0

这是我用来尝试更新记录的代码。我没有看到任何问题,但它不会引发错误并表示它已成功运行。我已经尝试了其他几种相同的方法,它只是不更新​​ MSSQL 表中的行。数据库/表在我运行 Windows 10 和 IIS 的机器上是本地的(我知道!!)。

<?php

/**
 * Use an HTML form to edit an entry in the
 * users table.
 *
 */

 require "C:\inetpub\wwwroot\Remediation\config.php";
 require "C:\inetpub\wwwroot\Remediation\common.php";

 if (isset($_POST['submit'])) {
   if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();

   try {
     $connection = new PDO($dsn, $username, $password);

     $user =[
       "id"        => $_POST['id'],
       "firstname" => $_POST['firstname'],
       "lastname"  => $_POST['lastname'],
       "email"     => $_POST['email'],
       "age"       => $_POST['age'],
       "location"  => $_POST['location'],
       "date"      => $_POST['date']
     ];

     $sql = "UPDATE users
             SET id = :id,
               firstname = :firstname,
               lastname = :lastname,
               email = :email,
               age = :age,
               location = :location,
               date = :date
             WHERE id = :id";

   $statement = $connection->prepare($sql);
   $statement->execute($user);
   } catch(PDOException $error) {
       echo $sql . "<br>" . $error->getMessage();
   }
 }

 if (isset($_GET['id'])) {
   try {
     $connection = new PDO($dsn, $username, $password);
     $id = $_GET['id'];
     $sql = "SELECT * FROM users WHERE id = :id";
     $statement = $connection->prepare($sql);
     $statement->bindValue(':id', $id);
     $statement->execute();

     $user = $statement->fetch(PDO::FETCH_ASSOC);
   } catch(PDOException $error) {
       echo $sql . "<br>" . $error->getMessage();
   }
 } else {
     echo "Something went wrong!";
     exit;
 }
 ?>    

 <?php if (isset($_POST['submit']) && $statement) : ?>
    <blockquote><?php echo escape($_POST['firstname']); ?> successfully 
 updated.</blockquote>
 <?php endif; ?>

 <h2>Edit a user</h2>

 <form method="post">
     <input name="csrf" type="hidden" value="<?php echo 
   escape($_SESSION['csrf']); ?>">
     <?php foreach ($user as $key => $value) : ?>
       <label for="<?php echo $key; ?>"><?php echo ucfirst($key); ?></label>
        <input type="text" name="<?php echo $key; ?>" id="<?php echo $key; ?>" value="<?php echo escape($value); ?>" <?php echo ($key === 'id' ? 'readonly' : null); ?>>
     <?php endforeach; ?>
     <input type="submit" name="submit" value="Submit">
 </form>

我到底哪里错了。我可以很好地连接、删除和创建。我需要调整 $USER 或查询吗?

4

3 回答 3

0

您是否直接在 MSSQL 管理工作室中尝试过该查询?

在那之后,您会看到它工作正常,尝试“回显”您的 POST 变量以查看您是否正确获取它们。

于 2019-04-23T18:16:02.030 回答
0

我犯了一个新手错误,我试图在 MSSQL 中更新一个 ID 和时间戳列,这是不允许的。我将我的代码更改为这个并且它工作正常:

   $user =[
     "id"        => $_POST['id'],
     "firstname" => $_POST['firstname'],
     "lastname"  => $_POST['lastname'],
     "email"     => $_POST['email'],
     "age"       => $_POST['age'],
     "location"  => $_POST['location'],
           ];

   $sql = "UPDATE users
           SET firstname = :firstname,
             lastname = :lastname,
             email = :email,
             age = :age,
            location = :location
           WHERE id = :id";
于 2019-04-23T18:26:34.077 回答
-1

我没有看到任何INSERT。相反,您使用 onlyUPDATE这意味着仅修改现有记录。这是你想要的吗?

 $sql = "UPDATE users
         SET id = :id,
           firstname = :firstname,
           lastname = :lastname,
           email = :email,
           age = :age,
           location = :location,
           date = :date
         WHERE id = :id";

在这里,您选择一个(所有)记录id = :id,并在此处SET id = :id设置id为已设置的值。不会破坏某些东西,但它暗示您的逻辑中的某些东西是错误的。

顺便说一句,您允许每个客户更改记录。不是 SQL 注入,但很可能非常糟糕。

于 2019-04-23T18:18:39.147 回答