0

我有一个 MYSQL 表,每行都有编辑链接和删除按钮。编辑链接转到具有表单的 edit_movie.php。我的问题是表单没有显示任何要更新/编辑的数据。如何从单击的行中获取 id 或编写什么函数来获取它。表格是空白的,没有填写任何字段。

有人可以帮忙吗,我会很高兴的!这个问题已经坐了 3 天了,只是无法让它工作。我是PHP初学者...

我知道我正在使用过时的 mysql 函数,我需要查看 SQL 注入,一旦我得到它,我就会这样做。

表信息:

表1名称:电影
字段:id(主键,AI),title,release_year,genre_id,director

表2名称:类别
字段:genre_id(主键,AI),genre

他们在genre_id 之间有外来关系。

这是 index.php 文件中的代码

    <?php

require('movie.inc.php');

if ( isset($_GET['delete']) && isset($_GET['id']) ){
   if ( delete_movie_by_id($_GET['id']) ){ //it's 100% safe
       die('Movie has been removed. Refresh the page now'); // or the like
   } else {
      echo 'Sorry movie could not be deleted'; // could not - handle here
   }
}
    include 'add_movie.php';
?>
<!DOCTYPE html>
<html>
<head>

<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />

</head>
<body>

<table>
 <tr>
  <th>Title</th>
  <th>Release year</th>
  <th>Genre</th><th>Director</th>
  <th>Update</th>
  <th>Delete</th>
 </tr>

  <?php  foreach (get_all_movies() as $index => $row) : ?>
   <tr>
     <td><?php echo $row['title'];?></td>
     <td><?php echo $row['release_year']; ?></td>
     <td><?php echo $row['genre'];?></td>
     <td><?php echo $row['director'];?></td>
     <td><a href='<?php printf('edit_movie.php?edit=%s', $row['id']);?>'>Edit</a></td>
     <td>
      <form action="index.php" method="GET">
              <input type="hidden" name="delete" value="yes" />
              <input type="hidden" name="id" value="<?php echo $row['id'];?>" /> 
              <input type="submit" value="Delete" />
      </form>
      </td>
    </tr>
    <?php endforeach; ?>
    </table>

</body>
</html>

这是 edit_movie.php 代码:

 <?php

    require 'connect.inc.php';
    require_once('movie.inc.php');

    ?>

    <!DOCTYPE html>

    <html>

    <head>

    <title>My movie library</title>
    <meta charset="utf-8" />
    <link rel="stylesheet" href="mall.css" />

    </head>

    <body>

    <h1>Edit movie</h1>
    <div id="form_column">
    <form action="edit_movie.php" method="post">
    <input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
    Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
    Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
    Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
    Select genre:
    <br>
    <br> <input type="radio" name="genre_id" value="1" checked />Action<br>
    <br> <input type="radio" name="genre_id" value="2" />Comedy<br>
    <br> <input type="radio" name="genre_id" value="3" />Drama<br>
    <br> <input type="radio" name="genre_id" value="4" />Horror<br>
    <br> <input type="radio" name="genre_id" value="5" />Romance<br>
    <br> <input type="radio" name="genre_id" value="6" />Thriller<br><br>
    <input type="submit" value="Update movie" />
    </form>
    </div>



    </body>

    </html>

这是movie.inc.php文件

<?php

require_once('connect.inc.php');


function get_all_movies(){

   $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";

   $result = mysql_query($query);

   if ( ! $result ){ 
     return false;
   } else {
     $return = array();

     while ($row = mysql_fetch_assoc($result)){

        $return[] = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
     }
       return $return;
   }
}


function delete_movie_by_id($id){
   return mysql_unbuffered_query(sprintf("DELETE FROM `movies` WHERE id='%s' LIMIT 1", mysql_real_escape_string($id)));
}

if ( isset($_POST['delete'], $_POST['id']) ){

   delete_movie_by_id($_POST['id']); 
}


?>
4

1 回答 1

1

edit_movie.php它看起来你实际上并没有让电影通过查看表单。你需要这样的东西movie.inc.php

function get_movie_to_edit($id) {

     $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id WHERE id = $id";

     $result = mysql_query($query);

     if ( ! $result ){ 
         return false;
     } else {

         while ($row = mysql_fetch_assoc($result)){

                $return = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
         }
             return $return;
     }
}

然后在 edit_movie.php 中你需要调用这个函数。就像是...

if(isset($_GET['edit'])) {
    $movie = get_movie_to_edit($_GET['edit']);
}

当然,正如您所提到的,您需要清理大量代码以防止注入并检查例如您到达edit_movie.php并且 ID ro 编辑不存在的情况,但这是基本要点。

然后,您还可以编辑表单中的值edit_movie.php以反映新数组,例如:

<form action="edit_movie.php" method="post">
<input type="hidden" name="id" value="<?php echo $movie['id']; ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php echo $movie['title']; ?>" /> <br>
.... the rest of your form inputs
</form>

Updated For the genre radio buttons...

<input type="radio" name="genre_id" value="1"<?php if($movie['genre'] == 1) { echo ' checked'; } ?> />Action<br>
<input type="radio" name="genre_id" value="2"<?php if($movie['genre'] == 2) { echo ' checked'; } ?> />Comedy<br>
.... and so on
于 2013-03-10T01:18:04.870 回答