PHP 和 MySQL 表格,我做错了什么?
[英]PHP and MySQL form, what am I doing wrong?
问题描述
I have a table that has the user ID already in it, but some of the information is missing and that is where I need the user to input it themselves.
我有一个表,其中已经有用户 ID,但是缺少一些信息,这就是我需要用户自己输入的地方。 With the URL of the form I have their ID in it... winnerpage.php?ID=123使用表格的 URL 我有他们的 ID...winnerpage.php?ID=123
I am having troubles getting the code to work.我无法让代码正常工作。 Any help would be great!任何帮助都会很棒!
This is the code on that winnerpage.php这是获胜者页面上的代码。php
<form enctype="multipart/form-data" action="winnerpage.php" method="POST">
ID: <input name="ID" type="text" value="<?=$ID?>" /><br/>
First Name: <input type="text" name="FN"><br />
Last Name: <input type="text" name="LN"><br />
Email: <input type="text" name="EM"><br />
Phone: <input type="text" name="PH"><br />
<input type="submit" name="edit" value="edit"></form> <br>
<?
require_once('mysql_serv_inc.php');
$conn = mysql_connect("$mysql_server","$mysql_user","$mysql_pass");
if (!$conn) die ("ERROR");
mysql_select_db($mysql_database,$conn) or die ("ERROR");
if(isset($_POST['edit']))
{
$sID = addslashes($_POST['ID']);
$sFN = addslashes($_POST['FN']);
$sLN = addslashes($_POST['LN']);
$sEM = addslashes($_POST['EM']);
$sPH = addslashes($_POST['PH']);
mysql_query('UPDATE winner SET FN=$sFN, LN=$sLN, EM=$sEM, PH=$sPH
WHERE ID=$sID') or die (mysql_error());
echo 'Updated!';
}
$query = "select * from winner order by ID";
$result = mysql_query($query);
?>
<?
while ($link=mysql_fetch_array($result))
{
echo 'Unique ID - Completion Time - First Name - Last Name - Email - Phone<br/>'.$link[ID].' -' .$link[FN].' - '.$link[LN].' - '.$link[EM].' - '.$link[PH].'<br>';
}
?>
4 个解决方案
解决方案1
1 已采纳 2011-06-12 21:16:33
1) ID: <input name="ID" type="text" value="<?=$ID?>" /><br/> 1) ID: <input name="ID" type="text" value="<?=$ID?>" /><br/>
Where do you get that $ID?你从哪里得到那个$ID?
Are you doing something like $_GET['ID'] or are you relying on safe_mode being ON?您是在做类似$_GET['ID']的事情,还是依赖 safe_mode 开启? (it's not clear from the code you provided) (从您提供的代码中不清楚)
(better yet, if(isset($_GET['ID'])) { $ID = (int)$_GET['ID'] } (更好的是, if(isset($_GET['ID'])) { $ID = (int)$_GET['ID'] }
2) Please don't to that. 2)请不要那样做。 Don't use addslashes().不要使用addlashes()。 Use mysql_real_escape_string() or, even better, prepared statements.使用 mysql_real_escape_string() ,或者更好的是,使用准备好的语句。 Addslashes is not utterly reliable in escaping datas for queries.在查询的 escaping 数据中,Addslashes 并不完全可靠。
sID = (int)$_POST['ID'];
$sFN = mysql_real_escape_string($_POST['FN']);
$sLN = mysql_real_escape_string($_POST['LN']);
$sEM = mysql_real_escape_string($_POST['EM']);
$sPH = mysql_real_escape_string($_POST['PH']);
Also, add 'value=""' to each input field (not mandatory)此外,在每个输入字段中添加'value=""' (非强制性)
3) encapsulate values in query: 3)在查询中封装值:
mysql_query("UPDATE winner SET FN='".$sFN."', LN='".$sLN."', EM='".$sEM."', PH='".$sPH."' WHERE ID='".$sID."'") or die (mysql_error());
解决方案2
1 2011-06-12 21:17:13
Maybe try:也许尝试:
mysql_query("UPDATE winner SET FN='$sFN', LN='$sLN', EM='$sEM', PH='$sPH' WHERE ID=$sID") or die (mysql_error());
解决方案3
0 2011-06-12 21:17:12
mysql_query('UPDATE winner SET FN=$sFN, LN=$sLN, EM=$sEM, PH=$sPH WHERE ID=$sID')
the query is encapsulated by single-quotes, so the variables inside will not be parsed.查询是用单引号封装的,所以里面的变量不会被解析。
解决方案4
0 2011-06-12 21:17:13
At first glance I would say that you need:乍一看,我会说你需要:
1) Quote marks around some of the values you are inserting into the table (any strings for example) 1) 在您插入表中的一些值周围加上引号(例如任何字符串)
2) Quote marks around the names of the fields when you try to echo them out at the end ( $link['ID'] for example) 2)当您尝试在末尾回显字段名称时,请在字段名称周围加上引号(例如$link['ID'] )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.