试图从Web UI中查询数据库以更新行(及其中的数据)。 我有一个表“客户” - 只是想更新记录(我已经实现了INSERT和DELETE)。PHP中的SQL更新
我呼应表,包括通过这种语法要更新的选项:
<td><a href =Scripts/Update.php?id=".$row['Customer_ID'].">Update</a> </td>";
这说明“更新”,在每一行,就像我所需要的,而当我点击它,它运行结束更新脚本。大。
同时回显表格我也将输入类型更改为文本,因此用户可以单击那里,编辑数据并单击更新按钮。
然而问题是,当我尝试更新表中的一条记录时,它刷新回选定的页眉页,但没有更新任何信息,只返回带有清除数据单元格的行。 (它不会从数据库中删除该行,因为我在表格中显示了客户ID并且仍然存在)。
我Update.php脚本如下:
<?php
include "../Connection.php";
$Firstname = mysqli_real_escape_string($con, $_POST['FirstName']);
$Lastname = mysqli_real_escape_string($con, $_POST['LastName']);
$CusEmail = mysqli_real_escape_string($con, $_POST['Email']);
$CusUsername = mysqli_real_escape_string($con, $_POST['Username']);
$CusPhone = mysqli_real_escape_string($con, $_POST['Phone']);
$CusCountry = mysqli_real_escape_string($con, $_POST['Country']);
$CusTown = mysqli_real_escape_string($con, $_POST['Town']);
$CusAddress = mysqli_real_escape_string($con, $_POST['Address']);
$CusPostcode = mysqli_real_escape_string($con, $_POST['Postcode']);
$sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$GET_[id]'";
mysqli_query($con, $sqlupdate);
mysqli_close($con);
if($sqlupdate){
header('Location:../CustomerRecords.php');
}
else{
echo "Failed!";
}
还有我都试过了,例如,我通常做这从一个HTML表单,用POST方法的几件事情,而这样一来我我从一个href回声...(这是我第一次)。我在DELETE函数中使用了这种方法,它工作得很好。 从后面上,我通常会增加:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
而且
if(isset($_POST)){
在必要情况下,但同样,尝试这样做,得到相同的结果。
这可能是我的SQL语法是错误的,但我无法弄清楚,如果任何人都可以建议那简直太好了。
谢谢。
UPDATE:
我做了上述一些变化,我一直在这个代码盯着一段时间了,只是现在“玩”吧......我也尝试过这一点,但它会抛出错误,似乎更糟比现在:
$sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$_GET[id]'";
if(mysqli_query($con, $sqlupdate)){
header('Location:../CustomerRecords.php');
}
else{
echo "Failed!";
}
$ _GET,而不是$ GET在查询结束。然后见下文因为你没有运行该查询的答案 –
你的脚本是[SQL注入攻击]的风险(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in -php) 即使[如果你逃避的投入,它不是安全!(http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[准备参数化语句(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly
在字符串文本不执行对您的数据库查询放置一个SQL查询。你的'mysqli_query()'调用在哪里? – RiggsFolly