0

这是使用此代码的页面。我有一个 php 页面,它从包含电子邮件地址的 dbms 中提取数据。这行得通。然后它会显示电子邮件地址和其他存储的 dbms 数据。然后,用户可以选择在 php 页面中设计的名为 emailselected 的字段中放置一个“X”。这也有效。我现在想根据存储的电子邮件地址使用新字段更新 dbms,但更新语句不起作用。请帮忙。代码在这里列出:

    include("db.php");
if (isset($_POST['ssubmit']))
    {
    $id_save = $test['id'];
    $emailselected_save = $_POST['emailselected'];
    $email_save = $test['email'];

    $rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
if (!$result) {
    die('What?: ' . mysql_error());
}
$num = mysql_affected_rows();
printf("Updated %d rows\n", $num);

    echo "<input type='button' value='Email(s) sent' onclick='goBack()' />";
mysql_close($conn);
    } else {echo "hello";}
?>
<form method='post'>
    <div id='headd'>
    <br />
    <input type='button' value='Close this window without Sending' onclick='goBack()' />
    <input type='submit' name='ssubmit' id='ssubmit' value='Send Email Now!!!' />
    <p>Place an "X" in the emails you wish to send!!!</p>
    </div>
        <br /><br/>

<?php
    include("db.php");  
    $result = mysql_query("SELECT * FROM emails WHERE unsubscribe  != 'x' ORDER BY lastname ASC");
            while($test = mysql_fetch_array($result))
            {
?>
    <table border='1' width='78%'>
    <tr align=\"left\">
        <td width='4%'><font color='black'><input type='text' size='1' id='emailselected' name='emailselected' /></font></td>
        <td width='15%'><font color='black'><?php echo $test['lastname']?></font></td>
        <td width='15%'><font color='black'><?php echo $test['firstname']?></font></td>
        <td width='40%'><font color='black'><?php echo $test['email']?></font></td>
        <td width='4%'><font color='black'><?php echo $test['id']?></font></td>
    </tr>
</table>
<?php
            }
?>
</form>
4

1 回答 1

0

错误是:

$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");

应该:

$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = '$id_save'");

您的代码易受 SQL 注入攻击。所以你应该过滤你的数据。但我只想切换到 PDO 并使用准备好的语句。

http://php.net/manual/en/pdo.prepare.php

于 2012-12-13T21:27:55.723 回答