1. 首页
  2. 问答
  3. PHP中的SQL更新

PHP中的SQL更新

2017-10-28 42 views
0

试图从Web UI中查询数据库以更新行(及其中的数据)。 我有一个表“客户” - 只是想更新记录(我已经实现了INSERT和DELETE)。PHP中的SQL更新

我呼应表,包括通过这种语法要更新的选项:

<td><a href =Scripts/Update.php?id=".$row['Customer_ID'].">Update</a> </td>";

这说明“更新”,在每一行,就像我所需要的,而当我点击它,它运行结束更新脚本。大。

同时回显表格我也将输入类型更改为文本,因此用户可以单击那里,编辑数据并单击更新按钮。

然而问题是,当我尝试更新表中的一条记录时,它刷新回选定的页眉页,但没有更新任何信息,只返回带有清除数据单元格的行。 (它不会从数据库中删除该行,因为我在表格中显示了客户ID并且仍然存在)。

我Update.php脚本如下:

 <?php 
    include "../Connection.php"; 

    $Firstname = mysqli_real_escape_string($con, $_POST['FirstName']); 
    $Lastname = mysqli_real_escape_string($con, $_POST['LastName']); 
    $CusEmail = mysqli_real_escape_string($con, $_POST['Email']); 
    $CusUsername = mysqli_real_escape_string($con, $_POST['Username']); 
    $CusPhone = mysqli_real_escape_string($con, $_POST['Phone']); 
    $CusCountry = mysqli_real_escape_string($con, $_POST['Country']); 
    $CusTown = mysqli_real_escape_string($con, $_POST['Town']); 
    $CusAddress = mysqli_real_escape_string($con, $_POST['Address']); 
    $CusPostcode = mysqli_real_escape_string($con, $_POST['Postcode']); 

      $sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$GET_[id]'"; 

mysqli_query($con, $sqlupdate); 
mysqli_close($con); 

    if($sqlupdate){ 
     header('Location:../CustomerRecords.php'); 
     } 
     else{ 
      echo "Failed!"; 
      }

还有我都试过了,例如,我通常做这从一个HTML表单,用POST方法的几件事情,而这样一来我我从一个href回声...(这是我第一次)。我在DELETE函数中使用了这种方法,它工作得很好。 从后面上,我通常会增加:

if ($_SERVER["REQUEST_METHOD"] == "POST") {

而且

if(isset($_POST)){

在必要情况下,但同样,尝试这样做,得到相同的结果。

这可能是我的SQL语法是错误的,但我无法弄清楚,如果任何人都可以建议那简直太好了。

谢谢。

UPDATE:

我做了上述一些变化,我一直在这个代码盯着一段时间了,只是现在“玩”吧......我也尝试过这一点,但它会抛出错误,似乎更糟比现在:

 $sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$_GET[id]'"; 


    if(mysqli_query($con, $sqlupdate)){ 
     header('Location:../CustomerRecords.php'); 
     } 
     else{ 
      echo "Failed!"; 
      }

来源

2017-10-28 Tipping44

+1

$ _GET,而不是$ GET在查询结束。然后见下文因为你没有运行该查询的答案 –

+0

你的脚本是[SQL注入攻击]的风险(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in -php) 即使[如果你逃避的投入,它不是安全!(http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[准备参数化语句(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly

+0

在字符串文本不执行对您的数据库查询放置一个SQL查询。你的'mysqli_query()'调用在哪里? – RiggsFolly

回答

0

你没有真正执行查询。后:

$sqlupdate = "UPDATE customer SET Customer_FirstName = '$Firstname', Customer_LName ='$Lastname', Customer_Email ='$CusEmail', Customer_Username ='$CusUsername', Customer_Phone ='$CusPhone', Customer_Country ='$CusCountry', Customer_Town ='$CusTown', Customer_Address = '$CusAddress', Customer_Postcode = '$CusPostcode' WHERE Customer_ID ='$GET[id]'";

您需要添加:

mysqli_query($con,$sqlupdate);

来源

2017-10-28 15:34:29 Chris

+0

嘿Chris-编辑了上面的内容,是你是什​​么意思?谢谢。 – Tipping44

相关问题

 相关问题