dongshuzhuo5659 2014-03-25 22:02
浏览 26
已采纳

使用表单的PHP Mysql更新表不会更新

Ok so I am trying to get my form to update my table to edit a contact but for some reason with 0 errors it just won't update and I just can not figure out why as it all looks good to me.

Here is the edit contact script 

// Connect to database
$dbc = mysql_connect("localhost", "root");
if (!$dbc) 
    die("Could not connect: " . mysql_error());

// Select database
$db_select = mysql_select_db( "contactmanager", $dbc );
if (!$db_select)
    die("Could not select DB: " . mysql_error());


// Build update function for form
if(isset($_POST['update'])){
    mysql_query("UPDATE contacts SET Name='$_POST[name]', Address='$_POST[address]', Phone='$_POST[phone]', Mobile='$_POST[mobile]', Email='$_POST[email]' WHERE ContactID = $contactID") or trigger_error(mysql_error());

    echo 'Update has been pushed and fucntion has run';


} else {
    echo 'Update has not been pushed.';
}

// initialize form control values
$name = '';
$address = '';
$phone = '';
$mobile = '';
$email = '';

// Get ID of contact selected for editing
$contactID = $_GET['id'];

// build sql select statement
$query = "SELECT * FROM contacts WHERE ContactID = '$contactID'";

// Run sql statement against database
$result = mysql_query($query, $dbc);

if ($result) {

    $row = mysql_fetch_assoc($result);

    $name = $row["Name"];
    $address = $row["Address"];
    $phone = $row["Phone"];
    $mobile = $row["Mobile"];
    $email = $row["Email"];
}
else { 
    // If there is an error display message
    echo '<p><b class="error">Error with $rst: ' . mysql_error($dbc) . '</b></p>';
}

?>


    <form name="editcontact" method="post" action="edit-contact.php" id="editcontact">
        <fieldset>
            <dl>
                <dt><label for="name">Name</label></dt>
                <dd><input name="name" type="text" value="<?php echo $name; ?>" size="33" maxlength="50" tabindex="1" /></dd>
            </dl>   
            <dl>
                <dt><label for="address">Address</label></dt>
                <dd><textarea name="address" cols="33" rows="5" tabindex="2"><?php echo $address; ?></textarea></dd>
            </dl>   
            <dl>
                <dt><label for="phone">Phone</label></dt>
                <dd><input name="phone" value="<?php echo $phone; ?>" type="text" size="33" maxlength="50" tabindex="3" /></dd>
            </dl>   
            <dl>
                <dt><label for="mobile">Mobile</label></dt>
                <dd><input name="mobile" value="<?php echo $mobile; ?>" type="text" size="33" maxlength="50" tabindex="4" /></dd>
            </dl>
            <dl>
                <dt><label for="Email">Email</label></dt>
                <dd><input name="email" value="<?php echo $email; ?>" type="text" size="33" maxlength="50" tabindex="5" /></dd>
            </dl>
            <dl>
                <dt></dt>
                <dd><input type="submit" value="Update" name="update" tabindex="6" style="margin-left:7.3%;" /></dd>
                <dd><a href="list-contacts.php" alt="Contacts List"><p style="margin-left:7.3%;">Back to contacts list</p></a></dd>
            </dl>

        </fieldset>
    </form>

<?php


?>
  • 写回答

2条回答 默认 最新

  • duanfan1869 2014-03-25 22:56
    关注

    Everything outside of the if(isset($_POST['update'])){...} conditional statement will be ignored upon submitting, which is where your $contactID = $_GET['id']; is presently located.

    Place it within the conditional statement.

    <?php
...

if(isset($_POST['update'])){

    // $contactID = $_GET['id']; // original
    $contactID = intval($_GET['id']); // recommended for (INT) type
    $name = mysql_real_escape_string($_POST['name']); // etc.

...

}

    Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

    You should change:

    $name = $_POST['name'];

    to:

    $name = mysql_real_escape_string($_POST['name']);

    for the time being, and do the rest for the others, following the same convention.

    Then do SET Name='$name' etc., and do the same for the others. That will give you some security until you get familiar with prepared statements, or PDO.

    mysql_* functions deprecation notice:

    http://www.php.net/manual/en/intro.mysql.php

    This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

    These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

    Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

    Here are a few tutorials on prepared statements that you can study and try:

    Here are a few tutorials on PDO:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器