在使用PHP和SQL填充的网络表单中更新同一表中的多行
[英]Updating multiple rows the same table in a webform populated using PHP and SQL
问题描述
My aim is to create a dynamic webpage that returns all of the records in a table meeting a given criteria and uses them to populate a webform. 
我的目标是创建一个动态网页,该网页返回满足给定条件的表中的所有记录,并使用它们来填充Web表单。 The user can then make changes as they wish and update the entire table with a single button press. 然后,用户可以按自己的意愿进行更改,并只需按一下按钮即可更新整个表格。
In the example below I'd like to list all the events, the start time will appear in an editable text box and when I press submit it should update all the values. 在下面的示例中,我想列出所有事件,开始时间将出现在可编辑的文本框中,当我按Submit时,它将更新所有值。
I've created a mock-up below: 我在下面创建了一个模型:
$query = "SELECT * FROM Events";
$result = mysqli_query( $dbc, $query ) ;
if ( mysqli_num_rows( $result ) > 0 )
{
echo '<form action="update_events.php" method="post">>';
echo '<table><tr>';
while ( $row = mysqli_fetch_array( $result, MYSQLI_ASSOC ))
{
echo '<td>' . $row['Event_Name'] .' </td>'.
'<td>' . $row['Event_Date'] .'</td>'.
'<td><input name="'. $row['Event_ID'] .'" type="text" value="'$row['Event_Start_Time'] .'"></td>';
echo '</tr>';
}
echo '</table>';
echo ' <input type="submit" value="Submit"></form>';
mysqli_close( $dbc ) ;
}
else
{
echo '<p>There are currently no events.</p>' ;
}
I cannot figure our how to get the processing on the update_events.php to work, any help would be appreciated. 我无法弄清楚我们如何使update_events.php上的处理正常工作,我们将不胜感激。
foreach(????){
$sql = "UPDATE Events SET Event_Start='$Event_Start' WHERE id='$Event_ID'";
mysqli_query($dbc, $sql)
}
1 个解决方案
解决方案1
1 已采纳 2017-12-02 19:45:31
You really want to keep your POST variables static, it makes life easier. 您确实想使POST变量保持静态,这使工作变得更轻松。 Don't try and use one variable to store two values, give them one each. 不要尝试使用一个变量来存储两个值,而要给每个值一个。
As you are submitting multiple values to the server which you want to loop over then it makes sense to submit them in arrays, so something like this: 当您向要循环的服务器提交多个值时,将它们以数组形式提交是有意义的,因此如下所示:
$i=0;
while ( $row = mysqli_fetch_array( $result, MYSQLI_ASSOC ))
{
echo '<td>' . $row['Event_Name'] .' </td>'.
'<td>' . $row['Event_Date'] .'</td>'.
'<td><input name="event['.$i.'][start]" type="text" value="'$row['Event_Start_Time'] .'"><input name="event['.$i.'][ID]" type="hidden" value="'. $row['Event_ID'] .'"></td>';
echo '</tr>';
$i++;
}
Now your form will submit all the events as a multidimensional array which you can retrieve in $_POST['event'] and loop over it to do your database updates like this: 现在,您的表单会将所有事件提交为多维数组,您可以在$_POST['event']检索并循环遍历它,以进行数据库更新,如下所示:
$stmt = $this->mysqli->prepare("UPDATE Events SET Event_Start=? WHERE id=?");
$stmt->bind_param('ss', $start, $id);
foreach ($_POST['event'] as $event) {
$start = $event['start'];
$id = $event['ID'];
$stmt->execute();
}
This code uses a prepared statement for the database insert, the method you are using is insecure and leaves you vulnerable to SQL injection. 这段代码对数据库插入使用了一条准备好的语句,您使用的方法不安全,容易受到SQL注入的攻击。 You should read up on Mysqli prepared statements and start using them. 您应该阅读Mysqli准备的语句并开始使用它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.