-1

我几乎尝试了所有方法,但我无法让这个简单的更新查询工作。

数组显示:

Array ( [pSelect] => 102 [budget] => 44 [submit] => submit )

所以我可以得出结论,它确实获得了 ID 并从输入字段接收值budget

  <form action="test.php" method="post" action="test.php">
  <select name = 'pSelect' id = 'pSelect'>       
  <?php
 $result = mysql_query
("SELECT ID, Project, Projectnummer, Klant, Budget
  FROM tblproject
  WHERE Status = '1'
  ORDER BY Klant ASC
");
while($row1 = mysql_fetch_array($result))
{
    $pID = $row1['ID'];
    echo "<option value=\"" . $row1['ID'] . "\"";
    if (isset($_POST['pSelect']) &&  $row1['ID'] == $_POST['pSelect']) 
    { 
    echo " selected='selected'"; 
    } 
    echo ">" . $row1['Klant'] ." ". $row1['Project'] ." ". $row1['Projectnummer'] . "</option>";
        echo "<br />";
}
?>
    </select>
    <input type="text" name="budget" />

<?php

if (isset($_POST['submit']))
{
    $ID = $_POST['pSelect'];
    $budget = $_POST['budget'];
    mysql_query 
    ("  UPDATE tblproject SET Budget = '$budget',WHERE ID = '$ID'");
}
print_r($_POST);
?>
<input type="submit" name="submit" value="submit" />
</form>
4

4 回答 4

1

尝试这个

mysql_query("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."' ");
于 2013-09-24T10:12:06.930 回答
0

试试这个UPDATE查询:

mysql_query ("UPDATE tblproject SET Budget = '".$budget."' WHERE ID = '".$ID."'");
于 2013-09-24T10:28:09.917 回答
0

正如 Steven 所指出的,您在结尾处有一个错误的逗号Budget = '$budget',

请,请,请...如果您不打算使用准备好的语句/参数化查询,您至少可以对查询的所有参数使用 mysql_real_escape_string() 函数吗?例如:

$query = sprintf("
    UPDATE tblproject SET
    Budget = '%s'
    WHERE ID = '%s'",
    mysql_real_escape_string($budget),
    mysql_real_escape_string($ID));
    );
mysql_query($query);

另一种选择是有人在某些时候在您的应用程序中导致 SQL 注入问题。

于 2013-09-24T10:25:07.823 回答
0

尝试这个

UPDATE tblproject SET Budget = '".$budget."'   WHERE ID = '".$ID."'
于 2013-09-24T10:17:11.447 回答