0
我在嘗試使用PHP腳本更新mySQL中的某些值時遇到了一些麻煩。當我嘗試用下面的代碼更新下列表格時(用戶「Bob」已經輸入了值來計算他們獲得的總分數和百分比,但他的test3等級必須更新爲100而不是先前的值90):
<html>
<head></head>
<body>
<form class="form" action="" method="post">
<?php
$mysqli = new mysqli('', '', '', '');
if(isset($_POST['calculate'])) {
$name = $_POST['name'];
$test1 = $_POST['test1'];
$test2 = $_POST['test2'];
$test3 = $_POST['test3'];
$obtained = ($test1 + $test2 + $test3);
$total = 300;
$percentage = round(($obtained/$total)*100);
$result = mysqli_query($mysqli, "INSERT INTO table1 (name, test1,
test2, test3, totalobtained, totalmarks, percent)
VALUES ('$name', '$test1', '$test2', '$test3',
'$obtained', '$total', '$percentage')");
}
$conn = mysqli_connect('', '', '', '');
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "UPDATE table1 SET test3='100', totalobtained='$obtained',
percent='$percentage' WHERE name='Bob'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
mysqli_close($conn);
?>
<table>
<tr>
<th>Name of Student*:</th>
<td><input type="text" name="name"></td>
</tr>
<tr>
<th>Test 1*:</th>
<td><input type="number" name="test1"></td>
</tr>
<tr>
<th>Test 2*:</th>
<td><input type="number" name="test2"></td>
</tr>
<tr>
<th>Test 3*:</th>
<td><input type="number" name="test3"></td>
</tr>
<tr>
<th>Total Marks Obtained:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$obtained";}?>
</td>
</tr>
<tr>
<th>Total Marks:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$total";}?>
</td>
</tr>
<tr>
<th>Percentage:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$percentage",
'%';}?></td>
</tr>
<tr>
<th><input type="submit" name="calculate" value="Calculate"/>
</th>
</tr>
</table>
</form>
</body>
</html>
它更新測試3與測試總成績爲100從以前的得分爲90,但是,它不拉以前的考試成績來重新計算所獲得的總計和百分比。因此,它將更新的總數和百分比更新爲0.一些幫助將被讚賞,因爲我對mySQL和PHP很新穎。謝謝!
上表:
+----+-------+-------+-------+-------+----------------+-------------+---------+
| id | name | test1 | test2 | test3 | totalobtained | totalmarks | percent |
+----+-------+-------+-------+-------+----------------+-------------+---------+
| 7 | Bob | 100 | 100 | 90 | 290 | 500 | 96 |
+----+-------+-------+-------+-------+----------------+-------------+---------+
更新表與UPDATE語句:
+----+-------+-------+-------+-------+----------------+-------------+---------+
| id | name | test1 | test2 | test3 | totalobtained | totalmarks | percent |
+----+-------+-------+-------+-------+----------------+-------------+---------+
| 7 | Bob | 100 | 100 | 100 | 0 | 500 | 0 |
+----+-------+-------+-------+-------+----------------+-------------+---------+
您的代碼易受[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻擊。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –
在GET請求的情況下,這個命令'$ sql =「更新table1 SET test3 ='100',totalobtained ='$獲得', percent ='$ percentage'WHERE name ='Bob'」;'將把totalobtained &百分比爲0.因爲它們尚未初始化。你需要什麼? –
@AgamBanga嗯。那是我堅持的地方。我如何獲得總數以及將$ test1,$ test2和$ test3更新到其計算中的百分比。我是mySQL和PHP的新手,所以我不確定我會如何做到這一點? – AmateurCoder