[英]How do I get the information from my form to insert into a mySQL database using XAMPP?
[英]How can I get the information form the database as the same form as I insert the data on it with the stored information in order to update it
我如何以与我在其中插入数据(包括存储的信息)的php格式相同的php形式从数据库中获取信息,以便更新数据库中的数据:
我使用了此更新语句,但是有一个错误:
$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation] , Report_ID=$_GET[Report_ID]
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID, RootCause_ID=$RootCause_ID , RiskRating_ID=$RiskRating_ID , Impact_ID=$Impact_ID ,Efforts_ID= $Efforts_ID, Likelihood_ID= $Likelihood_ID, Finding=$Finding,Implication=$Implication , Recommendation =$Recommendation , Report_ID=$Report_ID";
这是我将插入和更新数据的表单的代码:
<?php
$con = mysql_connect("localhost","root","mevooo");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
?>
<form method="post" action="test.php">
<fieldset>
<legend>Insert New Data </legend>
<p> Service Name :
<select name="Services">
<option value=""> </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM servicetype_lookup ");
while($row = mysql_fetch_assoc($result)) {
$id = $row['ServiceType_ID'];
$value = $row['ServiceType_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select>
</p>
Ref : <input type="text" name="ref" /><br />
Title : <input type="text" name="title" /><br />
Risk Rating :
<select name="RiskRating">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM riskrating_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['RiskRating_ID'];
$value = $row['RiskRating_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Root Cause :
<select name="RootCause">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM rootcause_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['RiskCause_ID'];
$value = $row['RiskCause_Title'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Impact :
<select name="impact">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM impact_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Impact_ID'];
$value = $row['Impact_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Likelihood :
<select name="likelihood">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM likelihood_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Likelihood_ID'];
$value = $row['Likelihood_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Efforts :
<select name="Efforts">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM efforts_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Efforts_ID'];
$value = $row['Efforts_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Finding : <br/>
<TEXTAREA NAME="Finding" COLS=100 ROWS=10>
</TEXTAREA>
<br/>
Implication: <br/>
<TEXTAREA NAME="Implication" COLS=100 ROWS=10>
</TEXTAREA>
<br/>
Recommendation : <br/>
<TEXTAREA NAME="Recommendation" COLS=100 ROWS=10>
</TEXTAREA>
<br/><input type="submit" value=" Save " onclick="window.location.href='Database.php'" />
</fieldset>
</form>
<?php
mysql_select_db("ers_1", $con);
$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation] , Report_ID=$_GET[Report_ID]
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND RootCause_ID=$RootCause_ID AND RiskRating_ID=$RiskRating_ID AND Impact_ID=$Impact_ID AND Efforts_ID= $Efforts_ID AND Likelihood_ID= $Likelihood_ID AND Finding=$Finding AND Implication=$Implication AND Recommendation =$Recommendation AND Report_ID=$Report_ID";
mysql_real_escape_string($insert);
mysql_real_escape_string($Finding_ID);
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record updated .";
mysql_close($con);
?>
<input type="button" value="HOME" onclick="location='Database.php'
">
这是错误:
Notice: Undefined index: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: ServiceType_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RootCause_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RiskRating_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Impact_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Efforts_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined variable: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 126
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' ServiceType_ID=, RootCause_ID= , RiskRating_ID= , Impact_ID= ,Efforts_ID= , Lik' at line 2
WHERE的条件应使用AND,OR而不是逗号。
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID,....
应该
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND ...
从根本上说,您的查询对您的数据库是所有人的欢迎之门。
第一:永远不要在查询中使用直接get
参数。 首先与他们合作。
第二:即使是数字,也要始终加上''
。 为您提供一些额外的安全性。
第三:WHERE参数用AND
或OR
分隔
<?php
// Convert your ID's to INT ( or other specific type you use )
$_Finding_ID = (int)$_GET['Finding_ID'];
$_ServiceType_ID = (int)$_GET['ServiceType_ID'];
$_RootCause_ID = (int)$_GET['RootCause_ID'];
$_RiskRating_ID = (int)$_GET['RiskRating_ID'];
$_Impact_ID = (int)$_GET['Impact_ID'];
$_Efforts_ID = (int)$_GET['Efforts_ID'];
$_Likelihood_ID = (int)$_GET['Likelihood_ID'];
$_Finding = (int)$_GET['Finding'];
$_Implication = (int)$_GET['Implication'];
$_Recommendation = (int)$_GET['Recommendation'];
$_Report_ID = (int)$_GET['Report_ID'];
$sql = "UPDATE
findings
SET
Finding_ID = '".$_Finding_ID."',
ServiceType_ID = '".$_ServiceType_ID."',
RootCause_ID = '".$_RootCause_ID."',
RiskRating_ID = '".$_RiskRating_ID."',
Impact_ID = '".$_Impact_ID."',
Efforts_ID = '".$_Efforts_ID."',
Likelihood_ID = '".$_Likelihood_ID."',
Finding = '".$_Finding."',
Implication = '".$_Implication."',
Recommendation = '".$_Recommendation."',
Report_ID = '".$_Report_ID."'
WHERE
Finding_ID = '".$Finding_ID."'
AND ServiceType_ID ='". $ServiceType_ID."'
AND RootCause_ID = '".$RootCause_ID."'
AND RiskRating_ID = '".$RiskRating_ID."'
AND Impact_ID = '".$Impact_ID."'
AND Efforts_ID = '".$Efforts_ID."'
AND Likelihood_ID = '".$Likelihood_ID."'
AND Finding = '".$Finding."'
AND Implication = '".$Implication."'
AND Recommendation = '".$Recommendation."'
AND Report_ID = '".$Report_ID."'";
?>
当然,您可以采取更多的预防措施,但这应该在一开始就最好。
PS:长查询在这样划分时更易于管理和阅读; 并尝试保持代码整洁漂亮 。 没有人喜欢使用混乱的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.