我正在尝试使用php更新数据库中的表。我有一个函数调用我的数据库中设置为visible(visible = 1)的所有页面,并在网站上列出它们。每个页面都有一个单选按钮,如果单选按钮设置为yes(value = 1),则javascript调用下拉选项。我希望用户能够选择他们的选项,当他们点击提交按钮时,他们会将信息(他们设置的页面名称和位置编号)插入到我的表格中。
以下是代码:
<?php
if (isset($_POST['submit'])) {
// Perform Update
$name = $_POST['visible_{$page["menu_name"]}'];
$featured_position = $_POST['featured_position'];
$query = "UPDATE pages SET
featured_position = {$featured_position}
WHERE menu_name = {$name}";
$result = mysql_query($query);
// test to see if the update occurred
if (mysql_affected_rows() == 1) {
// Success!
$message = "The page was successfully updated.";
} else {
$message = "The page could not be updated.";
$message .= "<br />" . mysql_error();
}
}
?>
<?php if (!empty($message)) {
echo "<p class=\"message\">" . $message . "</p>";
} ?>
<form action="add_feature2.php" method="post">
<?php echo list_all_pages(); ?>
<input type="submit" name="submit" value="Edit Featured Companies" />
</form>
<?php
function get_all_pages() {
global $connection;
$query = "SELECT *
FROM pages ";
$query .= "WHERE visible = 1 ";
$query .= "ORDER BY position ASC";
$page_set = mysql_query($query, $connection);
confirm_query($page_set);
return $page_set;
}
function list_all_pages(){
$output = "<ul>";
//$output .= $counter = 0;
$page_set = get_all_pages();
while ($page = mysql_fetch_array($page_set)) {
$output .= "<li>{$page["menu_name"]}</li>";
$output .= " <div id=\"$page[id]\" style='display: none'><select name='featured_position'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option></select></div>";
$output .= " <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'none';\" type=\"radio\" name=\"visible_{$page["menu_name"]} \" value=\"0\" checked=\"checked\" /> No <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'block';\" type=\"radio\" name=\"visible_{$page["menu_name"]} \"value=\"1\" /> Yes";
//$output .= $counter = $counter+1;
}
$output .= "</ul>";
return $output;
}
?>
以下是该网站的链接:http://www.firetreegraphics.com/widget_corp-final/add_feature2.php
的 的 ** * ** * ** * 的** * * 更新的 * ** * ** * ** * ** * ** * ***
我将单选按钮上的name属性更改为计数器。我将单选按钮名称属性设为变量的原因是因为我已动态创建单选按钮,每组单选按钮必须具有唯一名称,否则所有集合都链接在一起。
$name = $_POST['{$counter}'];
$featured_position = $_POST['featured_position'];
$query = "UPDATE pages SET
featured_position = '{$featured_position}'
WHERE menu_name = '{$name}'";
$result = mysql_query($query);
//echo($query);
var_dump($_REQUEST);
function list_all_pages(){
$output = "<ul>";
$counter = 0;
$page_set = get_all_pages();
while ($page = mysql_fetch_array($page_set)) {
$output .= "<li>{$page["menu_name"]}</li>";
$output .= " <div id=\"$page[id]\" style='display: none'><select name='featured_position'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option></select></div>";
$output .= " <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'none';\" type=\"radio\" name=\"$counter\" value=\"0\" checked=\"checked\" /> No <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'block';\" type=\"radio\" name=\"$counter\" value=\"1\" /> Yes";
$counter = $counter+1;
}
$output .= "</ul>";
return $output;
}
答案 0 :(得分:1)
我希望你需要引用你的变量:
$query = "UPDATE pages SET
featured_position ='{$featured_position}'
WHERE menu_name = '{$name}'";
<强>无论其强>
您应该真正考虑转移到PDO
或mysqli_*
。它不仅可以帮助您编写更安全的代码 - 您的代码中目前存在SQL注入漏洞 - 但它会为您处理所有引用。
编辑:
$output .= " <div id=\"$page[id]\" style='display: none'><select name='featured_position_{$counter}'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option></select></div>";
$output .= " <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'none';\" type=\"radio\" name=\"visible_{$counter}\" value=\"0\" checked=\"checked\" /> No <input onclick=\"javascript:document.getElementById('$page[id]').style.display = 'block';\" type=\"radio\" name=\"visible_{$counter}\" value=\"1\" /> Yes";
我已经重命名单选按钮,以便将它们称为'visible_';这将允许您在更新查询中使用页面的ID。我也重命名了select,所以每一行都有自己的select,名为'featured_position _'。
我认为你必须有一个循环来检查每个值:
$page_set = get_all_pages();
while ($page = mysql_fetch_array($page_set)) {
$id = $_POST["visible_" . $page["id"]];
$featured_position = $_POST['featured_position_' . $page["id"];
$query = "UPDATE pages SET
featured_position = '{$featured_position}'
WHERE id = '{$name}'";
我认为这应该足够了。
答案 1 :(得分:0)
首先,PHP mysql API已被弃用,并且很大程度上是&#34;未推荐的#34;。你应该使用MySQLi,你不必这么做,但它几乎是一样的,这就是我建议的原因。
当我第一眼看到时,我在您的一个查询中看到了这个问题:
"UPDATE pages SET
featured_position = {$featured_position}
WHERE menu_name = {$name}";
据推测{$name}
是一个字符串。所以你的查询以WHERE menu_name = string
结尾,而它应该用引号括起来。
"UPDATE pages SET
featured_position = {$featured_position}
WHERE menu_name = '{$name}' ";