-1

如果单击添加链接,则必须在表格中输入数据,并且单击编辑链接时必须更新现有数据。

$_POST 在任一条件下接收数据。但是根据天气,它应该执行编辑(更新)或添加(插入)我的查询。

我很困惑我应该怎么做。

这是代码的一部分。(目前 EDIT 也运行插入查询,因为它总是在 else 部分)

if ($count==0)
    {
        if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

            //if($addval == 1)
            {
             mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');    
                     $addval=1;
            }
        else
           //if ($addval == 1)
             {
             mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
             }
             header('Location:'.$page);
             }

       }

完整的代码是

<!DOCTYPE html>
<html>
    <head>
        <title>List of users</title>
    </head>
<body>
    <?php
        $page='index.php';  
        $addval=6;

        mysql_connect("localhost","root","") or die (mysql_error());
        mysql_select_db("list") or die (mysql_error());

        if (empty($_POST) === false)
        {
            $count=0;
            $fname= $_POST['fname'];
            $lname= $_POST['lname'];
            $srno=  $_POST['SRNO'];
            $address=$_POST['address'];
            $comments=$_POST['comments'];
            $email=$_POST['email'];
            $phone=$_POST['phone'];

                if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
                {
                    echo '<h3>All fields are mandatory</h3>';

                }
                else
                {
                        if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
                        {
                            echo '<h3>This is not a valid e-mail address.</h3><br />';
                            $count=$count+1;
                        }
                        if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
                        {
                            echo '<h3>Name should contain character only!</h3><br />';
                            $count=$count+1;
                        }
                        if( !is_numeric($phone) ) 
                        {
                                echo '<h3>Please enter a valid phone number</h3><br />';
                                $count=$count+1;
                        }
                        if ($count==0)
                        {
                            if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

                            //if($addval == 1)
                            {
                                mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');   
                                $addval=1;
                            }
                            else
                            //if ($addval == 1)
                            {
                                mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
                            }
                            header('Location:'.$page);
                        }

                }
        }

        if(isset($_GET['delete']))
        {

            mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
            header('Location:'.$page);
        }

        if(isset($_GET['edit']))
        {
            $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));

            echo '<table border=0>';
            while ($get_row=mysql_fetch_assoc($getedit))
                {
                    echo '<form method="POST" action="">';

                    echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
                    echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
                    echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
                    echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
                    echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
                    echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
                    echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
                    echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                    echo '</form>';                                 
                }
            echo '</table>';

        }

        if(isset($_GET['add']))
        {
            echo '<table border=0>';

                    echo '<form method="POST" action="">';

                    echo '<tr><td>Sr.No:</td><td><input type="text"  name="SRNO" readonly="readonly"></td></tr>';
                    echo '<tr><td>First Name:</td><td><input type="text"  name="fname"></td></tr>';
                    echo '<tr><td>Last Name:</td><td><input type="text"  name="lname"></td></tr>';
                    echo '<tr><td>Phone No:</td><td><input type="text"  name="phone"></td></tr>';
                    echo '<tr><td>E-mail address:</td><td><input type="text"  name="email"</td></tr>';
                    echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
                    echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
                    echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                    echo '</form>';                                 

            echo '</table>';


        }

        echo '<a href=index.php?add=add>Add new entry...</a>';

        $get=mysql_query('SELECT  SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');

        if (mysql_num_rows($get)==0)
        {
            echo 'There are no entries';
        }
            else
        {
            echo '<table border=0 cellspacing=25 cellpadding=1>';
            echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';      
            while($get_row=mysql_fetch_assoc($get))
                {
                    echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';

                }
            echo '</table>';
        }       
    ?>

</body> 
</html>
4

2 回答 2

1 
if (mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

是检查数据库值的错误方法。
请阅读mysql_query()的手册条目以查看实际返回此函数的内容

更不用说您的代码对 SQL 注入开放

此外,您必须打开错误报告,以便通知变量名称中的所有拼写错误:

error_reporting(E_ALL);

在所有脚本的顶部

于 2013-03-12T11:34:33.137 回答
-1

我试图修改代码...希望这有帮助..请尝试

 <!DOCTYPE html>
<html>

<head>
    <title>List of users</title>
  </head>
<body>

   <?php
       $page='index.php';  
       $addval=6;

    mysql_connect("localhost","root","welcome") or die (mysql_error());
    //mysql_select_db("list") or die (mysql_error());

    if (empty($_POST) === false)
    {
        $count=0;
        $fname= $_POST['fname'];
        $lname= $_POST['lname'];
        $srno=  $_POST['SRNO'];
        $address=$_POST['address'];
        $comments=$_POST['comments'];
        $email=$_POST['email'];
        $phone=$_POST['phone'];

            if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
            {
                echo '<h3>All fields are mandatory</h3>';

            }
            else
            {
                    if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
                    {
                        echo '<h3>This is not a valid e-mail address.</h3><br />';
                        $count=$count+1;
                    }
                    if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
                    {
                        echo '<h3>Name should contain character only!</h3><br />';
                        $count=$count+1;
                    }
                    if( !is_numeric($phone) ) 
                    {
                            echo '<h3>Please enter a valid phone number</h3><br />';
                            $count=$count+1;
                    }
                    if ($count==0)
                    {
                        if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
                      // condition for update
                        if(isset($_GET['edit']))
                        {
                            mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');   
                            $addval=1;
                        }
             //condition for add  
                        else if(isset($_GET['add']))
                        {
                            mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
                        }
                        header('Location:'.$page);
                    }

            }
    }

    if(isset($_GET['delete']))
    {

        mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
        header('Location:'.$page);
    }

    if(isset($_GET['edit']))
    {
        $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));

        echo '<table border=0>';
        while ($get_row=mysql_fetch_assoc($getedit))
            {
                echo '<form method="POST" action="">';

                echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
                echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
                echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
                echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
                echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
                echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
                echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
                echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                echo '</form>';                                 
            }
        echo '</table>';

    }

    if(isset($_GET['add']))
    {
        echo '<table border=0>';

                echo '<form method="POST" action="">';

                echo '<tr><td>Sr.No:</td><td><input type="text"  name="SRNO" readonly="readonly"></td></tr>';
                echo '<tr><td>First Name:</td><td><input type="text"  name="fname"></td></tr>';
                echo '<tr><td>Last Name:</td><td><input type="text"  name="lname"></td></tr>';
                echo '<tr><td>Phone No:</td><td><input type="text"  name="phone"></td></tr>';
                echo '<tr><td>E-mail address:</td><td><input type="text"  name="email"</td></tr>';
                echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
                echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
                echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                echo '</form>';                                 

        echo '</table>';


    }

    echo '<a href=index.php?add=add>Add new entry...</a>';

    $get=mysql_query('SELECT  SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');

    if (mysql_num_rows($get)==0)
    {
        echo 'There are no entries';
    }
        else
    {
        echo '<table border=0 cellspacing=25 cellpadding=1>';
        echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';      
        while($get_row=mysql_fetch_assoc($get))
            {
                echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';

            }
        echo '</table>';
    }       
?>

于 2013-03-12T11:40:22.970 回答