-1

请帮助我解决标题中指定的问题。

输入表单页面代码:

  <?
   db_connect();
  $query1 = "SELECT *, DATE_FORMAT(eventdate,'%m/%d/%y') AS 
   eventdate,DATE_FORMAT(throughdate,'%m/%d/%y') AS throughdate FROM events WHERE id = "     . mysql_real_escape_string($_REQUEST['id']);
  $result1 = mysql_query($query1) or die("Error - query failed " . mysql_error()); 

  if ( mysql_num_rows($result1) == 0 ) {
  print "<p>Error - no such event.</p>\n";
  return;
  }
 else {

 $qry_event1 = mysql_fetch_array($result1); 

  }

// default the formaction to the query
 if (! isset($_REQUEST['formaction']) ) { $_REQUEST['formaction'] = 'query'; }

?>
 <form name="eventform" method="post" action="act_updevent.php">
 <input type="hidden" name="submit_check" value="1">
 <input type="hidden" name="formaction" value="form">
  <!-- if we are editing, $id will exist.  Pass it along. -->
 <input type="hidden" name="id" value="<?php $qry_event1['id'];?>">
 <table>
 <tr>
 <td align="right" valign="center"><b><? displayformlabel('eventdate','Event Date:')?>  
  </b></td>
  <td><input name="eventdate" value="<? echo  $qry_event1['eventdate']; ?>">
  <a name="calendar1here" id="calendar1here" href="JavaScript:;"   
  onClick="cal1.select(document.forms[0].eventdate,'calendar1here','MM/dd/yy'); return    
  false;">
 <img src="resources/calendar.gif" alt="Calendar Icon" width="20" height="20"   
 border="0"></a>
 </td>
 </tr>

 <tr>
 <td align="right" valign="center"><b><? displayformlabel('throughdate','Through:')?>  
 </b></td>
 <td><input name="throughdate" value="<? echo $qry_event1['throughdate']; ?>">
 <a name="calendar2here" id="calendar2here" href="JavaScript:;" 
 onClick="cal2.select(document.forms[0].throughdate,'calendar2here','MM/dd/yy'); return    
 false;">
 <img src="resources/calendar.gif" alt="Calendar Icon" width="20" height="20" 
 border="0"></a>
 <span class="formnotes">Leave blank if only one day event</span>
 </td>
 </tr>

 <tr>
 <td align="right"><b><? displayformlabel('title','Event Title:')?></b></td>
 <td><input name="title" size="50" maxlength="50" value="<? echo $qry_event1['title'];? 
  >"></td>
 </tr>
 <tr>
 <td align="right"><? displayformlabel('website','Event Website:')?></td>
 <td><input name="website" size="50" maxlength="100" value="<? echo 
 $qry_event1['website']; ?>"></td>
 </tr>

 <tr>
 <td align="right"><? displayformlabel('email','Event Email:')?></td>
 <td><input name="email" size="50" maxlength="100" value="<? echo   
 $qry_event1['email'];?>"></td>
 </tr>

 <tr>
 <td align="right" valign="top"><? displayformlabel('notes','Notes:')?></td>
 <td><textarea name="notes" style="width: 320px; height: 60px;"><? echo  
 $qry_event1['notes']; ?></textarea></td>
 </tr>

 <tr>
 <td align="right"><? displayformlabel('venue','Venue:')?></td>

 <td><input name="venue" size="50" maxlength="50" value="<? echo $qry_event1['venue'];?  
  >"></td>
 </tr>

 <tr>
 <td align="right"><? displayformlabel('address','Address:')?></td>

 <td><input name="address" size="50" maxlength="50" value="<?echo   
 $qry_event1['address'];?>"></td>
  </tr>

  <tr>
  <td align="right"><? displayformlabel('city','City:')?></td>
  <td><input name="city" size="50" maxlength="50" value="<?echo $qry_event1['city'];?  
   >"></td>
  </tr>

   <tr>
  <td align="right"><? displayformlabel('state','State:')?></td>
  <td><input name="state" size="3" maxlength="2" value="<?echo $qry_event1['state'];?
   >"></td>
  </tr>

  <tr>
  <td align="right"><? displayformlabel('lat','Latitude:')?></td>
  <td><input name="lat" size="15" maxlength="15" value="<? echo $qry_event1['lat'];?>">  
  </td>
  </tr>

  <tr>
  <td align="right"><? displayformlabel('lon','Longitude:')?></td>
  <td><input name="lon" size="15" maxlength="15" value="<? echo $qry_event1['lon'];?>">
  &nbsp; &nbsp;
  <span class="formnotes"><a href="JavaScript:;" onclick="lookUp()">Look up</a>    
   coordinates using above address information.</span>
  </td>
 </tr>

  <tr>
  <td align="right"><? displayformlabel('accurate','Accurate:')?></td>
  <td><input name="accurate" type="checkbox" value="1" <?php if   
  (isset($qry_event1['accurate'])) { echo 'checked="checked"'; }?>>
  &nbsp; &nbsp; <a href="JavaScript:;" class="formnotes" onClick="window.open('<?php   
  print $vsf->self;?>?action=accuratehelp','helpwin','width=435,height=220');">Whats  
   this?</a> 
  </td>
  </tr>

  <tr>
  <td></td>
   <td><input type="submit" value="Submit"></td>
  </tr>

  </table>

  </form>

更新页面:

<?php
 // updates a record in the database

 // do validation (shared with update logic)
 $id = $_REQUEST['id'];
  $eventdate = $_REQUEST['eventdate'];
  $throughdate = $_REQUEST['throughdate'];
  $title = $_REQUEST['title'];
   $website = $_REQUEST['website'];
  $email = $_REQUEST['email'];
 $notes = $_REQUEST['notes'];
 $venue = $_REQUEST['venue'];
 $address = $_REQUEST['address'];
 $city = $_REQUEST['city'];
 $state = $_REQUEST['state'];
 $lat = $_REQUEST['lat'];
 $lon = $_REQUEST['lon'];
 $accurate = $_REQUEST['accurate'];
 $errorwasthrown="";


 $database = 'mapcal';

 // database server
$dbsvr = 'localhost';

// username
$dbuser = 'root';

// password
$dbpass = 'usbw'; 
function db_connect() {
 global $dbsvr,$dbuser,$dbpass,$database;
 static $dbcon;

 if ( ! $dbcon ) {

$dbcon = mysql_connect($dbsvr,$dbuser,$dbpass);

if (! mysql_select_db($database) ) {
  die("Failure connecting to database - " . mysql_error());
  }
 }
 }
 if (! $eventdate ) {
adderrmsg('eventdate','Event date cannot be blank.');
$errorwasthrown=1;
 }
else {
// else date wasn't blank, so validate it
 if (! preg_match("/^\d\d\/\d\d\/\d\d$/",$eventdate) ) {
 adderrmsg('eventdate',"Event date must be in format mm/dd/yy.");
 $errorwasthrown=1;
 }
 }

 if ($throughdate && ! preg_match("/^\d\d\/\d\d\/\d\d$/",$throughdate) ) {
 adderrmsg('throughdate',"Through date must be in format mm/dd/yy.");
 $errorwasthrown=1;
 }

 if (! $title ) {
 adderrmsg('title','Title cannot be blank.');
 $errorwasthrown=1;
 }




 if ($errorwasthrown) {
  include('dsp_editevent.php');

 }
 else {

 db_connect();

 // format the date correctly for mysql
 $dateparts = split("/",$eventdate);
 $eventdate = "$dateparts[2]/$dateparts[0]/$dateparts[1]";

  if ($throughdate) {
  $dateparts = split("/",$throughdate);
  $throughdate = "$dateparts[2]/$dateparts[0]/$dateparts[1]";
  $throughdate = "'" . mysql_real_escape_string($throughdate) . "'";
  }
 else {
$throughdate = 'NULL';
}

// format event website if necessary
 if ($website && ! preg_match("/:\/\//",$website) ) {
$website = "http://" . $website;
 }

 // update record in the database
 $query = "UPDATE events SET ";
 $query .= "eventdate = '" . mysql_real_escape_string($eventdate) . "', " .
        "throughdate = " . $throughdate . ", " .
        "title = '" . mysql_real_escape_string($title)  . "', " .
        "website = '" . mysql_real_escape_string($website)  . "', " .
        "email = '" . mysql_real_escape_string($email)  . "', " .
        "notes = '" . mysql_real_escape_string($notes)  . "', " .
        "venue = '" . mysql_real_escape_string($venue)  . "', " .
        "address = '" . mysql_real_escape_string($address)  . "', " .
        "city = '" . mysql_real_escape_string($city)  . "', " .
        "state = '" . mysql_real_escape_string($state)  . "', " .
        "lat = '" . mysql_real_escape_string($lat)  . "', " .
        "lon = '" . mysql_real_escape_string($lon)  . "', " .
        "accurate = '" . mysql_real_escape_string($accurate)  . "' " .
        "WHERE id = " . mysql_real_escape_string($id);

    if ( ! mysql_query($query) ) {
    exit("Query failed! - $query");
   }

  print "<p style='color: green'>Event <b>$title</b> was updated.</p>\n";
  include('dsp_listevents.php');

   } // close else ! errorwasthrown




   ?> 

打印查询后我可以看到它没有获取 id 的值,而是获取表单中的所有字段,但为什么?

4

1 回答 1

0

将 Id 值保留在引号中。“哪里 id = '”。mysql_real_escape_string($id)."'";

于 2012-04-13T17:03:42.440 回答