doushi3322 2019-01-11 22:04
浏览 26
已采纳

使用POST通过HTML表单更新值将检索旧值

I'm working on a CRUD system and currently, I am in the Update section. I have old values from users that need to be updated to new ones through an HTML form.

Right now I am trying to retrieve the POST values from the HTML form set to the post method. After that, I update the user info with the new values gained from the POST request. 

<?php
$oldId = $_GET['id'];
$conn = mysqli_connect('localhost', 'root', '')
or die('Verbinding met database server is mislukt.');
mysqli_select_db($conn, 'crudopdracht')
or die('De database is niet beschikbaar');
$query = "SELECT * FROM gebruikers WHERE id = $oldId";
$result = mysqli_query($conn, $query)
or die (mysqli_error($conn));
while ($row = mysqli_fetch_assoc($result)){
    $naam = $row['naam'];
    $leeftijd = $row['leeftijd'];
    $gender = $row['gender'];
    $locatie = $row['locatie'];
};
?>
<form action="" method="post">
    <label for="id">ID:</label><br>
    <input type="text" id="id" name="id" <?php echo 'placeholder="' . $oldId . '"><br>';?>
    <label for="naam">Naam:</label><br>
    <input type="text" id="naam" name="naam" <?php echo 'placeholder="' . $naam . '"><br>';?>
    <label for="leeftijd">Leeftijd:</label><br>
    <input type="text" id="leeftijd" name = "leeftijd" <?php echo 'placeholder="' . $leeftijd . '"><br>';?>
    <label for="gender">Geslacht:</label><br>
    <input type="text" id="gender" name="gender" <?php echo '[placeholder="' . $gender . '"><br>';?>
    <label for="locatie">Locatie:</label><br>
    <input type="text" id="locatie" name = "locatie" <?php echo 'placeholder="' . $locatie . '"><br><br>';?>
    <input type="submit" value="Verstuur" id="submit" name="submit">
</form>
</div>
<?php
if(isset($_POST["submit"])){
    echo 'hello';
    $id = $_POST["id"];
    $naam = $_POST["naam"];
    $leeftijd = $_POST["leeftijd"];
    $gender = $_POST["gender"];
    $locatie = $_POST["locatie"];
    $query2 = "UPDATE gebruikers SET id = $id, naam = $naam, leeftijd = $leeftijd, gender = $gender, locatie = $locatie WHERE id = $oldId";
    mysqli_query($conn,$query2);
}
?>

In my opinion, I expect the values to change to the new ones set in the HTML form, but they always return the old values.

  • 写回答

1条回答 默认 最新

  • dongzhang6544 2019-01-11 22:19
    关注

    SQL injection issues aside (as you've stated it isn't in scope of the particular issue), you need to correctly format your SQL query for any non-integer values, so that they are encapsulated with quotes ('[value]').

    Your query would current run as:

    UPDATE gebruikers ( id = somevalue, naam = somevalue, leeftijd = somevalue, gender = somevalue, locatie = somevalue WHERE id = 12345`

    In this query, SQL would attempt to interpret your values as entities (columns, tables), which is obviously not what you want.

    So, although you should never inject user input values into a query, the following should fix your issue:

    Change

    $query2 = "UPDATE gebruikers SET id = $id, naam = $naam, leeftijd = $leeftijd, gender = $gender, locatie = $locatie WHERE id = $oldId";

    to 

    $query2 = "UPDATE gebruikers SET id = $id, naam = '$naam', leeftijd = '$leeftijd', gender = '$gender', locatie = '$locatie' WHERE id = $oldId";`

    Assuming id is an INT field, and the others are strings.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog