0

我正在构建一个列表,用户可以在其中更新或删除现有联系人。我创建了 index.php,它成功地将联系人发送到数据库。list.php 在表格中显示从 index.php 输入的联系人列表。现在,用户应该删除或编辑每个联系人。

不幸的是,我的 edit_user.php 在我点击编辑后返回一个错误:你的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 '' 附近使用正确的语法。 此外,当我在 list.php 中点击 Edit 时,我希望 edit_user.php 显示带有预填联系人的编辑表单信息。

我是 Web 开发的新手。抱歉,代码太多了。请帮我发现我的错误。这是config.php

<?php

$dbhost = 'mysql51-031.wc2.dfw1.stabletransit.com';
$dbuser = '549359_sargis';
$dbpass = '********';
$dbname = '549359_sargis';
$table  = 'Contacts';

$connection = mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
$select_db = mysql_select_db($dbname,$connection) or die(mysql_error());


?>

这是我的 list.php

<?php
include("config.php");
?>

<html>
<head>
    <title>Contact List</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
                <a href="index.php">Create New Contact</a><hr/>

</head>
<body>
    <?php

    $result = mysql_query("SELECT * FROM Contacts", $connection);
    $num_rows = mysql_num_rows($result);

    if($num_rows > 0)
    {

        echo "<center><h1>Contact List: (Updated)</h1><table border = '1'>";
            echo "<thead>";
                echo "<tr>";
                    echo "<th> Firstname </th>";
                    echo "<th> Lastname </th>";
                    echo "<th> Email </th>";
                    echo "<th> Phone </th>";
                    echo "<th> Date </th>";
                    echo "<th> Action </th>";
                echo "</th>";
            echo "</thead>";

            echo "<tbody>";

            $query = mysql_query("SELECT * FROM Contacts");
            while($record = mysql_fetch_array($query))
            {
                echo "<tr>";
                echo "<td>" . $record['firstname'] . "</td>";
                echo "<td>" . $record['lastname'] . "</td>";
                echo "<td>" . $record['email'] . "</td>";
                echo "<td>" . $record['phone_number'] . "</td>";
                echo "<td>" . $record['timesstamp'] . "</td>";
                echo "<td align='center'>"; ?>
                <a href="edit_user.php"><input type="hidden" name="id" value="<?php echo $id; ?>" />Edit</a>
                <?php echo "| <a href='list.php?action=delete&id=$id'>Delete</a></td>";
                echo "</tr>";
            }

            echo "</table>";
            echo "</center>";
    }
    else
        echo "<center><h4>No contacts found.</h4></center>";

    ?>

</body>
</html>

这是edit_user.php

<?php
include("config.php");
?>

<html>
<head>
    <title>Edit User</title>
            <link rel="stylesheet" type="text/css" href="style.css" />

</head>


<?php

if(isset($_POST['submit']))
//if (isset($_POST))
{
        $id = intval($_POST['id']);
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $email = $_POST['email'];
        $phonenumber = $_POST['phonenumber'];

            $sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);
            //$sql = "UPDATE Contacts SET firstname='$firstname', lastname='$lastname', email='$email', phone_number='$phonenumber', timesstamp =NOW() WHERE id=$id";
            //print_r($_POST).'<br />';echo $sql;exit;
            $result = mysql_query($sql);

            if($result) 
            {
                header("Location: list.php");
            } 
            else 
            {
                echo "There was a problem with the query: ".mysql_error().".";
            }
}


?>
<body>
            <form action="edit_user.php?id=<?php echo $id;?>" method="POST">
                <div>
                    First name: <input type ='text' id='firstname' name='firstname' value="<?php echo $firstname; ?>"/><br />
                    Last name: <input type = 'text' id='lastname' name='lastname'value="<?php echo $lastname; ?>"/><br />
                    Email: <input type = 'text' id='email' name='email' value="<?php echo $email; ?>"/><br />
                    Phone Number: <input type = 'text' id='phone_number' name='phonenumber' value="<?php echo $phonenumber; ?>"/><br />
                    <input type = 'submit' name = 'submit' value='Update' />
                </div>
            </form>
</body>
</html>
4

2 回答 2

0

通常,此错误是由于 SQL 语句中未对无效字符进行转义造成的。

但是有一些东西我会建议改变。

首先移动

$id = $_POST['id'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$phonenumber = $_POST['phonenumber'];

到之后

if(isset($_POST['submit'])) {

另外,只是为了好玩,改变:

$id = $_POST['id'];

到:

$id = intval($_POST['id']);

然后在您的 SQL 语句中,将其更改为:

$sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);
于 2013-09-02T23:23:02.280 回答
0

看来您有一个链接编辑:

<a href="edit_user.php?id=<? echo $record['id']; ?>" > Edit </a>

在这种情况下,id 是一个 get 参数而不是一个 POST 参数....

所以在edit_user.php中,应该是:

$id = $_GET['id'];
于 2013-09-02T23:27:10.453 回答