douchuang8359 2013-10-24 18:39
浏览 56
已采纳

用户更新MySQL数据库条目的PHP表单

I'm trying to allow users to add new records and update existing fields in a MySQL database using a PHP form.

I've built the form and users can add new records, but when I modify the $add function to use UPDATE instead of INSERT INTO, it uses the values that have been entered into the form to update all of the records instead of just the one that has been edited.

The full code is here: http://pastebin.com/s0TBUYgK

The UPDATE query that I've tried to replace the INSERT INTO query on line 20 with is:

$add = "UPDATE albums SET name = '$name', artist = '$artist', year = '$year'";
  • 写回答

2条回答 默认 最新

  • dsvyc66464 2013-10-24 18:43
    关注

    You don't have a where clause to restrict the update to just the one record being editted, e.g...

    UPDATE albums SET .... WHERE id=$id;
                       ^^^^^^^^^^^^

    Remember that sql tends to be the sort of thing where "the less you specify, the more you get".

    Given that sort of elementary error, I'm going to guess that you've also done NO sanitization and escaping on the data in $name, $artist, and $year, meaning your code is vulnerable to SQL injection attacks.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 R语言卸载之后无法重装,显示电脑存在下载某些较大二进制文件行为,怎么办
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?
  • ¥15 关于#vue.js#的问题:修改用户信息功能图片无法回显,数据库中只存了一张图片(相关搜索:字符串)
  • ¥15 texstudio的问题,