0

我正在尝试制作一个使用下拉菜单、单选按钮、文本字段、文本区域和隐藏值(时间)的表单,然后从该表单中获取该信息并更新 SQL 数据库。

我的表单在下面,它全部正确加载,但我在更新值并试图弄清楚如何使单选按钮和下拉菜单工作时遇到问题,因为我无法制作值 php 代码并且需要传递值。我在网上找到的一切都是如何在用户输入内容的地方输入文本字段。

当我选择更新时,它只是提交数据但没有任何变化。在我的 update.php 上,最后有一个 sanitize 函数,但不确定如何传递变量。我是创建一个名为 $var 的数组并将所有变量输入其中还是一次传递每个变量?

我一直在网上搜索 HOW TO,目前正在阅读两本书,但它们没有详细说明,因此感谢您的帮助。

控制.php

 <?php
 session_start();
 if( !isset($_SESSION['myusername']) ){ header("Location: login.php"); }
 ?> 

 <?php 
 require("../../system/templates/includes/constants.php");
 $connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
 if(!$connection) { die("Database connection failed: " .mysql_error()); }
 $db_select = mysql_select_db(DB_NAME,$connection);
 if(!$db_select) { die("Database selection failed: " . mysql_error()); }
 ?>

<form method="post" action="update.php">
<select name="name" required="true" value="<?php echo $row['name']; ?>">
<?php                         
$query="SELECT id, name FROM modules";
$result=mysql_query($query);
while ($row=mysql_fetch_array($result)) {
echo "<option value=\"" . $row['id'] . "\">" . $row['name'] . "</option>";
}
?>
</select>
<br />
Select Status:
Red    <input type="radio" value="red" name="status" />
Yellow    <input type="radio" value="yellow" name="status" />
Green    <input type="radio" checked="checked" value="green" name="status" />
<br />
Reason:
<br />
<select name="reason" required="true">
<option value="0" selected="selected" value="">Select Reason</option>
<option value="ONLINE">Online</option>
<option value="MAINTENANCE">Maintenance</option>
<option value="ERROR">Error</option>
<option value="OFFLINE">Offline</option>
<option value="">No Reason</option>
</select>
<br />
ETA:
<br />
<input type="text" name="eta" value="<?php echo $row['eta']; ?>" maxlength="8" />
<br />
Description:
<br />
<textarea rows="5" cols="30" name="explanation" wrap="hard" required="true" maxlength="320" value="<?php echo $row['description']; ?>" /></textarea>
<br />
<div align="right">
<input name="update" type="submit" value="Update"/>
<input type="hidden" name="last_updated" value="<?php $mysqldate = date ('H:i');  $phpdate = strtotime ( $mysqldate );?> />
 </form>

更新.php

<?php
print_r(_POST);
if(isset($POST['update']))
{
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if(! $connection) 
{
die('Could not connect: ' .mysql_error());
}
$name = $POST['name'];
$status = $POST['status'];
$reason = $POST['reason'];
$eta = $POST['eta'];
$description = $POST['description'];
$last_updated = $POST['last_updated'];
$updated_by = $POST['updated_by'];
$sql = "UPDATE module SET status = $status , reason = $reason , eta = $eta , description = $description , last_updated = $last_updated , updated_by = $updated_by WHERE name = $name";
mysql_select_db('status');
$retval = mysql_query ( $sql, $connection);
if (!retval)
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully";
mysql_close($connection);
} else {
// not sure what to do here
}
function sanitizeString($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = satnizeString($var);
return $var;
}
header("Location: control.php");
?>

一如既往,我非常感谢任何人可以提供的任何帮助。我仍处于学习这一点的早期阶段,这个网站和社区对我的帮助比迄今为止我读过的任何书籍/教程都多。

4

1 回答 1

0

您的 SQL 语句需要为每个参数加上引号。

$sql = "UPDATE module SET status = '$status' , reason = '$reason' , eta = '$eta' , description = '$description' , last_updated = '$last_updated' , updated_by = '$updated_by' WHERE name = '$name' ";

至于sanitizeString()函数,它一次只接受一个字符串。也许像下面这样的东西可能是简单而干净的:

$params = array($name, $status, $reason); // put all your params in here
foreach ($params as &$p) { // the '&' before $p is essential, so do not forget it
    $p = sanitizeString($p);
}

希望能帮助到你。

于 2013-10-17T16:41:07.053 回答