我有此代码:
<?php
include("protected.php");
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$merk = $model = $threshold = "";
$merk_err = $model_err = $threshold_err = "";
$prodID = $_GET["id"];
// Processing form data when form is submitted
if(isset($_POST["id"]) && !empty($_POST["id"])){
// Get hidden input value
$id = $_POST["id"];
// Validate merk
$input_merk = trim($_POST["merk"]);
if(empty($input_merk)){
$merk_err = "Please enter a merk.";
} elseif
(!filter_var($input_merk, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$merk_err = "Please enter a valid merk.";
} else{
$merk = $input_merk;
echo $merk;
}
// Validate model
$input_model = trim($_POST["model"]);
if(empty($input_model)){
$model_err = "Please enter the model.";
}else{
$model = $input_model;
}
// Validate threshold threshold
$input_threshold = trim($_POST["threshold"]);
if(empty($input_threshold)){
$threshold_err = "Please enter an threshold.";
} else{
$threshold = $input_threshold;
}
// Check input errors before inserting in database
if(empty($merk_err) && empty($model_err) && empty($threshold_err)){
// Prepare an update statement
$sql = "UPDATE products SET merk=?, model=?,threshold=? WHERE id= ". $_POST["id"];
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssi", $param_merk, $param_model, $param_threshold);
// Set parameters
$param_merk = $merk;
$param_model = $model;
$param_threshold = $threshold;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: inventory.php");
exit();
}
else
{
echo "Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
else
{
// Check existence of id parameter before processing further
if(isset($_GET["id"]) && !empty(trim($_GET["id"]))){
// Get URL parameter
$id = trim($_GET["id"]);
// Prepare a select statement
$sql = "SELECT * FROM employees WHERE id = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_id);
// Set parameters
$param_id = $id;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$name = $row["name"];
$threshold = $row["threshold"];
$model = $row["model"];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: error.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
mysqli_stmt_close($stmt);
}
// Close statement
// Close connection
// mysqli_close($link);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: error.php");
exit();
}
}
$sql1 = "SELECT * FROM products WHERE id = ".$prodID;
if($result1 = mysqli_query($link, $sql1)){
if(mysqli_num_rows($result1) > 0){
$row1 = mysqli_fetch_array($result1);
// Free result set
mysqli_free_result($result1);
} else{
echo "<p class='lead'><em>Er zijn momenteel geen producten</em></p>";
}
}
else{
echo "ERROR: Could not able to execute $sql1. " . mysqli_error($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Update Record</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.19/css/dataTables.bootstrap4.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
<script src="https://cdn.datatables.net/1.10.19/js/dataTables.bootstrap4.min.js"></script>
<style type="text/css">
.wrapper{
width: 500px;
margin: 0 auto;
}
</style>
</head>
<body>
<?php include_once("navbar.html"); ?>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2>Update Record</h2>
</div>
<p>Please edit the input values and submit to update the record.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group <?php echo (!empty($merk_err)) ? 'has-error' : ''; ?>">
<label>Merk</label>
<input type="text" name="merk" class="form-control" value="<?php echo $row1['merk']; ?>">
<span class="help-block"><?php echo $merk_err;?></span>
</div>
<div class="form-group <?php echo (!empty($model_err)) ? 'has-error' : ''; ?>">
<label>Model</label>
<input type="text" name="model" class="form-control" value="<?php echo $row1['model']; ?>">
<span class="help-block"><?php echo $model_err;?></span>
</div>
<div class="form-group <?php echo (!empty($threshold_err)) ? 'has-error' : ''; ?>">
<label>Threshold</label>
<input type="text" name="threshold" class="form-control" value="<?php echo $row1['threshold']; ?>">
<span class="help-block"><?php echo $threshold_err;?></span>
</div>
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<input type="submit" class="btn btn-primary" value="Submit">
<a href="index.php" class="btn btn-default">Cancel</a>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
当您输入正常单词时,它可以正常工作。但是例如在merk字段中,如果您键入一些内容然后输入“;”,则会出现此错误:
因此它不会插入数据库。他们有什么解决方案可以将所有内容都转换为文本以便插入吗?当我在模型字段中键入“;时,它工作正常,因此显示为”;在数据库中,但是当您刷新页面时,它不再显示“;”。