如何使用整个html表更新数据库(PHP,MySQL)

时间:2021-12-01 19:13:16

I have been struggling with this for several days now. I have searched on how to update tables and have managed to get as far as to update rows, but only the last one in the table. So now i am trying to get a loop that loops through all the inputs and updates the database with the inputted values. I think the code that needs to be corrected is located near the end of the code

我这几天一直在努力解决这个问题。我已经搜索了如何更新表,并设法获得更新行,但只有表中的最后一行。所以现在我想要一个循环遍历所有输入并用输入的值更新数据库。我认为需要纠正的代码位于代码末尾附近

What i want to do:

我想做的事:

  • Get/display database in html table
  • 在html表中获取/显示数据库
  • Change values of certain columns
  • 更改某些列的值
  • Update the database table using a submit button which updates every row in database
  • 使用提交按钮更新数据库表,该按钮更新数据库中的每一行

Here is a picture of what the table looks like in web view:

下面是Web视图中表格的图片:

如何使用整个html表更新数据库(PHP,MySQL)

<?php
//Connect to database
include '../db/connect.php';
?>
   <form action='test7.php' method="post">
      <table border='1'>
         <?php
            $result = $MySQLi_CON->query("SELECT * FROM users");
               echo "<tr>";
               echo "<td colspan='3'>CLASS 1</td>";
               echo "</tr>";
               //All table rows in database presented in html table
               while($row = $result->fetch_array()){
                  echo "<tr>";
                  echo "<td><input type='hidden' name='user_id[]' value='".$row['user_id']."' /></td>";
                  echo "<td>username  :<input type='text' name='username[]' value='".$row['username']."' /></td>";
                  echo "<td>email  :<input type='text' name='email[]' value='".$row['email']."' /></td>";
                  echo "<td>rank  :<input type='number' name='rank[]' value='".$row['rank']."' /></td>";
                  echo "</tr>";
               }
            echo "<input type='submit' name='update' value='UPDATE' />";
         ?>
      <table>
   </form>
<?php
   if(isset($_POST['update'])){ 
      $total = count($_POST['rank']); 
      $user_id_arr = $_POST['user_id']; 
      $rank_arr = $_POST['rank']; 
      for($i = 0; $i < $total; $i++){ 
         $user_id = $user_id_arr[$i]; 
         $rank = $rank_arr[$i]; 
         $query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'"; 
         $MySQLi_CON->query($query); 
         header('Location: test7.php');
      } 
   }
?>

When I press the UPDATE button, i get PHP Notice: Array to string conversion in....

当我按UPDATE按钮时,我得到PHP注意:数组到字符串转换....

It refers to line 30 which is this line:

它指的是第30行,这是这一行:

$query = "UPDATE user SET rank=$_POST[rank][$row] WHERE user_id=$value ";

$ query =“UPDATE用户SET rank = $ _ POST [rank] [$ row] WHERE user_id = $ value”;

EDIT: Edited the code above to the working code. Thank you @Frayne Konok for your help.

编辑:编辑上面的代码到工作代码。谢谢@Frayne Konok的帮助。

2 个解决方案

#1

0  

You did a great mistake here, Why you use the $result in foreach loop?? FRom where the $result comes?? The $result is the resource of the sql query.

你在这里犯了一个很大的错误,为什么你在foreach循环中使用$ result? FRom哪里有$结果? $ result是sql查询的资源。

Try this:

尝试这个:

if(isset($_POST['update'])){
    $total = count($_POST['rank']);
    $user_id_arr = $_POST['user_id'];
    $rank_arr = $_POST['rank'];
    for($i = 0; $i < $total; $i++){
        $user_id = $user_id_arr[$i];
        $rank = $rank_arr[$i];
        $query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";  
        $MySQLi_CON->query($query);
    }
}

Try with this and let me know if there is any problem.

试试这个,让我知道是否有任何问题。

#2

2  

You are very close.

你很近。

The issue is that in this code $_POST[rank][$row] - rank is an undefined constant. You need it to be a string, like so $_POST['rank'][$row]. Also, pull the $POST variable out of the query directly to allow typecasting - you should always be very uncomfortable when you see a query that has $_POST data directly:

问题是在这段代码中$ _POST [rank] [$ row] - rank是一个未定义的常量。你需要它是一个字符串,就像$ _POST ['rank'] [$ row]。另外,直接从查询中提取$ POST变量以允许类型转换 - 当您看到直接具有$ _POST数据的查询时,您应该总是非常不舒服:

if(isset($_POST['update'])){
    foreach ($result as $row => $value) { 
        // typecast to a number with decimals below.  If you only need integers, than use (int)
        $rank = (float)$_POST['rank'][$row];
        $query = "UPDATE user SET rank={$rank} WHERE user_id={$value}";
        $MySQLi_CON->query($query);
    }
}

However, it would be better to use mysqli prepared statements rather than insert the variables directly - as it stand, the above code is vulnerable to SQL Injection attacks.

但是,最好使用mysqli预处理语句而不是直接插入变量 - 因为它代表,上面的代码容易受到SQL注入攻击。

Your code should be modified to look something like so to prevent sql injection attacks:

您的代码应该被修改为看起来像这样以防止SQL注入攻击:

if(isset($_POST['update'])) {
    $stmt = $MySQLi_CON->prepare("UPDATE user SET rank= ? WHERE user_id= ?");
    foreach ($result as $row => $value){      
        $stmt->bind_param('di', $_POST['rank'][$row], $value); 
        $stmt->execute(); 
    }
    $stmt->close();
}

#1

0  

You did a great mistake here, Why you use the $result in foreach loop?? FRom where the $result comes?? The $result is the resource of the sql query.

你在这里犯了一个很大的错误,为什么你在foreach循环中使用$ result? FRom哪里有$结果? $ result是sql查询的资源。

Try this:

尝试这个:

if(isset($_POST['update'])){
    $total = count($_POST['rank']);
    $user_id_arr = $_POST['user_id'];
    $rank_arr = $_POST['rank'];
    for($i = 0; $i < $total; $i++){
        $user_id = $user_id_arr[$i];
        $rank = $rank_arr[$i];
        $query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";  
        $MySQLi_CON->query($query);
    }
}

Try with this and let me know if there is any problem.

试试这个,让我知道是否有任何问题。

#2

2  

You are very close.

你很近。

The issue is that in this code $_POST[rank][$row] - rank is an undefined constant. You need it to be a string, like so $_POST['rank'][$row]. Also, pull the $POST variable out of the query directly to allow typecasting - you should always be very uncomfortable when you see a query that has $_POST data directly:

问题是在这段代码中$ _POST [rank] [$ row] - rank是一个未定义的常量。你需要它是一个字符串,就像$ _POST ['rank'] [$ row]。另外,直接从查询中提取$ POST变量以允许类型转换 - 当您看到直接具有$ _POST数据的查询时,您应该总是非常不舒服:

if(isset($_POST['update'])){
    foreach ($result as $row => $value) { 
        // typecast to a number with decimals below.  If you only need integers, than use (int)
        $rank = (float)$_POST['rank'][$row];
        $query = "UPDATE user SET rank={$rank} WHERE user_id={$value}";
        $MySQLi_CON->query($query);
    }
}

However, it would be better to use mysqli prepared statements rather than insert the variables directly - as it stand, the above code is vulnerable to SQL Injection attacks.

但是,最好使用mysqli预处理语句而不是直接插入变量 - 因为它代表,上面的代码容易受到SQL注入攻击。

Your code should be modified to look something like so to prevent sql injection attacks:

您的代码应该被修改为看起来像这样以防止SQL注入攻击:

if(isset($_POST['update'])) {
    $stmt = $MySQLi_CON->prepare("UPDATE user SET rank= ? WHERE user_id= ?");
    foreach ($result as $row => $value){      
        $stmt->bind_param('di', $_POST['rank'][$row], $value); 
        $stmt->execute(); 
    }
    $stmt->close();
}
标签:

相关文章