0

我想使用此代码更新多个数据,但问题是,当我尝试它时,它会更新具有相同类别 ID 的整个数据,并且它应该单独更新。可能是什么解决方案。请帮忙。提前致谢 :)

<?php
if (isset($_GET['pid'])){
    $view="";
    $targetID = $_GET['pid'];
    $sql = mysql_query("SELECT specs, category_id, price FROM specs WHERE category_id='$targetID'");
                                $productCount = mysql_num_rows($sql);
                                    if($productCount > 0){
                                        while($row = mysql_fetch_array($sql)){
                                        $specs = $row["specs"];
                                        $category_id = $row["category_id"]; 
                                        $price = $row["price"];
                                        $view .=  '<div class="control-group">
                            <label class="control-label" >Specs</label>
                            <div class="controls">
                            <input type="text"  placeholder="Specs" name="specs" value="'.$specs.'">
                            </div>
                            </div>
                            <div class="control-group">
                            <label class="control-label" >Price</label>
                            <div class="controls">
                            <input type="text"  placeholder="Price" name="price" value="PHP&nbsp;'.number_format($price, 2).'">
                            </div>
                            </div>';
                                }
                                }
        }
    ?>
    <?php
    if (isset($_POST['specs'])){

    $pid = mysql_real_escape_string($_POST['thisID']);
    $specs = mysql_real_escape_string($_POST['specs']);;
    $price = mysql_real_escape_string($_POST['price']);
    $sql= mysql_query("UPDATE specs SET specs='$specs', price='$price' WHERE category_id='$pid'");

    header("Location: manageproducts.php");
    exit();
    }
    ?>

继承人的html。

 <div class="container">
    <div class="page-header">
      <h1>Manage Products</h1>
    </div>
    <div class="row-fluid ">

            <div class="box span12center-align" >
                <div class="box-header well" data-original-title>
                    <center><h2><i class="icon-edit"></i> Edit Specifications </h2></center>
                </div>

                <div class="box-content" >
                    <form class="form-horizontal" action="" method='post'>

                        <fieldset>

                         <?php echo $view; ?>


                          <div class="form-actions">
                            <input name="thisID" type="hidden" value="<?php echo $targetID; ?>">
                            <button type="submit" class="btn btn-primary" name="add_product">Update Item</button>
                            <button class="btn">Cancel</button>
                          </div>
                        </fieldset>
                    </form>
                </div>
            </div><!--/span-->

        </div><!--/row--></center>
        </div>
        </div>
        </div>
4

1 回答 1

0

您需要将主键添加到要更新的行的 WHERE 子句中,现在您只需使用某个category_id.

因此,向表中添加一个主键id(如果您的表还没有主键)并将其设置为自动递增。然后修改您的选择查询:

"SELECT id, specs, category_id, price FROM specs WHERE category_id='$targetID'"

将其添加id到隐藏的输入字段。

然后你可以像这样修改更新查询:

"UPDATE specs SET specs='$specs', price='$price' WHERE category_id='$pid' AND id='$id'"

SQL 注入警报

您还应该知道,您编写的代码非常危险并且容易发生SQL 注入。永远不要直接在查询中使用 GET/POST 变量。请mysqli与准备好的语句PDO.

于 2013-08-10T08:29:32.490 回答