dongshuzhuo5659 2014-03-25 22:02
浏览 26
已采纳

使用表单的PHP Mysql更新表不会更新

Ok so I am trying to get my form to update my table to edit a contact but for some reason with 0 errors it just won't update and I just can not figure out why as it all looks good to me.

Here is the edit contact script 

// Connect to database
$dbc = mysql_connect("localhost", "root");
if (!$dbc) 
    die("Could not connect: " . mysql_error());

// Select database
$db_select = mysql_select_db( "contactmanager", $dbc );
if (!$db_select)
    die("Could not select DB: " . mysql_error());


// Build update function for form
if(isset($_POST['update'])){
    mysql_query("UPDATE contacts SET Name='$_POST[name]', Address='$_POST[address]', Phone='$_POST[phone]', Mobile='$_POST[mobile]', Email='$_POST[email]' WHERE ContactID = $contactID") or trigger_error(mysql_error());

    echo 'Update has been pushed and fucntion has run';


} else {
    echo 'Update has not been pushed.';
}

// initialize form control values
$name = '';
$address = '';
$phone = '';
$mobile = '';
$email = '';

// Get ID of contact selected for editing
$contactID = $_GET['id'];

// build sql select statement
$query = "SELECT * FROM contacts WHERE ContactID = '$contactID'";

// Run sql statement against database
$result = mysql_query($query, $dbc);

if ($result) {

    $row = mysql_fetch_assoc($result);

    $name = $row["Name"];
    $address = $row["Address"];
    $phone = $row["Phone"];
    $mobile = $row["Mobile"];
    $email = $row["Email"];
}
else { 
    // If there is an error display message
    echo '<p><b class="error">Error with $rst: ' . mysql_error($dbc) . '</b></p>';
}

?>


    <form name="editcontact" method="post" action="edit-contact.php" id="editcontact">
        <fieldset>
            <dl>
                <dt><label for="name">Name</label></dt>
                <dd><input name="name" type="text" value="<?php echo $name; ?>" size="33" maxlength="50" tabindex="1" /></dd>
            </dl>   
            <dl>
                <dt><label for="address">Address</label></dt>
                <dd><textarea name="address" cols="33" rows="5" tabindex="2"><?php echo $address; ?></textarea></dd>
            </dl>   
            <dl>
                <dt><label for="phone">Phone</label></dt>
                <dd><input name="phone" value="<?php echo $phone; ?>" type="text" size="33" maxlength="50" tabindex="3" /></dd>
            </dl>   
            <dl>
                <dt><label for="mobile">Mobile</label></dt>
                <dd><input name="mobile" value="<?php echo $mobile; ?>" type="text" size="33" maxlength="50" tabindex="4" /></dd>
            </dl>
            <dl>
                <dt><label for="Email">Email</label></dt>
                <dd><input name="email" value="<?php echo $email; ?>" type="text" size="33" maxlength="50" tabindex="5" /></dd>
            </dl>
            <dl>
                <dt></dt>
                <dd><input type="submit" value="Update" name="update" tabindex="6" style="margin-left:7.3%;" /></dd>
                <dd><a href="list-contacts.php" alt="Contacts List"><p style="margin-left:7.3%;">Back to contacts list</p></a></dd>
            </dl>

        </fieldset>
    </form>

<?php


?>
  • 写回答

2条回答 默认 最新

  • duanfan1869 2014-03-25 22:56
    关注

    Everything outside of the if(isset($_POST['update'])){...} conditional statement will be ignored upon submitting, which is where your $contactID = $_GET['id']; is presently located.

    Place it within the conditional statement.

    <?php
...

if(isset($_POST['update'])){

    // $contactID = $_GET['id']; // original
    $contactID = intval($_GET['id']); // recommended for (INT) type
    $name = mysql_real_escape_string($_POST['name']); // etc.

...

}

    Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

    You should change:

    $name = $_POST['name'];

    to:

    $name = mysql_real_escape_string($_POST['name']);

    for the time being, and do the rest for the others, following the same convention.

    Then do SET Name='$name' etc., and do the same for the others. That will give you some security until you get familiar with prepared statements, or PDO.

    mysql_* functions deprecation notice:

    http://www.php.net/manual/en/intro.mysql.php

    This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

    These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

    Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

    Here are a few tutorials on prepared statements that you can study and try:

    Here are a few tutorials on PDO:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 求螺旋焊缝的图像处理
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案
  • ¥50 yalmip+Gurobi
  • ¥20 win10修改放大文本以及缩放与布局后蓝屏无法正常进入桌面
  • ¥15 itunes恢复数据最后一步发生错误
  • ¥15 关于#windows#的问题:2024年5月15日的win11更新后资源管理器没有地址栏了顶部的地址栏和文件搜索都消失了