douju1852 2014-10-19 05:44
浏览 16
已采纳

使用表单更新不会工作php

I was trying to make a update form to update notifications on my database but it wont do nothing i don't even get a error so that means there is nothing wrong with my syntax so maybe i did something wrong on the query ?

code :

<?php
include 'core/int.php';
admin_protect();
include 'includes/head.php';
include 'head.php';
include 'includes/body.php';
include 'body.php';
?>       
<?php
if(!isset($_POST['submit'])){
$sql="SELECT * FROM Notification WHERE id = $_GET[edit]";
$data=mysql_query($sql);
$not_data = mysql_fetch_array($data);
}
//What i want to update also i know this is vulnerable to a sql injection ill sanitize it later 
    if(isset($_POST['submit'])){
    $sql = "UPDATE Notification SET name = '$_POST[name]' WHERE id = '$_POST[id]'";
    mysql_query($sql);
    }
?>
<pre>      
  <form action="" method="post"> 
<div class="input-group input-group-lg">
  <span class="input-group-addon">Name</span>
  <input type="text" name="name" class="form-control" value="<?php echo $not_data['name'];?>">
</div>
<div class="input-group input-group-lg">
  <span class="input-group-addon">Date</span>
  <input type="text" name="Date" class="form-control" value="<?php echo $not_data['date'];?>">
</div>
<div class="input-group input-group-lg">
  <span class="input-group-addon">Content</span>
  <textarea type="text" name="content" class="form-control" rows="3"><?php echo $not_data['content'];?></textarea>
</div>
<div class="input-group input-group-lg">
  <select class="form-control" name="active">
  <?php if($not_data['active'] == 'Active'){
  echo '
  <option>Active</option>
  <option>Not Active</option>
  ';
  } else if($not_data['active'] == 'Not Active'){
  echo '<option>Not Active</option>
  <option>Active</option>
  ';
  }?>
 </select>
</div>
<div class="input-group input-group-lg">
  <select class="form-control" name="new">
  <?php if($not_data['new'] == 'New'){
  echo '
  <option>New</option>
  <option>Old</option>
  ';
  } else if($not_data['new'] == 'Old'){
  echo '<option>Old</option>
  <option>New</option>
  ';
  }?>
 </select>
</div>
<div class="input-group input-group-lg">
  <select class="form-control" name="posted_by">
  <option>Sincearly , Duckys Inc Team</option>
  <option>Sincearly , <?php echo $user_data['username'];?></option>
 </select>
</div>
 <div>
 <input type="hidden" name="id" value="<?php echo $_GET['edit'];?>">
<input type="submit" value="Edit" class="btn btn-primary btn-lg">
</div>
<?php print_r($_POST);?>
 </form>
 </pre>
  • 写回答

1条回答 默认 最新

  • dpsr1670 2014-10-19 05:49
    关注

    Try adding single quotes to this statement:

    $sql="SELECT * FROM Notification WHERE id = $_GET[edit]";

    TO:

    $sql="SELECT * FROM Notification WHERE id = '$_GET[edit]'";

    On a side note, you are opening yourself up to injections. If $_GET['edit'] is supposed to be a number, then you should either do an if(is_numeric($_GET['edit'])) or preg_replace('/[^0-9]/',"",$_GET['edit']) at the very least.

    Same goes for:

    "UPDATE Notification SET name = '$_POST[name]' WHERE id = '$_POST[id]'";

    Best case is to change to a safe an non-depricated mysql function list like PDO or mysqli_. Below is a simple DB class I like to give out that has has helped some folks switch over from mysql to (in this case) PDO:

    <?php
    class   DBEngine
        {
            public  $con;
            public  $errors;
            public  function __construct($host="localhost",$db = "dbname",$user="db_userName",$pass="mypassword")
                {
                    try {
                            $this->con  =   new PDO("mysql:host=$host;dbname=$db",$user,$pass, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));
                        }
                    catch (Exception $e) {
                          return 0;
                        }
                }

            // Simple fetch and return method
            public  function Fetch($_sql)
                {
                    $query  =   $this->con->prepare($_sql);
                    $query->execute();
                    $this->errors['fetch'][]    =   $query->errorInfo();

                    if($query->rowCount() > 0) {
                            while($rows = $query->fetch(PDO::FETCH_ASSOC)) {
                                    $array[]    =   $rows;
                                }
                        }

                    return (isset($array) && $array !== 0 && !empty($array))? $array: 0;
                }

            // Simple write to db method
            public  function Write($_sql)
                {
                    $query  =   $this->con->prepare($_sql);
                    $query->execute();
                    $this->errors['insert'][]   =   $query->errorInfo();
                }
        }

// Initiate new DBEngine App
$query  =   new DBEngine();

include('core/int.php');
admin_protect();
include('includes/head.php');
include('head.php');
include('includes/body.php');
include('body.php');

if(isset($_POST['submit']))
    $query->Write("UPDATE Notification SET name = '".htmlentities($_POST['name'], ENT_QUOTES)."' WHERE id = '".preg_replace('/[^0-9]/',"",$_POST['id'])."'");
    else {
            if(is_numeric($_GET['edit']))
                $not_data   =   $query->Fetch("SELECT * FROM Notification WHERE id = '".$_GET['edit']."'");
        }

    if(isset($not_data) && $not_data !== 0) { ?>
<pre>      
    <form action="" method="post"> 
        <div class="input-group input-group-lg">
            <span class="input-group-addon">Name</span>
            <input type="text" name="name" class="form-control" value="<?php echo $not_data[0]['name'];?>">
        </div>
        <div class="input-group input-group-lg">
            <span class="input-group-addon">Date</span>
            <input type="text" name="Date" class="form-control" value="<?php echo $not_data[0]['date'];?>">
        </div>
        <div class="input-group input-group-lg">
            <span class="input-group-addon">Content</span>
            <textarea type="text" name="content" class="form-control" rows="3"><?php echo $not_data[0]['content'];?></textarea>
        </div>
        <div class="input-group input-group-lg">
            <select class="form-control" name="active"><?php
                if($not_data[0]['active'] == 'Active'){ ?>
                <option>Active</option>
                <option>Not Active</option><?php }
                elseif($not_data['active'] == 'Not Active'){ ?>
                <option>Not Active</option>
                <option>Active</option><?php } ?>
            </select>
        </div>
        <div class="input-group input-group-lg">
            <select class="form-control" name="new"><?php
            if($not_data[0]['new'] == 'New') { ?>
                <option>New</option>
                <option>Old</option><?php }
            elseif($not_data[0]['new'] == 'Old') { ?>
                <option>Old</option>
                <option>New</option><?php }?>
            </select>
        </div>
        <div class="input-group input-group-lg">
            <select class="form-control" name="posted_by">
                <option>Sincearly , Duckys Inc Team</option>
                <option>Sincearly , <?php echo $user_data[0]['username'];?></option>
            </select>
        </div>
        <div>
            <input type="hidden" name="id" value="<?php echo strip_tags($_GET['edit']);?>">
            <input type="submit" name="submit" value="Edit" class="btn btn-primary btn-lg">
        </div>
    </form>
    <?php
    print_r($_GET);
    print_r($_POST); 
    print_r($query->errors); ?>
</pre>
 <?php }
 else { ?>Invalid Id.<?php } ?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 R语言卸载之后无法重装,显示电脑存在下载某些较大二进制文件行为,怎么办
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?
  • ¥15 关于#vue.js#的问题:修改用户信息功能图片无法回显,数据库中只存了一张图片(相关搜索:字符串)
  • ¥15 texstudio的问题,