[英]Form will not UPDATE database
目前,我被要求做腳本的最后一步。
我知道sql注入的風險,但它是一個私人網站,其中1個人可以訪問表格等。
現在的問題是,當我嘗試更新數據庫中的字段時,最后一頁顯示成功。 但是數據庫實際上並沒有更新。 在您的良好幫助下,這是我的2個腳本:
<?php
session_start();
include_once("isadmin.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Update Client Message</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="updateform" name="updateform" method="post" action="updateexec.php">
<table width="500" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th width="200">Select User</th>
<td>
<?php
require_once('config.php');
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
$useruploadids = mysql_query("SELECT member_id, firstname, lastname FROM members");
while ($row = mysql_fetch_assoc($useruploadids)) {
$userid = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
?>
<input type="checkbox" name="userid_<?php echo $userid ?>" value="y" /><?php echo $firstname ?><?php echo $lastname ?><br />
<?php } ?>
</td>
</tr>
<tr>
<th>Message For Client </th>
<td>
<textarea input name="otherdeets" type="textarea" class="textfield" id="otherdeets" style="width: 356px; height: 176px">
</textarea>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
</form>
</body>
</html>
如您所知,這是表單,現在是exec腳本:
<?php
echo( "<pre>" );
print_r( $_POST );
echo( "</pre>" );
include ("config.php");
$tbl_name="members";
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//This gets all the other information from the form
$update = $_POST['otherdeets'];
$id = $_POST['userid'.$row['member_id']];
// Cycle through each member and check that it needs to be added to the db
$useruploadids = mysql_query( "SELECT member_id FROM members" );
while ($row = mysql_fetch_assoc($useruploadids))
{
// Check that the member was sent from the last form
if( isset( $_POST['userid_'.$row['member_id']] ) && $_POST['userid_'.$row['member_id']] == "y" )
{
// update data in mysql database
$sql="UPDATE $tbl_name SET otherdeets='$update' WHERE member_id='$id'";
$result=mysql_query($sql);
}
}
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='admin-welcome.php'>Admin Home</a>";
}
else {
echo "ERROR";
}
?>
因此,我經歷了很多次,無法終生發現錯誤所在。
其他幫助字段是VARCHAR,如果有幫助?
您需要在表單的隱藏字段中傳遞$row['member_id']
值
<input type="hidden" name="member_id" value="<?php echo $row['member_id']; ?>" />
因此,在提交頁面之后,您可以獲取member_id的值
//This gets all the other information from the form
$update = $_POST['otherdeets'];
$id = $_POST['member_id'];
希望這可以幫助您解決問題。
嘗試一下
if ($result && mysql_num_rows($result) > 0) {
echo "Successful";
echo "<BR>";
echo "<a href='admin-welcome.php'>Admin Home</a>";
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.