1. 首頁
  2. 問答
  3. 更新PHP中的SQL數據

更新PHP中的SQL數據

2015-04-02 41 views
-1

好吧,我已經更新了我的代碼,沒有得到任何錯誤,但沒有任何更新在MySQL端或PHP前端。更新PHP中的SQL數據

我甚至嘗試了硬編碼的聲明。

這部分是我的PHP網頁瀏覽器的最頂端..

<?php 
/

    /IF RESQUEST IS EQUAL TO SUBMUIT 
    if (isset($_REQUEST['submit'])) 
      { 
       $my_date = date("Y-m-d H:i:s"); 
       $order = uniqid(); 
       $FullName= $_REQUEST['fullname']; 
       //Take in full Name and Split it into first and last name. 
       list($fname, $lname) = explode(' ', $customerName, 2);  
       $address = $_REQUEST['address']; 
       $emailAddress = $_REQUEST['emailAddress']; 
       $phoneNo = $_REQUEST['phoneNo']; 


Below is my Sticky Forum which is getting the Information from the Database and putting it into the Text Fields 

    // STICKY FORM TO ALLOW USER TO UPDATE INFORMATION 
    if (isset($_REQUEST['up'])) 
     { 
      $query_sticky = mysqli_query($connection,'SELECT * FROM orders WHERE id = "' . $_GET['id'] . '"'); 
      if(! $query_sticky) 
    { 
     die('Could not get data: ' . mysqli_error($connection)); // Could not find Order_id show Error 
    }//end die error 
    else 
     (isset($_REQUEST['update'])); 
     { 
    while($row = mysqli_fetch_array($query_sticky, MYSQLI_ASSOC)) 
    { 
     $row['id']; 
     echo '<form action="" method="post">' 

     Name:'; 
      echo'<input name="customerName" id="cname" type="text" required value="'.$row['firstname']. " " .$row['lastname']. '" />'; 
      echo' <br/> 
      <br/> 
      Address: 
      <textarea name="address" id = "caddress" type="text" rows="5" cols="30" required value="'.$row['address'].'" ></textarea> 
      <br/> 
      <br/> 
      Email Address: 
      <input name="emailAddress" type="email" required value="'.$row['email']. '" /> 
      <br/> 
      <br/> 
      <br/> 
      Phone Number: 
      <input name="phoneNo" id="phoneNumber" type="text" required value="'.$row['phone']. '" /> 
      <br/> 
      <br/> 
      <button type="submit" name="update" value="update" >update</button 
     <div id="Submit"> 
     </form> 
     <form action="order.php" method="delete"> 
     </form>'; 
    }//close if 
     } 
    } // Close While 

here is my Update Section 

    if (isset($_REQUEST['update'])) 
    { 
      $updateDB = "UPDATE orders SET student ='$_POST[student]', 
      firstname='John', lastname='wallace', 
      email = '$_POST[emailAddress]', address = '$_POST[address]', 
      phone = '$_POST[phoneNo]' 
      WHERE 
      order_id ='$_GET[order_id]'"; 
      mysqli_query($connection, $updateDB); 
     }//end update..  
     }//end PHP 
    ?>

來源

2015-04-02 Dave

+0

您的代碼對[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)漏洞利用開放。使用[準備好的陳述](http://en.wikipedia.org/wiki/Prepared_statement)。 – Phylogenesis 2015-04-02 16:02:29

+1

你不能在mysqli_query中使用'mysql_error()'。這就是爲什麼你得到「無法更新數據:」但沒有看到錯誤。 – 2015-04-02 16:02:49

+0

不應該是'$ _POST ['update']'而不是'$ _REQUEST ['update']'? – s3lph 2015-04-02 16:02:57

回答

1

你在你UPDATE查詢字符串單引號和雙引號混合起來。試試這個:

$updateDB = "UPDATE test 
SET email = '"[email protected]$_POST[$emailAddress]."', 
address = '"[email protected]$_POST[$address]."', 
phone = '"[email protected]$_POST[$phoneNo]."' 
WHERE id = '".$_GET['id']."'";

來源

2015-04-02 16:09:13

+0

混合API並抑制錯誤。除此之外,它是一切都很好¯\\ _(ツ)_ /¯ – 2015-04-02 16:10:43

+0

第一次SO評論有我LOL ...但是這個PHP是ra and的,我不需要吃一整桶黃油來知道它是腐臭的。 – 2015-04-02 16:12:50

相關問題

 相關問題