0
我有一個編輯鏈接和每行刪除按鈕的MYSQL表。編輯鏈接轉到edit_movie.php,它有一個表單。我的問題是表單沒有顯示任何要更新/編輯的數據。我如何從點擊的行中獲取id,或者寫什麼函數來提取它。表格只是空白,沒有字段填寫。通過id獲取MYSQL行並在窗體中進行編輯和更新?
有人可以幫忙我會很開心!我們現在坐着這個問題已經有3天了,只是無法讓它工作。我是一個PHP初學者...
我知道我使用的是過時的mysql函數,我需要查看SQL注入,我會一旦得到這個工作。
表信息:
表1名:電影
字段:ID(主鍵,AI),標題,RELEASE_YEAR,genre_id,導演
表2名:分類
領域: genre_id(主鍵,AI),類型
它們在genre_id之間有外部關係。
這裏是index.php文件
<?php
require('movie.inc.php');
if (isset($_GET['delete']) && isset($_GET['id'])){
if (delete_movie_by_id($_GET['id'])){ //it's 100% safe
die('Movie has been removed. Refresh the page now'); // or the like
} else {
echo 'Sorry movie could not be deleted'; // could not - handle here
}
}
include 'add_movie.php';
?>
<!DOCTYPE html>
<html>
<head>
<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />
</head>
<body>
<table>
<tr>
<th>Title</th>
<th>Release year</th>
<th>Genre</th><th>Director</th>
<th>Update</th>
<th>Delete</th>
</tr>
<?php foreach (get_all_movies() as $index => $row) : ?>
<tr>
<td><?php echo $row['title'];?></td>
<td><?php echo $row['release_year']; ?></td>
<td><?php echo $row['genre'];?></td>
<td><?php echo $row['director'];?></td>
<td><a href='<?php printf('edit_movie.php?edit=%s', $row['id']);?>'>Edit</a></td>
<td>
<form action="index.php" method="GET">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="id" value="<?php echo $row['id'];?>" />
<input type="submit" value="Delete" />
</form>
</td>
</tr>
<?php endforeach; ?>
</table>
</body>
</html>
下面的代碼是edit_movie.php代碼:
<?php
require 'connect.inc.php';
require_once('movie.inc.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />
</head>
<body>
<h1>Edit movie</h1>
<div id="form_column">
<form action="edit_movie.php" method="post">
<input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
Select genre:
<br>
<br> <input type="radio" name="genre_id" value="1" checked />Action<br>
<br> <input type="radio" name="genre_id" value="2" />Comedy<br>
<br> <input type="radio" name="genre_id" value="3" />Drama<br>
<br> <input type="radio" name="genre_id" value="4" />Horror<br>
<br> <input type="radio" name="genre_id" value="5" />Romance<br>
<br> <input type="radio" name="genre_id" value="6" />Thriller<br><br>
<input type="submit" value="Update movie" />
</form>
</div>
</body>
</html>
這裏是movie.inc.php文件
<?php
require_once('connect.inc.php');
function get_all_movies(){
$query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";
$result = mysql_query($query);
if (! $result){
return false;
} else {
$return = array();
while ($row = mysql_fetch_assoc($result)){
$return[] = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']);
}
return $return;
}
}
function delete_movie_by_id($id){
return mysql_unbuffered_query(sprintf("DELETE FROM `movies` WHERE id='%s' LIMIT 1", mysql_real_escape_string($id)));
}
if (isset($_POST['delete'], $_POST['id'])){
delete_movie_by_id($_POST['id']);
}
?>
OMG, 4年後,這個問題被編輯。 – NaveenDA 2017-07-15 14:27:17