1

如何以我在其上插入数据的相同 php 表单从数据库中获取信息,包括存储的信息,以便更新数据库中的数据:

我使用了这个更新语句,但它有一个错误:

$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation]  , Report_ID=$_GET[Report_ID]   
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID, RootCause_ID=$RootCause_ID , RiskRating_ID=$RiskRating_ID , Impact_ID=$Impact_ID ,Efforts_ID= $Efforts_ID, Likelihood_ID= $Likelihood_ID, Finding=$Finding,Implication=$Implication , Recommendation =$Recommendation  , Report_ID=$Report_ID";

这是我将插入和更新数据的表单代码:

<?php
$con = mysql_connect("localhost","root","mevooo");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
?>

<form method="post"  action="test.php">
<fieldset>
<legend>Insert New Data </legend>
<p> Service Name : 
<select name="Services">
<option value="">  </option>

<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM servicetype_lookup  ");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['ServiceType_ID'];
    $value = $row['ServiceType_Name'];
    echo "<option value='$id'>$value</option>";
}
?>
</select>

</p>

Ref : <input type="text" name="ref" /><br />
Title : <input type="text" name="title" /><br />
Risk Rating : 
<select name="RiskRating">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM riskrating_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['RiskRating_ID'];
    $value = $row['RiskRating_Name'];
    echo "<option value='$id'>$value</option>";
}
?>


</select><br />
Root Cause : 
<select name="RootCause">
<option value=""> -Select- </option>

<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM rootcause_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['RiskCause_ID'];
    $value = $row['RiskCause_Title'];
    echo "<option value='$id'>$value</option>";
}
?>

</select><br />
Impact :
<select name="impact">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM impact_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Impact_ID'];
    $value = $row['Impact_Name'];
    echo "<option value='$id'>$value</option>";
}
?>

</select><br />
Likelihood :
<select name="likelihood">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM likelihood_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Likelihood_ID'];
    $value = $row['Likelihood_Name'];
    echo "<option value='$id'>$value</option>";
}
?>


</select><br/>
Efforts : 
<select name="Efforts">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM efforts_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Efforts_ID'];
    $value = $row['Efforts_Name'];
    echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Finding : <br/>
<TEXTAREA NAME="Finding" COLS=100 ROWS=10> 
</TEXTAREA>
<br/>
Implication: <br/>
<TEXTAREA NAME="Implication" COLS=100 ROWS=10> 
</TEXTAREA>
<br/>
Recommendation : <br/>
<TEXTAREA NAME="Recommendation" COLS=100 ROWS=10> 

</TEXTAREA>
<br/><input type="submit" value=" Save " onclick="window.location.href='Database.php'" />
</fieldset>
</form>
<?php
mysql_select_db("ers_1", $con);

$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation]  , Report_ID=$_GET[Report_ID]   
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND RootCause_ID=$RootCause_ID AND RiskRating_ID=$RiskRating_ID AND Impact_ID=$Impact_ID AND Efforts_ID= $Efforts_ID AND Likelihood_ID= $Likelihood_ID AND Finding=$Finding AND Implication=$Implication AND Recommendation =$Recommendation AND Report_ID=$Report_ID";

 mysql_real_escape_string($insert); 
            mysql_real_escape_string($Finding_ID);

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record updated .";

mysql_close($con);
?> 
<input type="button" value="HOME" onclick="location='Database.php'

">

这是错误:

Notice: Undefined index: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: ServiceType_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RootCause_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RiskRating_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Impact_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Efforts_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined variable: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 126
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' ServiceType_ID=, RootCause_ID= , RiskRating_ID= , Impact_ID= ,Efforts_ID= , Lik' at line 2
4

2 回答 2

1

WHERE 的条件应使用 AND、OR 而不是逗号。

WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID,....

应该

WHERE Finding_ID=$Finding_ID AND  ServiceType_ID=$ServiceType_ID AND ...
于 2012-08-14T09:11:35.670 回答
0

您的查询基本上是每个人的数据库的欢迎之门。

第一:永远不要get在查询中使用直接参数。首先与他们合作。

第二:''即使是数字也要加。为您提供额外的安全保障。

第三:WHERE 参数用ANDor分隔OR

<?php

// Convert your ID's to INT ( or other specific type you use )
$_Finding_ID = (int)$_GET['Finding_ID'];
$_ServiceType_ID = (int)$_GET['ServiceType_ID'];
$_RootCause_ID = (int)$_GET['RootCause_ID'];
$_RiskRating_ID = (int)$_GET['RiskRating_ID'];
$_Impact_ID = (int)$_GET['Impact_ID'];
$_Efforts_ID = (int)$_GET['Efforts_ID'];
$_Likelihood_ID = (int)$_GET['Likelihood_ID'];
$_Finding = (int)$_GET['Finding'];
$_Implication = (int)$_GET['Implication'];
$_Recommendation = (int)$_GET['Recommendation'];
$_Report_ID = (int)$_GET['Report_ID'];

$sql = "UPDATE
            findings
        SET
            Finding_ID = '".$_Finding_ID."',
            ServiceType_ID = '".$_ServiceType_ID."',
            RootCause_ID = '".$_RootCause_ID."',
            RiskRating_ID = '".$_RiskRating_ID."',
            Impact_ID = '".$_Impact_ID."',
            Efforts_ID = '".$_Efforts_ID."',
            Likelihood_ID = '".$_Likelihood_ID."',
            Finding = '".$_Finding."',
            Implication = '".$_Implication."',
            Recommendation = '".$_Recommendation."',
            Report_ID = '".$_Report_ID."'
        WHERE
            Finding_ID = '".$Finding_ID."'
            AND ServiceType_ID ='". $ServiceType_ID."'
            AND RootCause_ID = '".$RootCause_ID."'
            AND RiskRating_ID = '".$RiskRating_ID."'
            AND Impact_ID = '".$Impact_ID."'
            AND Efforts_ID = '".$Efforts_ID."'
            AND Likelihood_ID = '".$Likelihood_ID."'
            AND Finding = '".$Finding."'
            AND Implication = '".$Implication."'
            AND Recommendation = '".$Recommendation."'
            AND Report_ID = '".$Report_ID."'";
?>

当然,您还可以采取更多预防措施,但这应该在一开始就做得最好。

PS:长查询这样划分更容易管理和阅读;并尽量保持你的代码干净漂亮。没有人喜欢使用乱码。

于 2012-08-14T09:27:44.503 回答