[英]edit table with php and jquery
I'm trying to modify the contents of a cell in a table with php and ajax.我正在尝试使用 php 和 ajax 修改表格中单元格的内容。 the problem that the content has been changed in the page but it is not registered in the database.
页面中的内容已更改但未在数据库中注册的问题。 this is the page index.php:
这是页面 index.php:
<?php
include 'connexion.php';
$sql = 'SELECT * FROM liste_user_tbl';
$result = mysql_query($sql) or die(__LINE__.mysql_error().$sql);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>Modification "inline" de données</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script>
$(function(){
var message_status = $("#status");
$("td[contenteditable=true]").blur(function(){
var field_userid = $(this).attr("id") ;
var value = $(this).text() ;
$.post('test1.php' , field_userid + "=" + value, function(data){
if(data != '')
{
message_status.show();
message_status.text(data);
setTimeout(function(){message_status.hide()},3000);
}
});
});
</script>
</head>
<body>
<h1>Utilisateurs</h1>
<table id="table-utilisateurs">
<tr>
<th>Nom</th>
<th>Prénom</th>
</tr>
<?php
while($user = mysql_fetch_assoc($result))
{
?>
<tr>
<td id="<?php echo $user['id']; ?>" contenteditable="true">
<?php echo $user['nom']; ?>
</td>
<td id="<?php echo $user['id']; ?>" contenteditable="true">
<?php echo $user['prenom']; ?>
</td>
</tr>
<?php
}
?>
</table>
</body>
</html>
<?php
mysql_close();
?>
this is test1.php:这是 test1.php:
<?php
if(!empty($_POST))
{
include "connexion.php";
foreach($_POST as $field_name => $val)
{
//clean post values
$field_userid = strip_tags(trim($field_name));
$val = strip_tags(trim(mysql_real_escape_string($val)));
//from the fieldname:user_id we need to get user_id
$split_data = explode(':', $field_userid);
$user_id = $split_data[1];
$field_name = $split_data[0];
if(!empty($user_id) && !empty($field_name) && !empty($val))
{
//update the values
mysql_query("UPDATE liste_user_tbl SET $field_name = '$val' WHERE id = $user_id") or mysql_error();
echo "Updated";
} else {
echo "Invalid Requests";
}
}
} else {
echo "Invalid Requests";
}
?>
First of all, $field_name
is not defined in your code, that's why the query will produce an error if you enable debugging Second of all, your code is very vulnerable to SQL injections.首先,
$field_name
未在您的代码中定义,这就是为什么如果您启用调试,查询将产生错误的原因。其次,您的代码很容易受到 SQL 注入的影响。 Your are using user's posted data as it is, without any filtering, and this can lead to loosing your entire database data.您按原样使用用户发布的数据,没有进行任何过滤,这可能会导致整个数据库数据丢失。 Third of all, you are still using procedural php and "old schoool" database connection.
第三,您仍在使用程序化 php 和“老派”数据库连接。 Instead, you can use PDO and POO
相反,您可以使用PDO和POO
use print_r($_POST);使用 print_r($_POST);
to receive post data and display check if the post data has a problem接收post数据并显示检查post数据是否有问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.