douchuang8359 2013-10-24 18:39
浏览 56
已采纳

用户更新MySQL数据库条目的PHP表单

I'm trying to allow users to add new records and update existing fields in a MySQL database using a PHP form.

I've built the form and users can add new records, but when I modify the $add function to use UPDATE instead of INSERT INTO, it uses the values that have been entered into the form to update all of the records instead of just the one that has been edited.

The full code is here: http://pastebin.com/s0TBUYgK

The UPDATE query that I've tried to replace the INSERT INTO query on line 20 with is:

$add = "UPDATE albums SET name = '$name', artist = '$artist', year = '$year'";
  • 写回答

2条回答 默认 最新

  • dsvyc66464 2013-10-24 18:43
    关注

    You don't have a where clause to restrict the update to just the one record being editted, e.g...

    UPDATE albums SET .... WHERE id=$id;
                       ^^^^^^^^^^^^

    Remember that sql tends to be the sort of thing where "the less you specify, the more you get".

    Given that sort of elementary error, I'm going to guess that you've also done NO sanitization and escaping on the data in $name, $artist, and $year, meaning your code is vulnerable to SQL injection attacks.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 哪个tomcat中startup一直一闪而过 找不出问题
  • ¥15 这个怎么改成直流激励源给加热电阻提供5a电流呀
  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网