1

我正在研究 php,我在更新数据库中的记录时遇到了麻烦,这是我的代码。每次我输入 ?id=14 或任何与数据库中的记录相对应的数字时,它都不会在文本框中显示任何记录。我没有错误,但问题是它没有显示记录

<HTML>
<?php
$submit = isset($_POST['submit']);
$update = isset($_POST['update']);
$id = isset($_GET['id']);

if($submit)
{
    $first = $_POST['first'];
    $last = $_POST['last'];
    $nickname = $_POST['nickname'];
    $email = $_POST['email'];
    $salary = $_POST['salary'];

$db = mysql_connect("localhost", "root","");
mysql_select_db("dbtry",$db);
$sql = "INSERT INTO personnel (firstname, lastname, nick, email, salary) VALUES ('$first','$last','$nickname','$email','$salary')";
$result = mysql_query($sql);
echo "Thank you! Information entered.\n";
}
else if($update)
{
    $first = $_GET['first'];
    $last = $_GET['last'];
    $nickname = $_GET['nickname'];
    $email = $_GET['email'];
    $salary = $_GET['salary'];
$db = mysql_connect("localhost", "root","");
mysql_select_db("dbtry",$db);
$sql = "UPDATE personnel SET firstname='$first',lastname='$last',nick='$nickname',email='$email',salary='$salary' WHERE id=$id";
$result = mysql_query($sql);
echo "Thank you! Information updated.\n";
}
else if($id)
{
$db = mysql_connect("localhost", "root", "");
mysql_select_db("dbtry",$db);
$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);
$myrow = mysql_fetch_array($result);
?>
<form method="get" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="hidden" name="id" value="<?php echo $myrow["id"]?>">
First name:<input type="Text" name="first" value="<?php echo $myrow['firstname'];?>"><br>
Last name:<input type="Text" name="last" value="<?php echo $myrow['lastname'];?>"><br>
Nick Name:<input type="Text" name="nickname" value="<?php echo $myrow['nick'];?>"><br>
E-mail:<input type="Text" name="email" value="<?php echo $myrow['email'];?>"><br>
Salary:<input type="Text" name="salary" value="<?php echo $myrow['salary'];?>"><br>
<input type="Submit" name="update" value="Update information"></form>
<?php
}
else
{
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
First name:<input type="Text" name="first"><br>
Last name:<input type="Text" name="last"><br>
Nick Name:<input type="Text" name="nickname"><br>
E-mail:<input type="Text" name="email"><br>
Salary:<input type="Text" name="salary"><br>

<input type="Submit" name="submit" value="Enter information"></form>
<input type="Submit" name="update" value="Update information">
<?
}
?>
</HTML>

-- :(

4

3 回答 3

1

$id只包含是否$_GET['id']设置的事实,而不是它的实际值。用这个替换它:

$id = isset($_GET['id']) ? $_GET['id'] : null;

此外,确保在输出之前(使用)和将其放入数据库查询文本(使用或者甚至更好的 PDO)之前转义所有用户输入。htmlspecialcharsmysql_real_escape_string

于 2012-04-07T15:39:16.433 回答
1

尝试测试:

$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db) OR DIE (MYSQL_ERROR());
于 2012-04-07T15:42:30.540 回答
0

$id的设置为truefalsein line 5。代替:

$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);

else if($id)

$result = mysql_query("SELECT * FROM `personnel` WHERE `id` = " . mysql_real_escape_strig($_GET['id']), $db);
于 2012-04-07T15:48:59.913 回答