使用php和表单更新mysql数据

时间:2021-05-06 23:06:46

I´ve been having a weird problem trying to create a php page that uses html forms to update mysql data.

我´一直都有一种奇怪的问题试图创建一个php页面,使用html表单更新mysql数据。

The idea is to create a page that retrieves all the rows from a "news" table that I have, and inserts all the data into html forms as "default" values, so I can see what is already written before changing whatever I want in this form. Each form is generated exclusively for each row of data retrieved.

我们的想法是创建一个页面,从我拥有的“新闻”表中检索所有的行,并将所有数据作为“默认”值插入到html表单中,这样我就可以在更改表单中我想要的内容之前看到已经写了什么。每个表单仅为检索到的每一行数据生成。

For that I use the POST method and two php files, one called "updateNews.php" which retrieves data and renders forms, and another one called "newsUpdater.php" which injects the updated data.

为此,我使用POST方法和两个php文件,一个名为“updateNews”。它检索数据并呈现表单,另一个称为“newsUpdater”。用于注入更新的数据。

I have two problems here. One, the form doesn´t post the new data written in the form, but instead it posts the original data posted as "default". I guess this is a problem in my form code. I guess I´m not coding "default" values right.

我有两个问题。一个表单并´t发布新的数据写在形式,而是这帖子发布的原始数据为“默认”。我想这是我的表单代码中的一个问题。我猜我不´m编码正确的“默认”值。

The second problem is pretty strange. I retrieve rows from "news" table in reverse order, but when I "submit" the form associated with a particular row, it posts the data from the first row, not the row I´m interested in.

第二个问题相当奇怪。我从“新闻”表中检索行相反的顺序,但当我“提交”的形式与一个特定的行,这帖子第一行的数据,而不是行我´感兴趣。

This is my code in the first php file, which retrieves data and renders forms:

这是我在第一个php文件中的代码,它检索数据并呈现表单:

<html>

<head>          
    <?php
        include "connectToNews.php";
        mysqli_set_charset($conToNews,"utf8");
        $query = mysqli_query ($conToNews, "SELECT * FROM news ORDER BY id DESC");

    ?>

</head>

<body>

    <?php 

        while ($newsArray = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
            echo "<form action='newsUpdater.php' method='post' enctype='multipart/form-data'>";
            echo "<p>".$newsArray['id']."</p><br>";
            echo "<input name='Id' type='hidden' value='".$newsArray['id']."'>";
            echo "<input class='input' name='Fecha' type='text' value='".$newsArray['fecha']."'><br>";
            echo "<textarea class='textarea' name='Headline' type='text'>".$newsArray['headline']."</textarea><br>";
            echo "<textarea class='textarea' name='Story' type='text'>".$newsArray['story']."</textarea><br>";
            echo "<input type='submit' value='Actualizar'><br><br><br>";
            echo "</form>";
        }
    ?>

</body>
</html>

So, as you can see, I render a new <Form> for each existing row. I use 2 <input> tags and 2 <textarea> tags. One of the <input> tags is hidden and has he "Id" info associated with the particular row data. In anycase, I use "echo" with this Id data to verify that is retrieving ok (and it is). I use "value" attribute to set the retrieved text as default text in this <input> tags. In the <textarea> tags, I use the space between the opening tag and the closing tag to locate the "default" text.

因此,如您所见,我为每一行呈现一个新的

。我使用2个 标签和2个 标记被隐藏,并具有与特定行数据相关联的“Id”信息。无论如何,我使用这个Id数据的“echo”来验证正在检索ok(确实如此)。我使用“value”属性将在这个 标记中检索到的文本设置为默认文本。在

At this point, everything renders ok, I get as many forms as there are rows in "news" table and and when i press submit button, it takes me to the second php file.

此时,一切都呈现为ok,我在“news”表中获得了与行一样多的表单,当我按下submit按钮时,它将带我到第二个php文件。

The second php file is the "data updater". The code is the faollowing:

第二个php文件是“数据更新程序”。代码是:

<html>

<head>
    <?php 
        $Id=$_POST['Id'];
        $Fecha=$_POST['Fecha'];
        $Headline=$_POST['Headline'];
        $Story=$_POST['Story'];

        echo "<p>".$Id."</p><br>";
        echo "<p>".$Fecha."</p><br>";
        echo "<p>".$Headline."</p><br>";
        echo "<p>".$Story."</p><br>";

        include "connectToNews.php";
        mysqli_set_charset($conToNews,"utf8");
        $query=mysqli_query ($conToNews, "UPDATE news SET fecha='$Fecha' headline='$Headline' story='$Story' WHERE id='$Id'");
    ?>
</head>

<body>
    <?php 
        echo "<p>News updated</p><br>";
        echo "<p><a href='updateNews.php'>Go back to form</a></p>";
    ?>
</body>
</html>

As you can see, I´m saving the posted data "$_POST['whatever']" into 4 variables, just to have an easier time writting the future mySql query.

如你所见,我´保存发布数据“$ _POST['任何']”4个变量,为了有一个更容易书写未来mySql查询。

Then, I echo this variables to check what info is really been passed. And this is where it gets weird, because te rendered texts are the ones retrieved from to the first row in my "news" table, no matter which row am I editing in the form or what I´m writting in the form.

然后,我回显这个变量,以检查传递了什么信息。这就是它变得奇怪,因为te呈现文本的检索从我的“新闻”表中第一行,不管哪一行,我编辑的形式或我´m写作形式。

The other problem is that, regard of getting the "ok" message related to the updating process, the data never saves to "news" table. Although, I could be wrong, because I´m really injecting the original text from row 1 into row 1, no matter of which row I was really trying to edit.

另一个问题是,考虑到获取与更新过程相关的“ok”消息,数据永远不会保存到“news”表。虽然,我可能是错的,因为我真的´m注入原文从第1行第1行,不管哪一行,我真的试图编辑。

Could you read my code and tell me if you guys see any problem.

你能读一下我的代码并告诉我你们是否发现任何问题。

Thanks!!!

谢谢! ! !

1 个解决方案

#1


3  

In an UPDATE query the columns being updated must be seperated by commas, this explains why your data is not being updated.

在更新查询中,要更新的列必须用逗号分隔,这解释了为什么没有更新数据。

The reason you didnt know for sure that the query was failing, and why, is that you are not testing that the query actually worked or not.

您不确定查询是否失败的原因以及原因是您没有测试查询是否有效。

It is always a VERY good idea to test the results of all MYSQLI_ calls so I would add. This will then show you an error message that would help in bebugging

测试所有MYSQLI_调用的结果总是一个非常好的主意,因此我将添加。然后将向您显示一条错误消息,该消息将帮助您进行bebugging。

$query=mysqli_query ($conToNews, 
        "UPDATE news SET fecha='$Fecha', 
                         headline='$Headline',
                         story='$Story' 
         WHERE id='$Id'");


if ( $query === FALSE ) {
    echo mysqli_error($conToNews);
    exit;
}

You have some SQL Injection issues in this code, you should read How can I prevent SQL injection in PHP?

您在这段代码中有一些SQL注入问题,您应该了解如何在PHP中防止SQL注入?

#1


3  

In an UPDATE query the columns being updated must be seperated by commas, this explains why your data is not being updated.

在更新查询中,要更新的列必须用逗号分隔,这解释了为什么没有更新数据。

The reason you didnt know for sure that the query was failing, and why, is that you are not testing that the query actually worked or not.

您不确定查询是否失败的原因以及原因是您没有测试查询是否有效。

It is always a VERY good idea to test the results of all MYSQLI_ calls so I would add. This will then show you an error message that would help in bebugging

测试所有MYSQLI_调用的结果总是一个非常好的主意,因此我将添加。然后将向您显示一条错误消息,该消息将帮助您进行bebugging。

$query=mysqli_query ($conToNews, 
        "UPDATE news SET fecha='$Fecha', 
                         headline='$Headline',
                         story='$Story' 
         WHERE id='$Id'");


if ( $query === FALSE ) {
    echo mysqli_error($conToNews);
    exit;
}

You have some SQL Injection issues in this code, you should read How can I prevent SQL injection in PHP?

您在这段代码中有一些SQL注入问题,您应该了解如何在PHP中防止SQL注入?