我是新手,我想更新數據庫,當我提交表單更新記錄,我得到這個錯誤錯誤當更新MySQL數據庫和PHP
Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0
這是代碼
<?php
require_once '../includes/configuration.php';
if (!isset($_POST['enter']))
{
$employee_id_passport = $_GET['idno'];
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query, $connection);
$row = mysql_fetch_assoc($result);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
</body>
<html>
<?php
}
else
{
$_POST['employee_id_passport'] = $employee_id_passport;
$_POST['first_name'] = $first_name;
$_POST['surname'] = $surname;
$_POST['mobile_number'] = $mobile_number;
$sql_query_update = "UPDATE employee_master SET first_name = '$first_name', SET surname = '$surname', SET mobile_number = '$mobile_number', WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query_update, $connection);
}
?>
'UPDATE'語法錯了,請參照http://dev.mysql.com/doc/refman/5.1/en/update.html – Pav 2011-05-31 07:07:54
好。 ..你沒有索引'idno'..檢查'isset($ _ GET ['idno'])' – 2011-05-31 07:08:22
SQL注入!如果沒有正確引用SQL字符串,請不要將變量放入!假設有人用'idno ='調用了你的頁面; DELETE FROM employee_master; - '。你認爲會發生什麼?請始終使用預先準備的語句(請參閱[此處](http://php.net/manual/en/pdo.prepared-statements.php))或使用[mysql_real_escape_string](http://de.php.net/manual/) EN/function.mysql實時的轉義string.php)。 – 2011-05-31 07:20:31