0

我如下编辑了我的代码,但问题是每次我单击编辑链接时,都会显示所有产品,而不是仅显示我单击编辑链接旁边的产品。

注意:很抱歉发布与我的另一个有关的另一个问题。我无法添加更多评论。

<?php
include_once("db_connect.php");

if(isset($_POST['update']))
{
$prod_id = $_POST['prod_id'];

$prod_name=$_POST['prod_name'];
$prod_brand=$_POST['prod_brand'];
$prod_price=$_POST['prod_price'];   

// checking empty field
if(empty($prod_price))
{
    //if name field is empty
    if(empty($prod_price))
    {
        echo "<font color='red'>Price field is empty.</font><br/>";
    }

}   
else
{   
    //updating the table
    //$result=mysql_query("UPDATE tblretprod SET prod_price='$prod_price' WHERE prod_id=$prod_id");
    $result=mysql_query("UPDATE tblretprod SET prod_price='".$prod_price."' WHERE prod_id='".$prod_id."';");

    //redirectig to the display page. In our case, it is index.php
    header("Location: update.php");
}
}
?>
<?php

$prod_id = $_GET['prod_id'];

$result=mysql_query("SELECT a.prod_name, a.prod_brand, b.prod_price FROM tblproduct a, tblretprod b where a.prod_id = b.prod_id") or die(mysql_error());

?>
<html>
<title>Edit Product</title>
<body>
<a href="#">Home</a>
<br/><br/>
<form name="edit" method="post" action="updprod.php">
<table border="0">
<?php
while($res=mysql_fetch_array($result))
{
$prod_name = $res['prod_name'];
$prod_brand = $res['prod_brand'];
$prod_price = $res['prod_price'];

?>
<tr> 
<td>Product Name</td>
<td>
    <input type="text" disabled="disabled" name="prod_name" value = "<?php echo $prod_name;?>">   </td>
</tr>
<tr> 
<td>Brand</td>
<td>
    <input type="text" disabled="disabled" name="prod_brand" value = "<?php echo $prod_brand;?>">           </td>
</tr>
<tr> 
<td>Product Price</td>
<td>
    <input type="text" name="prod_price" value = "<?php echo $prod_price;?>">
    <input type="hidden" name="prod_id" value = "<?php echo $_GET['prod_id'];?>">
</td>
</tr>
<?php } ?> 
<tr>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table> 
</form>

</body>
</html>
4

1 回答 1

3

WHERE在子句中添加您的选择查询:

AND a.prod_id = ".$prod_id."

询问:

"SELECT 
    a.prod_name, 
    a.prod_brand, 
    b.prod_price 
FROM 
    tblproduct a, tblretprod b 
where 
    a.prod_id = b.prod_id
    AND a.prod_id = ".intval($prod_id).""

为了使查询对 SQL 注入更安全,我已经添加了intval类似Kickstart的功能,很好地指出了这一点。

于 2013-07-05T09:08:25.283 回答