0

Ok i have this code.

<? //process.php, this will be use in updating, adding, deleting items and content
$a = $_POST['hid'];
$b = $_POST['doctitle'];
$c = $_POST['doccontent'];

if (isset($_POST['hid']) && ($_POST['doctitle']) && ($_POST['doccontent']))
{

$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("juliver", $con);

mysql_query("UPDATE doc SET title='$b', content='$c' WHERE id='$a'");

echo "<h2>Successfully updated.</h2>";

mysql_close($con);

}
else
{
echo "not been set, failed to process. please try again.";
}
?>

I want to update the specified row on the table doc, it should update the title in this $b and the content in this $C via id $a. but nothing happen, is there wrong in my code?, nxt is I want to know if the record has been update. thanks in advance.

4

2 回答 2

1

  1. Ifid是一个整数列,您不应该'在它的值周围使用:

    WHERE id=$a

  2. 您可以使用以下函数检查受影响的行mysql_affected_rows()数:

    $rowsAffected = mysql_affected_rows($con);

  3. 您还应该检查查询字符串并尝试在 MySQL 上手动执行它(在 PhpMyAdmin 或类似的东西上),以检查它是否正常工作。

  4. 您的代码没有反 SqlInjection 部分。您应该使用PDO或任何类型的转义函数以使其更安全。

于 2012-04-29T14:53:30.400 回答
-1

您确定 if 语句正在触发(即 $_POST['hid'] 和其他帖子变量集)吗?另外,为什么你在'hid'而不是其他 2 个变量上运行 isset()?

哦,如上所述,您应该始终清理您的变量以防止 MySQL 注入。你总是可以使用mysql_real_escape_string

于 2012-04-29T15:03:56.453 回答