-1

这是我在页面 purchase_form1 上的 php 代码

<?php
include_once("includes/form_functions.php");
$id = 0;
if (isset($_GET['id']) && ($_GET['id'] != ''))
{
$id = (int)htmlspecialchars($_GET['id']);
}
$query  = "SELECT * from db_purchase_form where id = $id";
$result = mysql_query($query);
$has_data = false;
while($row = mysql_fetch_row($result))
{
    $has_data = true;
    $product_name = $row[1];
    $choice_actor = $row[2];
    $user_name = $row[3];
    $user_email = $row[4];
    $vdo_script = $row[5];
    $hrt_msg = $row[6];
    $portApproval = $row[7];
    $delivery = $row[8];
    $net_price = $row[9];
}
if(isset($_POST['submit']))
{
    if ($has_data == true)
    {
        $sql  = "UPDATE db_purchase_form SET ";
        $sql .= "db_product_name = '" . $product_name . "', ";
        $sql .= "db_actor = '" . $choice_actor . "', ";
        $sql .= "db_user_name = '" . $user_name . "', ";
        $sql .= "db_user_email = '" . $user_email . "', ";
        $sql .= "db_vdo_script = '" . $vdo_script . "', ";
        $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
        $sql .= "db_port_approval = '" . $portApproval . "', ";
        $sql .= "db_delivery = '" . $delivery . "', ";
        $sql .= "db_price = '" . $net_price . "', ";
        $sql .= "db_date_time = NOW() ";
        $sql .= "WHERE id = '{$id}'";
    }
    else
    { // validation for form purchaseform and insert into DB if all is good.

            if(empty($message)) // $,message i used for errors. This line means if all validations above are okay
        {
            $insert = // INSERT INTO MYSQL DB
            $result = mysql_query($insert);
            if($result)
            {
                $lastInsertedId =  mysql_insert_id();
                $timestamp = time();
                      header('Location:purchase_form1_conf.php?'.http_build_query(array('id' => $lastInsertedId,'time' => $timestamp,'hash' => sha1('some-generated-key'.$timestamp.$lastInsertedId))));
            }
            else
            {
                $message = "The data cannot be inserted.";
                $message .= "<br />" . mysql_error();
            }
                    }

页面下方是表单的 HTML 代码

             <?php  //here i display errors
                        if(!empty($message))
                        {
                            echo "<p style='color:red; font-weight:bold;'>" . $message . "</p>";
                        }
             ?>
                    <form id="PurchaseForm" name="PurchaseForm" method="post" action="purchase_form1.php?id=<?php echo $id;?>"> //this is starting of form.
                   // actual html form, set for fields using php, the form is very long 
                   <input type="submit" name="submit" value="Buy Now" class="button3">
                </form>

现在我将数据发送到 purchase_form1_conf.php。purchase_form1_conf.php 是显示页面,它显示表单数据,如果用户单击编辑按钮,他将返回 purchase_form1.php。

purchase_form1_conf.php 的 PHP 代码

<?php require_once("includes/connection.php"); ?>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : null;
$time = $_GET['time'];
if($_GET['hash'] != sha1('some-generated-key'.$time.$id))
die('URL was tampered with');
//if(time() - $time > 300)
//die('URL was only valid for 5 minutes');

//}
//if (isset($_GET['id']))
//{
//$lastInsertedId = $_GET['id'];
//}
//$id = $_SESSION['last_id'];
//$query  = "SELECT * FROM db_purchase_form WHERE id=$lastInsertedId";
//$result = mysql_query($query);
//while($row = mysql_fetch_row($result))

if ($id)
{
    $query  = "SELECT * FROM db_purchase_form WHERE id=$id";
    $result = mysql_query($query);
    while($row = mysql_fetch_row($result))
    {
        $product_name = $row[1];
        $choice_actor = $row[2];
        $user_name = $row[3];
        $user_email = $row[4];
        $vdo_script = $row[5];
        $hrt_msg = $row[6];
        $portApproval = $row[7];
        $delivery = $row[8];
        $net_price = $row[9];
    }
}
?>

// 现在在这里我将我从 DB 中获取的值显示为 $row[1], 2 等等,这个页面上有两个按钮,一个是编辑按钮,另一个是贝宝,但它不是表格,它是只是一个显示从 DB 中提取的值的 DIV,

编辑按钮的代码是

<a href="purchase_form1.php?id=<?php echo $id; ?>" class="button4">Edit</a>

它需要用户购买_form1.php。

现在问题是什么?

当用户在 purchase_form1.php 页面上时,他会看到一个新的表单。这次的url是, http://site.com/purchase_form1.php

他填写来自,点击提交,如果错误,他会显示错误消息,他删除错误并再次点击提交,然后他被带到下一个页面,即purchase_form1_conf.php。

下一页的网址是

http://site.com/purchase_form1_conf.php?id=54&time=1376047215&hash=cbaaabbcf8b20de044b9dd105cae60d1f1ab5b92

一切似乎都很好。

现在,当他看到表单并且想要更改值时,他点击编辑,然后他被带到表单页面的较早页面,并且 url 是 http://site.com/purchase_form1.php?id=54

在两个页面中查看 id =54。到这里为止,一切似乎都很完美。

现在实际问题是,当他在此页面 purchase_form1.php 上编辑表单并单击提交时,URL 既没有更改,也没有更新 DB,没有任何反应。

相反会发生什么?数据库将被更新,用户将再次被带到下一页,新数据。但事实并非如此。

4

2 回答 2

2

我看不到您在哪里执行更新声明。

    $sql  = "UPDATE db_purchase_form SET ";
    $sql .= "db_product_name = '" . $product_name . "', ";
    $sql .= "db_actor = '" . $choice_actor . "', ";
    $sql .= "db_user_name = '" . $user_name . "', ";
    $sql .= "db_user_email = '" . $user_email . "', ";
    $sql .= "db_vdo_script = '" . $vdo_script . "', ";
    $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
    $sql .= "db_port_approval = '" . $portApproval . "', ";
    $sql .= "db_delivery = '" . $delivery . "', ";
    $sql .= "db_price = '" . $net_price . "', ";
    $sql .= "db_date_time = NOW() ";
    $sql .= "WHERE id = '{$id}'";
    **mysqli_query($conexionObj, $sql);**
于 2013-08-09T11:49:38.037 回答
0

在update语句的where子句中改进以下代码

     $sql  = "UPDATE db_purchase_form SET ";
    $sql .= "db_product_name = '" . $product_name . "', ";
    $sql .= "db_actor = '" . $choice_actor . "', ";
    $sql .= "db_user_name = '" . $user_name . "', ";
    $sql .= "db_user_email = '" . $user_email . "', ";
    $sql .= "db_vdo_script = '" . $vdo_script . "', ";
    $sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
    $sql .= "db_port_approval = '" . $portApproval . "', ";
    $sql .= "db_delivery = '" . $delivery . "', ";
    $sql .= "db_price = '" . $net_price . "', ";
    $sql .= "db_date_time = NOW() ";
    $sql .= "WHERE id = $id ";
于 2013-08-09T11:39:06.897 回答