dongtan4046 2011-06-19 06:32
浏览 28
已采纳

可插入插件的问题

Problem with jeditable. Want to change user information on the fly but it doesn't work. during debugging it shows POST ok, no error, no success

My code (index.php)

<script src="http://code.jquery.com/jquery-latest.js"></script>
<script src="js/jquery.jeditable.js"></script>
<script type="text/javascript" charset="utf-8">
$(document).ready(function() {
  $(".dblclick").editable("change.php", { 
    submitdata : {userid: "<?=$id?>"},
     id   : 'elementid',
     name : 'newvalue',
      indicator : "<img src='styles/images/ui-anim_basic_16x16.gif'>",
      tooltip   : "click to edit",
      event     : "dblclick",
      style  : "inherit"
  });
  });
  </script>
...
<div id="fullname" class="dblclick" ><?=$person->fullname?></div>

change.php

<?php
require 'db.php';
$id=$_POST['userid'];
$field=$_POST['elementid'];
$newvalue=$_POST['newvalue'];
if(isset ($id) && isset($field) && isset($newvalue) )
{$query =  $db->query("UPDATE usr_table  SET '$field'='$newvalue' WHERE id = '$id'")  or die(mysqli_errno());
    }
?>

Where am i wrong?

  • 写回答

1条回答 默认 最新

  • dsxml2169 2011-06-19 15:58
    关注

    You have to use backticks around column names, not quotes. However, I must note that the way this code is written is extremely insecure. You should never, ever put GET POST variables directly into a database query.

    This is better:

    <?php
    require 'db.php';
    
    function fail($msg) {
        header('HTTP/1.0 404 Not Found');
        die($msg);
    }
    
    $id = (int)@$_POST['userid'];
    if (!$id) fail('User ID invalid or missing.', 404);
    
    $field = @$_POST['elementid'];
    $allowed_fields = array('fullname','dob','phone','adress','school','info');
    if (!in_array($field, $allowed_fields)) fail('Invalid or missing field.', 404);
    
    $newvalue = $db->real_escape_string(@$_POST['newvalue']);
    
    $db->query("UPDATE usr_table SET `$field`='$newvalue' WHERE id=$id") or fail($db->error);
    
    $q = $db->query("SELECT `$field` from usr_table where id=$id") or fail($db->error);
    if ($r = $q->fetch_row()) echo $r[0];
    else fail('User not found.');
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 C#调用python代码(python带有库)
  • ¥15 矩阵加法的规则是两个矩阵中对应位置的数的绝对值进行加和
  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面