-2

我遇到了变量问题。

页面加载后,我设置一个变量来存储“GET”值,如下所示:

$currentItemID = htmlspecialchars($_GET["id"]);

这都很好。

然后我将 $currentItemID 的值加载到表单中,以便用户可以更新这些值。

一切都还好。

但是一旦用户提交表单,$currentItemID 的值就会丢失。

这意味着当我尝试更新 id = $currentItemID 的数据库时,它不知道要更新什么,因为 id 已丢失。更奇怪的是 sql 实际上是使用 ID 值执行的。

代码的精简版本如下:

<?php
//set current item ID
$currentItemID = htmlspecialchars($_GET["id"]);
echo"at start = $currentItemID";

// Setup defaults.
$error  = 0; //input errors
$up_error = 0; //title and description error counter - used to only show error message once.
$clean = array();
$clean_name = "";
$clean_description = "";
$clean_price = "";
$clean_pic = "";
$clean_status = "";
$clean_quantity = "";

//if all input is valid then...
if (isset($_POST['add'])) 
{
echo"inside post = $currentItemID";
    //clear error message
    $errmsg = '';

    // validate 'name': must consist of alphanumeric characters only.
    $_POST['name'] = isset($_POST['name']) ? $_POST['name'] : '';
    if(preg_match('/^[a-z\d\w\s+,._-]{1,20}$/i',$_POST['name']))
        {$clean_name = $_POST['name'];}
    else
        {$error++;$errmsg .= 'Invalid name. ';}

    //validate 'description': must consist of alphabet characters, numbers white space character or , . _ and -
    $_POST['description'] = isset($_POST['description']) ? $_POST['description'] : '';
    //thought i'ld add another ten characters to allow a bit more text.
    if(preg_match('/^[a-z\d\w\s,.]{1,90}$/i',$_POST['description'])) 
        {$clean_description = $_POST['description'];} 
    else{$error++; $errmsg .= 'Invalid description. ';}

    // validate 'price': must be number - with or without 2 decimal places.
    $_POST['price'] = isset($_POST['price']) ? $_POST['price'] : '';
    if(preg_match('/^\d+(\.\d{2})?$/',$_POST['price']))
        {$clean_price = $_POST['price'];}
    else
        {$error++; $errmsg .= 'Invalid price. ';}

    // validate 'pic': must consist of alphanumeric characters only.
    //$_POST['pic'] = isset($_POST['pic']) ? $_POST['pic'] : '';
    //if(preg_match('/\.(jpg|gif|jpeg)$/i',$_POST['pic']))
        //{$clean_price = $_POST['pic'];}
    //else
        //{$error++; $errmsg .= 'Invalid pic. ';}

    // validate 'quantity': must consist of numbers only.
    //$_POST['pic'] = isset($_POST['pic']) ? $_POST['pic'] : '';
    //if(preg_match('/\.(jpg|gif|jpeg)$/i',$_POST['pic']))
        //{
        $clean_quantity = $_POST['quantity'];
        //}
    //else
        //{$error++; $errmsg .= 'Invalid pic. ';}

    // validate 'status': must be one of the drop down options.
    $_POST['status'] = isset($_POST['status']) ? $_POST['status'] : '';
    if($_POST['status']=='available'||$_POST['status']=='unavailable'||$_POST['status']=='ebay'||$_POST['status']=='new')
        {$clean_status = $_POST['status'];}
    else
        {$error++; $errmsg .= 'Invalid status. ';}

    // validate 'catagory': must be one of the drop down options.
    /*
    $_POST['catagory'] = isset($_POST['catagory']) ? $_POST['catagory'] : '';
    if($_POST['catagory']=='cd'||$_POST['catagory']=='tshirt')
        {$clean_status = $_POST['catagory'];}
    else
        {$error++; $errmsg .= 'Invalid catagory. ';}*/
}


if (isset($_POST['add']) && ($error==0)) 
{                   


    // open connection
    $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
    // select database
    mysql_select_db($db) or die ("Unable to select database!");
    // create query
    $query = "UPDATE paulyout_pauly.products 
            SET
            name='$clean_name', description='$clean_description', 
            price='$clean_price', status='$clean_status', quantity='$clean_quantity'
            WHERE id='$currentItemID';";    

    // execute query
    mysql_query($query) or die ("Error in query: $query.".mysql_error());
    // close connection
    mysql_close($connection);
    echo"<p>Item succesfully updated.</p><a href=\"../\">Back to Control Panel</a>.</p>";
    echo(htmlspecialchars($_GET["id"]));
    echo"what is going on";
    echo"currentItemID = $currentItemID";
    echo"$currentItemID";



}

else //output error messages 
{if ($error>0) {echo "<p><strong>There were errors in your submission:</strong> $errmsg</p>\n";}


///////////////////get existing item details:
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$query = "SELECT id, name, description, price, pic, status, quantity FROM products where id = '$currentItemID';";

// execute query
$result = mysql_query($query) or die ("Error in query!");

//return results
$counter = 0;
if(mysql_num_rows($result) > 0) {
    while(list($db_id, $db_name, $db_description, $db_price, $db_pic, $db_status, $db_quantity) = mysql_fetch_row($result)){


            //render form
?>
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="save"><fieldset>
<table id="site-form">
    <tr>
    <td class="one_of_three"><label>Item Name:&nbsp;&nbsp;</label></td>
    <td class="two_of_three"><input type="text" name="name" id="name" value="<?php echo"$db_name";?>"/></td>
    <td><label class="errors" id="nameError">&nbsp;</label></td>
    </tr>
    <tr>
    <td class="one_of_three"><label>Description:&nbsp;&nbsp;</label></td>
    <td class="two_of_three"><textarea rows="10" cols="30" name="description" id="description"><?php echo"$db_description";?></textarea></td>
    <td><label class="errors" id="descriptionError">&nbsp;</label></td>
    </tr>
    <tr>
    <td class="one_of_three"><label>Price(£):&nbsp;&nbsp;</label></td>
    <td class="two_of_three"><input type="text" name="price" id="price" value="<?php echo"$db_price";?>"/></td>
    <td><label class="errors" id="priceError">&nbsp;</label></td>
    </tr>
    <tr>
    <td class="one_of_three"><label>Quantity:&nbsp;&nbsp;</label></td>
    <td class="two_of_three"><input type="text" name="quantity" id="quantity" value="<?php echo"$db_quantity";?>"/></td>
    <td><label class="errors" id="quantityError">&nbsp;</label></td>
    </tr>
    <tr>
    <td class="one_of_three"><label>Picture:&nbsp;&nbsp;</label></td>
    <td class="two_of_three"><input type="file" name="userfile[]" id="pic"/></td>
    <td><label class="errors" id="picError">&nbsp;</label></td>
    </tr>
    <tr>
    <td class="one_of_three"><label>Status:&nbsp;&nbsp;</label></td>
    <td class="two_of_three">
        <select  name="status" id="status" value="">
        <option value="<?php echo"$db_status";?>"><?php echo(ucfirst(strtolower($db_status)));?></option>
        <option value="available">Available</option>
        <option value="new">New</option>
        </select>
    </td>
    <td><label class="errors" id="statusError">&nbsp;</label></td>
    </tr>
    <!--
    <tr>
    <td class="one_of_three"><label>Catagory:&nbsp;&nbsp;</label></td>
    <td class="two_of_three">
        <select  name="catagory" id="catagory">
        <option value="cd">CD</option>
        <option value="tshirt">T-Shirt</option>
        </select>
    </td>
    <td><label class="errors" id="statusError">&nbsp;</label></td>
    </tr>-->
    <tr>
        <td class="one_of_three">&nbsp;</td>
        <td class="two_of_three"><input name="add" id="save_button" type="submit" value="Add Item"/>&nbsp;&nbsp;<a href="../">Cancel</a>.</td>
        <td>&nbsp;</td>
    </tr>
</table>
</fieldset></form>
<?php


    }
}
else {echo "<p>Product not found.</p>";}//the item could not be found!!!





// free result set from memory
mysql_free_result($result);
// close connection
mysql_close($connection);
}
?>


<?php ob_end_flush()?>
4

1 回答 1

1

您将表格张贴到$_SERVER['PHP_SELF']。这样 GET 参数在提交时被重置。您应该发布到$_SERVER['PHP_SELF']."?id=".$currentItemID

或者

只需将操作字段留空

于 2013-02-17T16:57:39.270 回答