I have a simple, unsecured, local database that I'm learning with (yes still using MySQL for now) I can view my database rows in a table and click on an edit button which then displays the single record chosen with each column inside a text box to update and save. Here is my edit page.
我有一个简单的,不安全的本地数据库,我正在学习(是的,现在仍在使用MySQL)我可以在一个表中查看我的数据库行,然后单击一个编辑按钮,然后显示每个列中选择的单个记录。文本框更新和保存。这是我的编辑页面。
<?php
$id = $_GET['id'];
$connect = mysql_connect("localhost", "XXXXXX", "XXXXXXX") or
die ("Check your connection.");
mysql_select_db("toner");
$quey1="select * from inventory where id ='".$id."'";
$result=mysql_query($quey1) or die(mysql_error());
?>
<html>
<form action="updateinfo.php" method="post">
<table>
<?php
while ($row=mysql_fetch_array($result))
{
?>
<tr>
<td align="right">Partnumber:</td>
<td align="left"><input type="text" name="partnumber" value="<?php echo $row['partnumber'];?>"/></td>
</tr>
<tr>
<td align="right">Description:</td>
<td align="left"><input type="text" name="description" value="<?php echo $row['description'];?>"/></td>
</tr>
<tr>
<td align="right">Vendor:</td>
<td align="left"><input type="text" name="vendor" value="<?php echo $row['vendor'];?>"/></td>
</tr>
<tr>
<td align="right">Price:</td>
<td align="left"><input type="text" name="price" value="<?php echo $row['price'];?>"/></td>
</tr>
<tr>
<td align="right">Quantity:</td>
<td align="left"><input type="text" name="quantity" value="<?php echo $row['quantity'];?>"/></td>
</tr>
</table>
<br>
<input type="hidden" name="id" value="<?php echo $row['id'];?>"/>
<input type="submit" value="Edit/Update Toner">
<?php
}
?>
</form>
</html>
Here is my UPDATED updateinfo
这是我的UPDATED updateinfo
<?php
mysql_connect("localhost","XXXXX","XXXXX") or die("Error: ".mysql_error());
mysql_select_db("toner");
$id =$_POST['id'];
$partnumber = $_POST['partnumber'];
$description = $_POST['description'];
$vendor = $_POST['vendor'];
$price = $_POST['price'];
$quantity = $_POST['quantity'];
$sql = "UPDATE inventory SET partnumber ='".$partnumber."',description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE id ='".$id."'";
mysql_query($sql) or die ("Error: ".mysql_error());
echo "Updated successfully";
header( "refresh:10;url=toner.php" );
?>
After adding a primary key I'm able to update the DB however $id = $_POST['id']; still gives an error, any assistance is appreciated. Thanks. Yes I'm aware its vulnerable to injection and that I should be using PDO or MySQLi but I'm still a beginner and this is where I've chosen to start learning. Thank you.
添加主键后,我可以更新数据库但是$ id = $ _POST ['id'];仍然给出错误,任何帮助表示赞赏。谢谢。是的我知道它易受注射,我应该使用PDO或MySQLi,但我还是初学者,这是我选择开始学习的地方。谢谢。
1 个解决方案
#1
0
the problem is because of partnumber,here you are again reseting the partnumber but the new one is not present in your database and because of that query does not update the new values.
问题是因为partnumber,在这里你再次重置partnumber但新数据库不存在于你的数据库中,因为该查询不更新新值。
$sql = "UPDATE inventory SET description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE partnumber = '".$partnumber."'";
Solution
Don't again set the partnumber use it only in where clause.
不要再次设置partnumber只在where子句中使用它。
#1
0
the problem is because of partnumber,here you are again reseting the partnumber but the new one is not present in your database and because of that query does not update the new values.
问题是因为partnumber,在这里你再次重置partnumber但新数据库不存在于你的数据库中,因为该查询不更新新值。
$sql = "UPDATE inventory SET description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE partnumber = '".$partnumber."'";
Solution
Don't again set the partnumber use it only in where clause.
不要再次设置partnumber只在where子句中使用它。