stackoom
  简体   繁体   中英

Update mysql table using POST

 原文  2011-03-05 15:41:52       php/ mysql

Question

This is the query: 

if (isset($_POST['editMessage'])) {
    $result = mysql_query("UPDATE messages SET message = '".htmlspecialchars($editedmessage)."' WHERE id = '".$id."'");
    if ($result) {
        die("<strong>Message has been edited!</strong>");
    } else {
        die("<strong>Error ".mysql_error()."</strong>");
    }
}

Using this form: 

    <form action="index.php" method="post">
<textarea name='editedmessage' rows='5' cols='70'><?php echo $_POST['editedmessage'];?></textarea>
    <input type='submit' name='editMessage' value='Edit'>

It's not showing an error, it updates the table field, but doesn't enter the edited message into the field, so the field updates and shows no informtion at all.

Where am I going wrong?

5 answers

solution1
 2  2011-03-05 15:44:48

htmlspecialchars($editedmessage)
  1. You don't seem to be defining $editedmessage anywhere, did you mean $_POST['message1']
  2. That should really be mysql_real_escape_string( htmlspecialchars( ... ) )

solution2
 1  2011-03-05 15:48:05

Try the other way when its correct you get an ressource back: 

if(!$result) {
   die('Died: ' . mysql_error());
} else {
   echo "Edited:";
}

solution3
 0  2011-03-05 15:45:55

您错过了这一行: 

$editedmessage = $_POST['editMessage'];

solution4
 0  2011-03-05 15:46:36

你错了

$result = mysql_query("UPDATE messages SET message = '".htmlspecialchars($_POST['editedmessage'])."' WHERE id = '".$id."'");

solution5
 0  2011-03-05 15:49:26

You use $editMessage in the query instead of _POST[editMessage] (unless you have register globals on, apparently you don't).

However, do NOT do this without running mysql_real_escape_string() on editMessage first, and DO NOT run htmlspecialchars() on it! Encoded data does not belong in the DB.

Either do $editMessage = $_POST['editMessage']; , or use _POST in the query directly, but wrap it in mysql_real_escape_string() for goodness sake!

However, you DO want to run htmlspecialchars() , htmlentities() , or at the very least string_tags() on $_POST['message1'] when you echo it out. This page is XSS (cross-site script) vulnerable.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Update mysql table using POST method update post using php mysql Update info in mysql using _POST Choose which mysql table to update in php post Update MySQL table in PHP with Ajax in POST mode MySQL PHP Table Update / POST not working PHP update table using MySQL MySQL UPDATE using target table Update a table in Mysql using a form PHP Mysql update table using form will not update
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM