dongtuota3633 2015-06-22 20:56
浏览 25
已采纳

如果变量少于几个字符,则PHP / MySQL仅更新

I've got an update query running so that events in the database can be updated.

For example, the event record table :

table from mysql

Now, when I want to edit the record, I import all the current data from one and show it on a webpage, so that the user can edit the data, as shown:

page with prefilled info

However, if I submit that page and the event description is more than a few characters long it does not update at all. Here is my PHP/MySQL Code:

$event_title=$_POST['event_title'];
$event_desc=$_POST['event_desc'];
$event_date_start = $_POST['event_date_start'];
$event_date_end = $_POST['event_date_end'];
$db = mysql_select_db("millyaca_events", $connection);

mysql_query("UPDATE events set event_title='$event_title', event_desc='$event_desc', event_date_start='$event_date_start', event_date_end='$event_date_end' where unique_ID='$ID'", $connection);

Only just started learning PHP and MySQL so apologies if it's a really stupid mistake.

Here is the complete submit button script:

if (isset($_POST['submit'])) {
    $ID = $_GET['ID'];
    $event_title=$_POST['event_title'];
    $event_desc=$_POST['event_desc'];
    $event_date_start = $_POST['event_date_start'];
    $event_date_end = $_POST['event_date_end'];
    // Establishing Connection with Server by passing server_name, user_id and password as a parameter
    $connection = mysql_connect("localhost", "removed username", "removed password");
    // Selecting Database
    $db = mysql_select_db("millyaca_events", $connection);
    // SQL query to fetch information of registerd users and finds user match.
    mysql_query("UPDATE events set event_title='$event_title', event_desc='$event_desc', event_date_start='$event_date_start', event_date_end='$event_date_end' where unique_ID='$ID'", $connection);
    mysql_close($connection); // Closing Connection
    header("location: https://www.millyacademy.com/admin-zone/events_management/"); // Redirecting To Other Page        
    }
  • 写回答

2条回答 默认 最新

  • dongnaigu2052 2015-06-22 21:32
    关注

    From the comments we've debugged this to being an apostraphe/quote in the data being passed to the query. To resolve this with your current DB driver use, mysql_real_escape_string, http://php.net/manual/en/function.mysql-real-escape-string.php.

    You should switch to MySQLi or PDO though in the future and use prepared statements.

    Here's a functional usage (untested, so maybe not functional?) using your current code.

    if (isset($_POST['submit'])) {
    $ID = (int)$_GET['ID']; //force this to an int, or you could also escape
    $event_title= mysql_real_escape_string($_POST['event_title']);
    $event_desc= mysql_real_escape_string($_POST['event_desc']);
    $event_date_start = mysql_real_escape_string($_POST['event_date_start']);
    $event_date_end = mysql_real_escape_string($_POST['event_date_end']);
    // Establishing Connection with Server by passing server_name, user_id and password as a parameter
    $connection = mysql_connect("localhost", "removed username", "removed password");
    // Selecting Database
    $db = mysql_select_db("millyaca_events", $connection);
    // SQL query to fetch information of registerd users and finds user match.
    mysql_query("UPDATE events set event_title='$event_title', event_desc='$event_desc', event_date_start='$event_date_start', event_date_end='$event_date_end' where unique_ID='$ID'", $connection);
    mysql_close($connection); // Closing Connection
    header("location: https://www.millyacademy.com/admin-zone/events_management/"); // Redirecting To Other Page        
    }

    It is best to never pass user data directly to your queries.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?