I have been struggling with this for several days now. I have searched on how to update tables and have managed to get as far as to update rows, but only the last one in the table. So now i am trying to get a loop that loops through all the inputs and updates the database with the inputted values. I think the code that needs to be corrected is located near the end of the code
我这几天一直在努力解决这个问题。我已经搜索了如何更新表,并设法获得更新行,但只有表中的最后一行。所以现在我想要一个循环遍历所有输入并用输入的值更新数据库。我认为需要纠正的代码位于代码末尾附近
What i want to do:
我想做的事:
- Get/display database in html table
- 在html表中获取/显示数据库
- Change values of certain columns
- 更改某些列的值
- Update the database table using a submit button which updates every row in database
- 使用提交按钮更新数据库表,该按钮更新数据库中的每一行
Here is a picture of what the table looks like in web view:
下面是Web视图中表格的图片:
<?php
//Connect to database
include '../db/connect.php';
?>
<form action='test7.php' method="post">
<table border='1'>
<?php
$result = $MySQLi_CON->query("SELECT * FROM users");
echo "<tr>";
echo "<td colspan='3'>CLASS 1</td>";
echo "</tr>";
//All table rows in database presented in html table
while($row = $result->fetch_array()){
echo "<tr>";
echo "<td><input type='hidden' name='user_id[]' value='".$row['user_id']."' /></td>";
echo "<td>username :<input type='text' name='username[]' value='".$row['username']."' /></td>";
echo "<td>email :<input type='text' name='email[]' value='".$row['email']."' /></td>";
echo "<td>rank :<input type='number' name='rank[]' value='".$row['rank']."' /></td>";
echo "</tr>";
}
echo "<input type='submit' name='update' value='UPDATE' />";
?>
<table>
</form>
<?php
if(isset($_POST['update'])){
$total = count($_POST['rank']);
$user_id_arr = $_POST['user_id'];
$rank_arr = $_POST['rank'];
for($i = 0; $i < $total; $i++){
$user_id = $user_id_arr[$i];
$rank = $rank_arr[$i];
$query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";
$MySQLi_CON->query($query);
header('Location: test7.php');
}
}
?>
When I press the UPDATE button, i get PHP Notice: Array to string conversion in...
.
当我按UPDATE按钮时,我得到PHP注意:数组到字符串转换....
It refers to line 30 which is this line:
它指的是第30行,这是这一行:
$query = "UPDATE user SET rank=$_POST[rank][$row] WHERE user_id=$value ";
$ query =“UPDATE用户SET rank = $ _ POST [rank] [$ row] WHERE user_id = $ value”;
EDIT: Edited the code above to the working code. Thank you @Frayne Konok for your help.
编辑:编辑上面的代码到工作代码。谢谢@Frayne Konok的帮助。
2 个解决方案
#1
0
You did a great mistake here, Why you use the
$result
in foreach loop?? FRom where the$result
comes?? The$result
is the resource of thesql
query.你在这里犯了一个很大的错误,为什么你在foreach循环中使用$ result? FRom哪里有$结果? $ result是sql查询的资源。
Try this:
尝试这个:
if(isset($_POST['update'])){
$total = count($_POST['rank']);
$user_id_arr = $_POST['user_id'];
$rank_arr = $_POST['rank'];
for($i = 0; $i < $total; $i++){
$user_id = $user_id_arr[$i];
$rank = $rank_arr[$i];
$query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";
$MySQLi_CON->query($query);
}
}
Try with this and let me know if there is any problem.
试试这个,让我知道是否有任何问题。
#2
2
You are very close.
你很近。
The issue is that in this code $_POST[rank][$row]
- rank is an undefined constant. You need it to be a string, like so $_POST['rank'][$row]
. Also, pull the $POST
variable out of the query directly to allow typecasting - you should always be very uncomfortable when you see a query that has $_POST
data directly:
问题是在这段代码中$ _POST [rank] [$ row] - rank是一个未定义的常量。你需要它是一个字符串,就像$ _POST ['rank'] [$ row]。另外,直接从查询中提取$ POST变量以允许类型转换 - 当您看到直接具有$ _POST数据的查询时,您应该总是非常不舒服:
if(isset($_POST['update'])){
foreach ($result as $row => $value) {
// typecast to a number with decimals below. If you only need integers, than use (int)
$rank = (float)$_POST['rank'][$row];
$query = "UPDATE user SET rank={$rank} WHERE user_id={$value}";
$MySQLi_CON->query($query);
}
}
However, it would be better to use mysqli prepared statements rather than insert the variables directly - as it stand, the above code is vulnerable to SQL Injection attacks.
但是,最好使用mysqli预处理语句而不是直接插入变量 - 因为它代表,上面的代码容易受到SQL注入攻击。
Your code should be modified to look something like so to prevent sql injection attacks:
您的代码应该被修改为看起来像这样以防止SQL注入攻击:
if(isset($_POST['update'])) {
$stmt = $MySQLi_CON->prepare("UPDATE user SET rank= ? WHERE user_id= ?");
foreach ($result as $row => $value){
$stmt->bind_param('di', $_POST['rank'][$row], $value);
$stmt->execute();
}
$stmt->close();
}
#1
0
You did a great mistake here, Why you use the
$result
in foreach loop?? FRom where the$result
comes?? The$result
is the resource of thesql
query.你在这里犯了一个很大的错误,为什么你在foreach循环中使用$ result? FRom哪里有$结果? $ result是sql查询的资源。
Try this:
尝试这个:
if(isset($_POST['update'])){
$total = count($_POST['rank']);
$user_id_arr = $_POST['user_id'];
$rank_arr = $_POST['rank'];
for($i = 0; $i < $total; $i++){
$user_id = $user_id_arr[$i];
$rank = $rank_arr[$i];
$query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";
$MySQLi_CON->query($query);
}
}
Try with this and let me know if there is any problem.
试试这个,让我知道是否有任何问题。
#2
2
You are very close.
你很近。
The issue is that in this code $_POST[rank][$row]
- rank is an undefined constant. You need it to be a string, like so $_POST['rank'][$row]
. Also, pull the $POST
variable out of the query directly to allow typecasting - you should always be very uncomfortable when you see a query that has $_POST
data directly:
问题是在这段代码中$ _POST [rank] [$ row] - rank是一个未定义的常量。你需要它是一个字符串,就像$ _POST ['rank'] [$ row]。另外,直接从查询中提取$ POST变量以允许类型转换 - 当您看到直接具有$ _POST数据的查询时,您应该总是非常不舒服:
if(isset($_POST['update'])){
foreach ($result as $row => $value) {
// typecast to a number with decimals below. If you only need integers, than use (int)
$rank = (float)$_POST['rank'][$row];
$query = "UPDATE user SET rank={$rank} WHERE user_id={$value}";
$MySQLi_CON->query($query);
}
}
However, it would be better to use mysqli prepared statements rather than insert the variables directly - as it stand, the above code is vulnerable to SQL Injection attacks.
但是,最好使用mysqli预处理语句而不是直接插入变量 - 因为它代表,上面的代码容易受到SQL注入攻击。
Your code should be modified to look something like so to prevent sql injection attacks:
您的代码应该被修改为看起来像这样以防止SQL注入攻击:
if(isset($_POST['update'])) {
$stmt = $MySQLi_CON->prepare("UPDATE user SET rank= ? WHERE user_id= ?");
foreach ($result as $row => $value){
$stmt->bind_param('di', $_POST['rank'][$row], $value);
$stmt->execute();
}
$stmt->close();
}