php - MYSQL 无法更新

Question

请帮助...这是我第一次尝试 php... 我尝试回显 $id、$firstname 等，它确实回显了正确的结果，但无法更新数据库。我不知道怎么了...

这是“profile.php”

<?
include("common.php");
include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top">
<? $link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
$email = $_SESSION['email'];
$sql = "SELECT * FROM fmcmember where email='$email'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result); ?>
   <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <form name="form4" method="post" action="update.php">
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td width="200" class="title">My Profile</td>
        <td width="300" class="title">
        </td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="id" type="hidden" value="<? echo $row[0] ?>" size="30"/></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="email">Email</td>
        <td class="email"><? echo $row[6] ?></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="content">Firstname</td>
        <td><input name="firstname" type="text" class="inputfield" value="<? echo $row[1] ?>" size="30" maxlength="40" /></td>
        <? if($row[3] == "M") { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/male.png" width="200" height="200" /></td>
        <? } else { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/female.jpg" width="200" height="200" /></td>
        <? } ?>

      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Lastname</td>
        <td><input name="lastname" type="text" class="inputfield" value="<? echo $row[2] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Gender</td>
        <td class="content">
          <input name="gender" type="radio"  value="M" <? if($row[3] == "M") { echo "checked"; }?> />Male
          <input name="gender" type="radio"  value="F" <? if($row[3] == "F") { echo "checked"; }?> />Female</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Date of birth</td>
        <td><input name="dob" type="text" class="inputfield" value="<? echo $row[4] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Address</td>
        <td><input name="address" type="text" class="inputfield" value="<? echo $row[5] ?>" size="30" maxlength="200" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Tel</td>
        <td><input name="tel" type="text" class="inputfield" value="<? echo $row[7] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Fax</td>
        <td><input name="fax" type="text" class="inputfield" value="<? echo $row[8] ?>" size="30" maxlength="40" /></td>
      </tr>
      <tr>
        <td class="content">&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="Update" type="submit" value="Update" />
          <input name="Reset" type="button" value="Reset" onclick="javascript:document.location.href='profile.php?action=reset'"/></td>
        <td>&nbsp;</td>
      </tr>
      </form>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>

更新.php

<?
include("common.php");

//得到register.php 表單的數據
$id = $_POST["id"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$gender = $_POST["gender"];
$dob = $_POST["dob"];
$address = $_POST["address"];
$tel = $_POST["tel"];
$fax = $_POST["fax"];

$link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
mysql_query($sql, $link);
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top"><table width="100%" align="left" valign="top" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="300"><table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td class="title">&nbsp;</td>
          </tr>
          <tr>
            <td class="title">My Profile</td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td class="content">Your profile has been updated. Please return back to <a href="profile.php">my profile</a> page.</td>
          </tr>
        </table></td>
      </tr>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>

score 1 · Accepted Answer

您不能对查询前未定义的变量进行查询：

$sql = "update fmcmember set firstname='" . mysql_real_escape_string($firstname) . "', lastname='" . mysql_real_escape_string($lastname) . "', gender='" . mysql_real_escape_string($gender) . "', dob='" . mysql_real_escape_string($dob) . "', address='" . mysql_real_escape_string($address) . "', tel='" . mysql_real_escape_string($tel) . "', fax='" . mysql_real_escape_string($fax) . "' where id='" . mysql_real_escape_string($id) . "'";
mysql_query($sql, $link);

而且您的 SQL 查询不安全：什么是 SQL 注入？

我编辑了你的 SQL 查询，现在是安全的。

score 0 · Accepted Answer

您需要在进行查询之前定义 SQL 查询。在您的 update.php 中使用此行顺序

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
mysql_query($sql, $link);

score 0 · Accepted Answer

在你的mysql_query($sql, $link);上面写这个查询

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

score 0 · Accepted Answer

0

在 profile.php 中

$result=mysql_query($sql,$link);

于 2013-08-25T11:22:11.280 回答

php - MYSQL 无法更新

4 回答 4

Related

Reference