无法在数据库中更新

时间:2015-12-23 06:27:58

标签: php mysql

我有问题,数据没有在数据库中更新。

我收到了这条消息:

  

0行已更新:update studyplan set complated ='',passing =''where courseid = '41'

<body>
<form action="up.php" name="frmAdd" method="post">
    <div align='center'>
        <table border='1' cellpadding='5' cellspacing='1' id='mytable'>
            <tr align='center'>
                <th>courseid</th>
                <th>code</th>
                <th>Title</th>
                <th>Cr</th>
                <th>prerequisite</th>
                <th>STDid</th>
                <th>complated</th>
                <th>passed</th>
            </tr>
<?php
error_reporting(0);
include('config.php');
$sql="select * from studyplan";
$result=mysql_query($sql);
while ($row = mysql_fetch_array($result)){
    $id=$row['courseid'];
    $code=$row['code'];
    $Title=$row['title'];
    $cr=$row['cr'];
    $pre=$row['prerequisite'];
    $std=$row['std_id'];
    $complated=$row['complated'];
    $passed=$row['passed'];
    echo "
            <tr  class='edit_tr' id='$id'>
                <td class='edit_td'>
                    <span class='text' id='one_$id' >$id </span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='one_$id' >$code </span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='two_$id' >$Title</span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='three_$id' >$cr</span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='three_$id' >$pre</span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='three_$id' >$std</span>
                </td> 
                <td class='edit_td'>
                    <span class='text' id='three_$id' ></span>
                    <select name='complated' id='complated'>
                        <option value=''>Yes</option>
                        <option value=''>No</option>
                    </select>
                </td>
                <td class='edit_td'>
                    <span class='text' id='three_$id' ></span>
                    <select name='passed' id='passed'>
                        <option value=''>Yes</option>
                        <option value=''>No</option>
                    </select>
                </td> 
            </tr>";  
}

echo '<input type="hidden" name="courseid" value="' . $id . '" />';
?>
                <p align="center"><a href="year.html">Go Back</a> </p>
                <input type="submit" name="submit" value="save" class="button">
            </tr>
        </table>
    </form>
</div>
</body>
</html>
当用户单击是或否时,

用于完成和传递选择选项的PHP更新。 

<?php 
$usr    =   "fsdf";
$pwd    =   "dfg";
$db     =   "data6";
$host   =   "localhost";
$cid    =   mysql_connect($host,$usr,$pwd);

if (!$cid) {
    echo("ERROR: " . mysql_error() . "\n");
}
?>

<?php 
if ($_SERVER['REQUEST_METHOD'] == "POST") { 
    $id=$_POST['courseid'];
    $complated=$_POST['complated'];
    $passed=$_POST['passed'];

    $SQL= "update studyplan ";
    $SQL.= " set complated = '".$complated."', ";
    $SQL .= " passed =  '".$passed."' ";
    $SQL .= "where courseid = '".$id."' ";

    $result = mysql_db_query($db,"$SQL",$cid);

    if($result) {
         echo mysql_affected_rows() . " rows have been updated with: $SQL";
    } else {
        echo "data has not been updated";
    }
}
?>

2 个答案:

答案 0 :(得分:0)

                <select name='complated' id='complated'>
                    <option value=''>Yes</option>
                    <option value=''>No</option>
                </select>


                   <select name='passed' id='passed'>
                    <option value=''>Yes</option>
                    <option value=''>No</option>
                </select>

Niether会complated将任何 传递给您的PHP,passed也不会。

由于没有任何值,并且由于此错误而您已将其消隐,因此数据不会再次更新。

<强>提示 

<option value='1'>Yes</option>
               ^

而且,哦

How can I prevent SQL injection in PHP?

答案 1 :(得分:0)

目前的代码有几个问题:

  • 它易受SQL注入攻击。您应该使用准备好的SQL语句;
  • 它使用弃用的mysql_函数,你应该使用 mysqli _ 代替(或PDO);
  • 它可以抑制error_reporting(0)的错误,这在尝试解决问题时会适得其反,但应该始终避免;
  • HTML将具有非唯一的 id 属性值,这是不允许的;
  • 比开始标记更多TR结束;
  • 某些元素(如提交按钮)显示在表格中的无效位置。你应该把它们放在桌子外面;
  • 虽然表单将提交多个 complated 传递值,但不支持处理当前PHP代码中的多个项目。您可以将 courseid 附加到每个名称;
  • $ id 放置在input循环之外的隐藏while中,以便仅提交最后一行的ID。您应该将它放在循环中(在TD中),并且可以使用PHP可以作为值数组(name=courseid[])处理的名称;
  • 表单不显示 complated 传递列的当前数据库值。您应该使用selected选项属性。

以下是一些未经测试的代码来处理上述问题。

<强>形式: 

<body>
<form action="up.php" name="frmAdd" method="post">
    <div align='center'>
        <table border='1' cellpadding='5' cellspacing='1' id='mytable'>
            <tr align='center'>
                <th>courseid</th>
                <th>code</th>
                <th>Title</th>
                <th>Cr</th>
                <th>prerequisite</th>
                <th>STDid</th>
                <th>complated</th>
                <th>passed</th>
            </tr>
<?php
// don't set error reporting to 0!
include('config.php');
$sql="select * from studyplan";
$result=mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) { // use assoc
    $id=$row['courseid'];
    // use HTML with injected PHP values, and use bracket names for allowing
    // multiple rows to be submitted. The ID attributes must be unique
?>
            <tr  class='edit_tr' id='<?=$id?>'>
                <td class='edit_td'>
                    <input type="hidden" name="courseid[]" value="<?=$id?>" />
                    <span class='text' id='id_<?=$id?>' ><?=$id?></span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='code_<?=$id?>' ><?=$row['code']?></span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='title_<?=$id?>' ><?=$row['title']?></span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='cr_<?=$id?>' ><?=$row['cr']?></span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='pre_<?=$id?>' ><?=$row['prerequisite']?></span>
                </td>
                <td class='edit_td'>
                    <span class='text' id='std_<?=$id?>' ><?=$row['std_id']?></span>
                </td> 
                <td class='edit_td'>
                    <select name='complated_<?=$id?>' id='complated_<?=$id?>'>
                        <option value='Yes' <?=$row['complated']=='Yes' ? 'selected' : '' ?> >Yes</option>
                        <option value='No' <?=$row['complated']=='No' ? 'selected' : '' ?> >No</option>
                    </select>
                </td>
                <td class='edit_td'>
                    <select name='passed_<?=$id?>' id='passed_<?=$id?>'>
                        <option value='Yes' <?=$row['passed']=='Yes' ? 'selected' : '' ?> >Yes</option>
                        <option value='No' <?=$row['passed']=='No' ? 'selected' : '' ?> >No</option>
                    </select>
                </td> 
            </tr>
<?php
    }
?>
        </table>
        <p align="center"><a href="year.html">Go Back</a> </p>
        <input type="submit" name="submit" value="save" class="button">
    </form>
</div>
</body>
</html>

<强> up.php 

// use mysqli instead of mysql:
$cid    =   mysqli_connect($host, $usr, $pwd);
if (mysqli_connect_errno()) {
    die ("Connect failed: " . mysqli_connect_error());
}
if ($_SERVER['REQUEST_METHOD'] == "POST") { 
    // avoid SQL injection, by preparing the statement with parameters
    $SQL = "update studyplan set complated = ?, passed = ? where courseid = ?";
    $stmt = mysqli_prepare($cid, $SQL);
    // keep count of updated records
    $affected = 0;

    // we will receive several courseid values, so expect an array:
    $ids = $_POST['courseid'];
    foreach($ids as $id) {
        $complated = $_POST["complated_$id"];
        $passed = $_POST["passed_$id"];
        mysqli_stmt_bind_param($stmt, "ssi", $complated, $passed, intval($id));
        if(mysqli_stmt_execute($stmt)) {
             $affected += mysqli_affected_rows();
        } else {
            echo "error: data has not been updated for course $id<br>";
        }
    }
    echo "$affected records have been updated<br>";
    mysqli_stmt_close($stmt);
}

如上所述,以上是未经测试的,并且仍然存在一些错误处理以实现(例如,测试post参数的有效性)。此外,即使您未更改任何值,它也会在您提交时始终更新所有行。

但这至少可以帮助您解决目前面临的许多问题。之后,您可以考虑进一步改进和优化代码。

相关问题
最新问题