specifications </h2></center>
</div>
<div class="box-content" >
<form class="form-horizontal" action="" method='post'>
<fieldset>
<?php echo $view; ?>
<div class="form-actions">
<input name="thisID" type="hidden" value="<?php echo $targetID; ?>">
<button type="submit" class="btn btn-primary" name="add_product">Update Item</button>
<button class="btn">Cancel</button>
</div>
</fieldset>
</form>
</div>
</div><!--/span-->
</div><!--/row--></center>
</div>
</div>
</div>
You need to add the primary key to the WHERE-clause of the row you want to update, now you're just updating all rows with a certain category_id
. 您需要将主键添加到要更新的行的WHERE子句中,现在您只需要使用特定
category_id
更新所有行。
So add a primary key id
to the table (if your table doesn't have one already) and set it to auto-increment. 因此,向表中添加一个主键
id
(如果您的表还没有主键id
)并将其设置为自动递增。 Then modify your select query: 然后修改您的选择查询:
"SELECT id, specs, category_id, price FROM specs WHERE category_id='$targetID'"
add that id
to a hidden input field. 将该
id
添加到隐藏的输入字段中。
Then you can modify the update query like this: 然后,您可以像这样修改更新查询:
"UPDATE specs SET specs='$specs', price='$price' WHERE category_id='$pid' AND id='$id'"
SQL Injection alert SQL注入警报
You should also know that the code you have written is very dangerous and prone to SQL injection . 您还应该知道,编写的代码非常危险,并且容易进行SQL注入 。 Never, ever, use GET/POST variables directly in the query.
永远不要在查询中直接使用GET / POST变量。 Please use
mysqli
with prepared statements or PDO
. 请使用带有预备语句或
PDO
mysqli
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.