0

我一直在尝试更新包含复选框的表单,这比我预期的要难一些。

现在我认为我做的一切都是正确的,它只是没有更新。我现在不知道为什么。

这是带有表单的页面:

<?php 

include "style.css";
include "connect.php";
include "header.php";


//This code runs if the form has been submitted

$id = htmlspecialchars($_GET["id"]);
$query  = "SELECT * FROM draaiboek_users WHERE id = '$id'";
$result = mysql_query($query);
$data=mysql_fetch_array($result);

?>


<table>
<p align="right"><button onclick="history.go(-1);">Terug</button></p>
</table>

<form action="users-update.php" method="post">
<input type="hidden" name=ud_id" value="<? echo $id; ?>">

<table border="0">
<br>
<tr><td>Gebruikersnaam:</td><td>

<input type="text" name="ud_username" maxlength="60" value="<? echo ($data['username']); ?>">

</td></tr>

<tr><td>Module Basisgegevens:</td><td>

<input type="checkbox" name="ud_mod_basisgegevens" value="1"<?php if($data['mod_basisgegevens'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Personeel:</td><td>

<input type="checkbox" name="ud_mod_personeel" value="1"<?php if($data['mod_personeel'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Vrijwilligers:</td><td>

<input type="checkbox" name="ud_mod_vrijwilligers" value="1"<?php if($data['mod_vrijwilligers'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Gasten:</td><td>

<input type="checkbox" name="ud_mod_gasten" value="1"<?php if($data['mod_gasten'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Artistiek:</td><td>

<input type="checkbox" name="ud_mod_artistiek" value="1"<?php if($data['mod_artistiek'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Publiekswerking:</td><td>

<input type="checkbox" name="ud_mod_publiekswerking" value="1"<?php if($data['mod_publiekswerking'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Techniek:</td><td>

<input type="checkbox" name="ud_mod_techniek" value="1"<?php if($data['mod_techniek'] == '1') echo 'checked'; ?>>

</td></tr>

<tr><td>Module Financien:</td><td>

<input type="checkbox" name="ud_mod_financien" value="1"<?php if($data['mod_financien'] == '1') echo 'checked'; ?>>

</td></tr>
<tr><th colspan=2><br><input type="submit" name="submit" 
value="Update"></th></tr> </table>

</form>

这是更新页面:

<html>
<head>
<?php

include 'style.css';
include 'connect.php';
include 'security.php';
include 'header.php';

?>
</head>


<body>

<table>

<?php 
  $ud_id = $_POST['ud_id'];
  $ud_username = $_POST['ud_username'];
  $ud_mod_basisgegevens = ($_POST['ud_mod_basisgegevens'] == '1') ? "1" : "0";
  $ud_mod_personeel = ($_POST['ud_mod_personeel'] == '1') ? "1" : "0";
  $ud_mod_vrijwilligers = ($_POST['ud_mod_vrijwilligers'] == '1') ? "1" : "0";
  $ud_mod_gasten = ($_POST['ud_mod_gasten'] == '1') ? "1" : "0";
  $ud_mod_artistiek = ($_POST['ud_mod_artistiek'] == '1') ? "1" : "0";
  $ud_mod_publiekswerking = ($_POST['ud_mod_publiekswerking'] == '1') ? "1" : "0";
  $ud_mod_techniek = ($_POST['ud_mod_techniek'] == '1') ? "1" : "0";
  $ud_mod_financien = ($_POST['ud_mod_financien'] == '1') ? "1" : "0";


  $query = "UPDATE draaiboek_users SET username = '$ud_username' mod_basisgegevens = '$ud_mod_basisgegevens' mod_personeel = '$ud_mod_personeel' mod_vrijwilligers = '$ud_mod_vrijwilligers' mod_gasten = '$ud_mod_gasten' mod_artistiek = '$ud_mod_artistiek' mod_publiekswerking = '$ud_mod_publiekswerking' mod_techniek = '$ud_mod_techniek' mod_financien = '$ud_mod_financien' WHERE id = '$ud_id'";

  mysql_query($query);
  echo "Record updated";
  mysql_close();
?>

</table>
</body>
</html>

任何想法这是怎么来的?

谢谢,
大安

4

3 回答 3

0

您的表单中缺少某些内容

您还没有为 ud_id 添加双引号

<input type="hidden" name=ud_id" value="<? echo $id; ?>">

您尚未为输入添加 id 并设置值 id 您必须在更新之前获取行的 id 实现为

<input type="hidden" name="ud_id" value="<?php echo $data['id'];?>" id="<?php echo $data['id'];?>">

所以只有当 id 通过 POST 正确传递时,才会对属于该行 id 的特定列进行更新

于 2013-12-16T11:45:22.713 回答
0

Daan,您在 SQL 查询中使用了不正确的语法 - 您忘记了逗号,您还必须正确使用引号并mysql_real_escape_string至少添加,以使您的代码免受SQL 注入的影响。

您的代码的正确示例应该是:

$query = "
UPDATE 
    draaiboek_users 
SET 
    username = '".mysql_real_escape_string($ud_username)."',
    mod_basisgegevens = '".mysql_real_escape_string($ud_mod_basisgegevens)."',
    mod_personeel = '".mysql_real_escape_string($ud_mod_personeel)."',
    mod_vrijwilligers = '".mysql_real_escape_string($ud_mod_vrijwilligers)."',
    mod_gasten = '".mysql_real_escape_string($ud_mod_gasten)."',
    mod_artistiek = '".mysql_real_escape_string($ud_mod_artistiek)."',
    mod_publiekswerking = '".mysql_real_escape_string($ud_mod_publiekswerking)."',
    mod_techniek = '".mysql_real_escape_string($ud_mod_techniek)."',
    mod_financien = '".mysql_real_escape_string($ud_mod_financien)."' 
WHERE 
    id = '".mysql_real_escape_string($ud_id)."'";

mysql_query($query);
echo "Record updated";
mysql_close();

您的代码易受 SQL 注入攻击。我强烈建议您在将数据插入数据库时​​使用mysql_real_escape_string以防止SQL 注入,作为一种快速解决方案或更好地使用PDOMySQLi

mysql_*函数的 PHP 手册章节的介绍中指出,不建议使用此扩展来编写新代码。相反,您应该使用MySQLi或应该使用PDO_MySQL扩展。

除了在您的 HTML 中,您必须在 之前使用一个空格checked="checked",例如:

<input type="checkbox" name="ud_mod_techniek" value="1"<?php if($data['mod_techniek'] == '1') echo ' checked="checked"'; ?>>

否则,在输出中,属性valuechecked可能会一起打印出来,结果您的 HTML 将变为非W3C 有效返回No space between attributes错误。

于 2012-09-08T13:54:50.467 回答
0

列/值分配之间没有逗号

$query = "UPDATE draaiboek_users SET username = '$ud_username', mod_basisgegevens = '$ud_mod_basisgegevens', mod_personeel = '$ud_mod_personeel', mod_vrijwilligers = '$ud_mod_vrijwilligers', mod_gasten = '$ud_mod_gasten', mod_artistiek = '$ud_mod_artistiek', mod_publiekswerking = '$ud_mod_publiekswerking', mod_techniek = '$ud_mod_techniek', mod_financien = '$ud_mod_financien' WHERE id = '$ud_id'";

参考:更新语法

or die执行查询时考虑添加

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
于 2012-09-08T13:49:56.443 回答