1. 首页
  2. 问答
  3. 无法编辑数据库中的数据,无法使用ID获取名称?

无法编辑数据库中的数据,无法使用ID获取名称?

2016-07-24 102 views
2

我想编辑数据到数据库我不知道为什么我不能这样做。我一直在尝试一些东西。也许有人可以看看。我试图建立一个更新,我可以改名字,姓氏等等等等,但我不能配置甚至只是一个名头..无法编辑数据库中的数据,无法使用ID获取名称?

首页文件 Managament系统 

<body> 

    <h1>TU Chemnitz Student managament system</h1> 

    <br> 
    <a href="insert_form.html" class="myButton">ADD Person</a> 
    <a href="insert_form.html" class="myButton">Edit Person</a> 
    <a href="insert_form.html" class="myButton">Manage Boards</a> 
    <a href="insert_form.html" class="myButton">Manage Departments</a> 
    <a href="search_personel.html" class="myButton">Search N&S</a> 
    <a href="three_search.html" class="myButton">Triple Search</a> 
    <a href="mtable.php" class="myButton">Membership</a> 

    <br> 
    <br> 

<?php 

include_once('coneksioni.php'); 


// create query 
$querys = "SELECT * FROM tblperson"; 

// execute query 
$result = mysql_query($querys) or die ("Error in query: $query. ".mysql_error()); 

    $res = mysql_query("SELECT * FROM tblperson"); 

echo "<table border=1 align=center> 
<tr> 
<th>Personal ID</th> 
<th>First Name</th> 
<th>Last Name</th> 
<th>Deparment</th> 
<th>Board</th> 
<th>Marticulation Number</th> 
<th>Reg Date</th> 
<th>Action</th> 

</tr>"; 
while($row = mysql_fetch_array($res)) { 
    ?> 
    <tr> 
     <td><?=$row['personid']?></td> 
     <td><?=$row['personname']?></td> 
     <td><?=$row['personsurname']?></td> 
     <td><?=$row['persondepartment']?></td> 
     <td><?=$row['personboard']?></td> 
     <td><?=$row['martinumber']?></td> 
     <td><?=$row['personregdate']?></td> 
     <td> 
      <a href="edit20.php?edit<?=$row['personid']?>">edit</a> | 
      <a href="edit.php?id=$row[id]">del</a> 

     </td> 
    </tr> 

<?php 
    } 

?> 
</body> 
</html>

和edit20.php

<?php 
    include_once('coneksioni.php'); 

    if(isset($_GET['edit'])) 
    { 
     $personid = $_GET['edit']; 
     $res= mysql_query("SELECT * FROM tblperson WHERE personid='$personid'"); 
     $row= mysql_fetch_array($res); 
    } 

    if(isset($_POST['personname'])) 
    { 
     $personname = $_POST['personname']; 
     $personid = $_POST['personid']; 
     $sql  = "UPDATE tblperson SET personname='$personname' WHERE personid='$personid'"; 
     $res  = mysql_query($sql) 
            or die("Could not update".mysql_error()); 
     echo "<meta http-equiv='refresh' content='0;url=home.php'>"; 
    } 

?> 
<form action="edit20.php" method="POST"> 
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br /> 
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>"> 
<input type="submit" value=" Update "/> 
</form>

,并在我的数据库表中的主键是PERSONIDñ ame字段personname(不是主键)。

来源

2016-07-24 Shkolla

回答

1

请使用预处理语句用于减少SQL注入

检查coneksioni.php

$conn = new mysqli(HOST, USER, PASS, DBNAME);

的edit.php

require_once ('coneksioni.php'); 

$edit_person = $conn->prepare(" 
    UPDATE tblperson SET 
    personname = ? WHERE personid = ? 
"); 

$edit_person->bind_param( 
    "si", 
    $personname, $personid 
); 

if(isset($_POST['personname']) && isset($_POST['personid'])) { 
    $personname = $_POST['personname']; 
    $personid = $_POST['personid']; 


    if (!$edit_person->execute()) { 
     // action if failed 
    } else { 
     // action if success 
    } 

    $edit_person->close(); 

}

的form.html的风险

<form action="edit.php" method="POST"> 
Name: <input type="text" name="personname" value="<?php echo $row[1]; ?>"><br /> 
<input type="hidden" name="personid" value="<?php echo $row[0]; ?>"> 
<input type="submit" value=" Update "/> 
</form>

Cheers

来源

2016-07-24 23:53:29

相关问题

 相关问题