0 
        <form method="post" action="">
        &nbsp;  &nbsp;<input id="bfolder" name="movefolder" type="submit" value="Move to folder:"><br><br>
        </form>

      $userfile = $user_data['username'];


      $sql2 = mysql_query("SELECT `id`, `username`, LEFT(`title`, 15) as `title`, LEFT(`description`, 40) as `description`, `folder_name`, `file`, `code`, `type`, `size`, `date` FROM `files` WHERE `username` = '$userfile' AND `folder_name` = '' ORDER BY id DESC $limit"); 


        while ($query_row = mysql_fetch_array($sql2)) {
            $fileuser = $query_row['username'];
            $filetitle = $query_row['title'];
            $filecode = $query_row['code'];
            $filedesc = $query_row['description'];
            $filefile = $query_row['file'];
            $filesize = $query_row['size'];
            $filedate = $query_row['date'];
            $filetype = $query_row['type'];

        if (in_array($filetype, $allowed_image) === true) {
        if (empty($filetype) === false) {
            if (strlen($filetitle) < 15) {
                    echo "<div id='imageshowsearch'><span id='linkstylerename'><a href='http://localhost/edu/1111111111111/filerename.php?rename=". $filecode . "'>Edit</a></span><span id='deletefile'><a href='http://localhost/edu/1111111111111/delete_image.php?deletefile=". $filecode . "'>X</a></span><div id='linkstyle'><strong><a href='http://localhost/edu/1111111111111/userdownload.php?code=". $filecode . " '><img src='files/thumbs/" . $filecode . "/" . $filefile . "' alt=" . $filetitle . ">" . $filetitle . "</strong></div></a>";
                    ?>
        <select name="folder_option" class="select_folder">
        <option>Choose a folder:</option>
    <?php  
    $mysql_folder = mysql_query("SELECT `folder_name`, `code` FROM `files` WHERE `username` = '$userfile' AND `folder_name` > '' GROUP BY `folder_name` ORDER BY `folder_name` ASC"); 

    while ($query_row = mysql_fetch_array($mysql_folder)) {
            $filefolder = $query_row['folder_name'];
            $filecode = $query_row['code'];
            echo '<option value="' . $filecode . '">' . $filefolder . '</option>';
            }

            if (isset($_POST['movefolder'])) {
                foreach ($query_row as $key) {
                mysql_query("UPDATE `files` SET `folder_name` = " . $_POST['folder_name'] . " WHERE `username` = '$userfile' AND `code` = '$filecode'");

               //these query not update selected 'folder_name' in database for each file 
                }
            }


    ?>
        </select>

在一页中,我有 10 张带有名称的图片,并在 while 循环中从 mysql 数据库中选择了“folder_name”选项。我必须使用选定的选项“文件夹名称”更新 mysql 数据库。这些图片没有文件夹名称,但必须有这些选项来选择文件夹和更新数据库中的数据。

4

1 回答 1

1

如果要引用,则需要更改<select name="folder_option" class="select_folder">为.<select name="folder_name" class="select_folder">$_POST['folder_name']

更重要的是,您的 SQL 容易受到 XSS 攻击。$_POST在引用 SQL 中的任何值之前,您绝对需要清除您的值。这些mysql_*功能都已被弃用。我建议您立即使用PDO

于 2013-02-18T18:50:41.123 回答