需要帮助仅更新 php 中的单个字段 mysql
[英]Need help updating just a single field mysql in php
问题描述
i have an issue with my code.
我的代码有问题。 I have data in a database, and i need help with my php.我在数据库中有数据,我需要 php 方面的帮助。 i coded a page that helps me edit my database by clicking on the specific data and editing it via the website, but anytime i edit a specfic line, it affects all the data of other fields in the database.我编写了一个页面,通过单击特定数据并通过网站对其进行编辑来帮助我编辑数据库,但是每当我编辑特定行时,它都会影响数据库中其他字段的所有数据。
<?php
include_once 'db.php';
if(count($_POST)>0) {
mysqli_query($conn,"UPDATE tracking set orderstatus='" . $_POST['orderstatus'] . "'");
$message = "Record Modified Successfully";
}
$result = mysqli_query($conn,"SELECT * FROM tracking WHERE trackingnum='" . $_GET['trackingnum'] . "'");
$row= mysqli_fetch_array($result);
?>
<html>
<style>
@import url(https://fonts.googleapis.com/css?family=Montserrat:400,700);
body { background:rgb(30,30,40); }
form { max-width:420px; margin:50px auto; }
.feedback-input {
color:black;
font-family: Helvetica, Arial, sans-serif;
font-weight:500;
font-size: 18px;
border-radius: 5px;
line-height: 22px;
background-color: transparent;
border:2px solid #CC6666;
transition: all 0.3s;
padding: 9px;
margin-bottom: 15px;
width:100%;
box-sizing: border-box;
outline:0;
}
.feedback-input:focus { border:2px solid #CC4949; }
textarea {
height: 150px;
line-height: 150%;
resize:vertical;
}
[type="submit"] {
font-family: 'Montserrat', Arial, Helvetica, sans-serif;
width: 100%;
background:#CC6666;
border-radius:5px;
border:0;
cursor:pointer;
color:black;
font-size:24px;
padding-top:10px;
padding-bottom:10px;
transition: all 0.3s;
margin-top:-4px;
font-weight:700;
}
[type="submit"]:hover { background:#CC4949; }
</style>
<head>
<title>Update Tracking Data</title>
</head>
<body>
<form name="frmUser" method="post" action="">
<div><?php if(isset($message)) { echo $message; } ?>
</div>
<div style="padding-bottom:5px;">
</div>
Tracking Number: <br>
<input type="text" name="trackingnum" class="feedback-input" value="<?php echo $row['trackingnum']; ?>">
<br>
Current Status: <?php echo $row['orderstatus']; ?><br>
Order Status: <br>
<select name="orderstatus" class="feedback-input"
<option value = ""></option>
<option value = ""><?php echo $row['orderstatus']; ?></option>
<option value = "Pending">Pending</option>
<option value = "Confirmed">Confirmed</option>
<option value = "In-Progress">In-Progress</option>
<option value = "In-Transit">In-Transit</option>
<option value = "On Route">On Route</option>
<option value = "Delivered">Delivered</option>
</select>
<br>
<input type="submit" name="submit" value="Submit" class="buttom">
</form>
</body>
</html>
<section class="about_top">
<div class="container">
<div class="row">
<div class="col-md-4 col-sm-4 col-xs-12">
<div class="about_single_item">
<div class="item_icon">
</div>
<div class="about_single_item_content">
<h4><a href="form.php">Add New Tracking</h4></a>
</div>
</div>
</div>
<div class="col-md-4 col-sm-4 col-xs-12">
<div class="about_single_item">
<div class="item_icon">
</div>
<div class="about_single_item_content">
<h4><a href="edit.php">Edit Existing Tracking</h4></a>
</div>
</div>
</div>
<div class="col-md-4 col-sm-4 col-xs-12">
<div class="about_single_item">
<div class="item_icon">
</div>
<div class="about_single_item_content">
<h4><a href="index.php">Test Tracking</h4></a>
</div>
</div>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Fast Delivery</title>
<!-- bootstrap css -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<!-- font Awesome Css -->
<!--slick css-->
<link href="css/slick.css" rel="stylesheet">
<!-- owl-carousel css -->
<link href="css/owl.carousel.css" rel="stylesheet">
<!-- YTPlayer css For Background Video -->
<link href="css/jquery.mb.YTPlayer.min.css" rel="stylesheet">
<!-- style css -->
<!-- Responsive Css -->
<link href="css/responsive.css" rel="stylesheet">
<!-- browser campatibel css files-->
<!--[if lt IE 9]>
<script src="//oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="//oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="js">
</section>
</body>
</html>
Above is my update page code.以上是我的更新页面代码。 https://i.stack.imgur.com/gQSX6.png If i update via my site both rows change. https://i.stack.imgur.com/gQSX6.png如果我通过我的网站更新,两行都会改变。 even tho i just want 1 row to change https://i.stack.imgur.com/AiIcD.png即使我只想要 1 行来更改https://i.stack.imgur.com/AiIcD.png
2 个解决方案
解决方案1
3 2020-12-19 01:28:03
You want a where clause in the update statement, presumably on trackingnum :您需要update语句中的where子句,大概在trackingnum上:
update tracking
set orderstatus = :orderstatus
where trackingnum = :trackingnum
Important note: use prepared statements!重要提示:使用准备好的语句! Do not concatenate POST values in the query string: this is inefficient, and highly unsafe as it opens up your code to SQL injection attacks.不要在查询字符串中连接 POST 值:这是低效且非常不安全的,因为它会使您的代码受到 SQL 注入攻击。 Recommend reading: How can I prevent SQL injection in PHP?推荐阅读:如何防止PHP中的SQL注入? . .
解决方案2
0 2020-12-19 02:11:01
You need to target a specific record using a WHERE clause.您需要使用 WHERE 子句定位特定记录。 Your code is also very prone to SQL injection.您的代码也很容易出现 SQL 注入。 You should never use user input concatenated directly into your SQL statements.您永远不应使用直接连接到 SQL 语句中的用户输入。 You should always use prepared statements.您应该始终使用准备好的语句。
Using mysqli it would look like something like this.使用 mysqli 它看起来像这样。
I will assume you have an id field that is an integer, adapt it to your data model.我假设您有一个 id 字段,它是 integer,将其调整为您的数据 model。 That field would have to be passed along with your form, an input (type="hidden") could be appropriate for that.该字段必须与您的表单一起传递,输入 (type="hidden") 可能适用于此。 But once again, adapt this to your needs.但再一次,根据您的需要进行调整。
$stmt = $conn->prepare("UPDATE tracking set orderstatus=? WHERE id=?");
// The "si" here is a type representation where first parameter is a string second is an integer
$stmt->bind_param("si", $status, $id);
$status = $_POST['orderstatus'];
$id = $_POST['id'];
$stmt->execute();
The same goes for select statements (or any statement really). select 语句(或任何语句)也是如此。
$stmt = $conn->prepare("SELECT * FROM tracking WHERE trackingnum=?");
$stmt->bind_param("s", $trackingnum);
$trackingnum = $_GET['trackingnum'];
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
More info can be found here https://www.php.net/manual/en/mysqli.prepare.php更多信息可以在这里找到https://www.php.net/manual/en/mysqli.prepare.php
Proper validation of the user inputs would also be recommended, but at least with a prepared statement, you prevent SQL injection.还建议对用户输入进行适当验证,但至少使用准备好的语句,可以防止 SQL 注入。 Keep in mind that user inputs can almost always be tempered.请记住,用户输入几乎总是可以调整的。
Note: I did not test any of this.注意:我没有测试任何这些。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.