1. 首頁
  2. 問答
  3. 編輯數據與php代碼保存問題

編輯數據與php代碼保存問題

2013-04-22 44 views
0

這是我的表單頁面editFormpackage.php
我可以把我的數據恢復到更新的形式,但是當我更改的值,然後單擊更新iformation不保存。請有人請幫助!我新來的PHP。編輯數據與php代碼保存問題

<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title> AB Delivery </title> 
<title> *Please enter details of employee took order. </title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title> AB Delivery </title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
<link href= rel='stylesheet' type='text/css'> 
<!-- jQuery file --> 
<script src="js/jquery.min.js"></script> 
<script src="js/jquery.tabify.js" type="text/javascript" charset="utf-8"></script> 
<script type="text/javascript"> 
var $ = jQuery.noConflict(); 
$(function() { 
$('#tabsmenu').tabify(); 
$(".toggle_container").hide(); 
$(".trigger").click(function(){ 
    $(this).toggleClass("active").next().slideToggle("slow"); 
    return false; 
}); 
}); 
</script> 
</head> 
<body> 
<div id="panelwrap"> 

    <div class="header"> 
    <div class="title"><a href="#">AB Delivery</a></div> 

    <div class="header_right">Welcome Admin </div> 

    <div class="menu"> 
    <ul> 
    <li><a href="http://localhost/delivery2/homepage.html" class="selected">New Entry</a></li> 
    <li><a href="http://localhost/delivery2/showall.php">Show All</a></li> 
    <li><a href="http://localhost/delivery2/edit.php">Edit</a></li> 
    <li><a href="http://localhost/delivery2/search.html">Search</a></li> 
    </ul> 
    </div> 


    <div class="center_content"> 

    <div id="right_wrap"> 
    <div id="left_content">    
    <h2>Tables section</h2> 


<table id="rounded-corner"> 



<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("delivery", $con); 

if(isset($_GET['package_id'])) 
{ 
$package_id=$_GET['package_id']; 
if(isset($_POST['submit'])) 
{ 
$customer_id=$_POST['customer_id']; 
$order_taken_by_employee_id=$_POST['order_taken_by_employee_id']; 
$package_details=$_POST['package_details']; 
$result=mysql_query("UPDATE package SET customer_id ='$customer_id',order_taken_by_employee_id='$order_taken_by_employee_id', package_details='$package_details' where package_id='$package_id'"); 
if($result) 
{ 
header('location:edit.php'); 
} 
} 
$query1=mysql_query("SELECT * FROM package WHERE package_id='$package_id'"); 
$query2=mysql_fetch_array($query1); 
?> 
<form method="post" action="http://localhost/delivery2/editFormpackage.php"> 
Customer ID:<input type="text" name="customer_id" value="<?php echo $query2['customer_id']; ?>" /><br /> 
Order Taken by Employee ID:<input type="text" name="order_taken_by_employee_id" value="<?php echo $query2['order_taken_by_employee_id']; ?>" /><br /><br /> 
Package Details:<input type="text" name="package_details" value="<?php echo $query2['package_details']; ?>" /><br /><br /> 
<br /> 
<input type="submit" name="submit" value="update" /> 
</form> 


<?php 
} 
?> 



<div 



    <div class="clear"></div> 
    </div> <!--end of center_content--> 

    <div class="footer"> 
AB Delivery 
</div> 

</div> 


</body> 
</html>

這是從edit.php的代碼,你可以看到我創建了一個新的頁面,爲所有的表進行更新。

<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title> AB Delivery </title> 
<title> *Please enter details of employee took order. </title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title> AB Delivery </title> 
<link rel="stylesheet" type="text/css" href="style.css" /> 
<link href= rel='stylesheet' type='text/css'> 
<!-- jQuery file --> 
<script src="js/jquery.min.js"></script> 
<script src="js/jquery.tabify.js" type="text/javascript" charset="utf-8"></script> 
<script type="text/javascript"> 
var $ = jQuery.noConflict(); 
$(function() { 
$('#tabsmenu').tabify(); 
$(".toggle_container").hide(); 
$(".trigger").click(function(){ 
    $(this).toggleClass("active").next().slideToggle("slow"); 
    return false; 
}); 
}); 
</script> 
</head> 
<body> 
<div id="panelwrap"> 

    <div class="header"> 
    <div class="title"><a href="#">AB Delivery</a></div> 

    <div class="header_right">Welcome Admin </div> 

    <div class="menu"> 
    <ul> 
    <li><a href="http://localhost/delivery2/homepage.html" class="selected">New Entry</a></li> 
    <li><a href="http://localhost/delivery2/showall.php">Show All</a></li> 
    <li><a href="http://localhost/delivery2/edit.php">Edit</a></li> 
    <li><a href="http://localhost/delivery2/search.html">Search</a></li> 
    </ul> 
    </div> 


    <div class="center_content"> 

    <div id="right_wrap"> 
    <div id="left_content">    
    <h2>Tables section</h2> 


<table id="rounded-corner"> 


<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("delivery", $con); 

$result = mysql_query("SELECT * FROM customers"); 



echo "<table border='19'> 
<tr> 
<th>Customer ID</th> 
<th>Customer Address ID</th> 
<th>Name</th> 
<th>Phone Number</th> 
<th>Email</th> 
<th>Action</th> 
</tr>"; 

while($row1 = mysql_fetch_array($result)) 

    { 
    echo "<tr>"; 
    echo "<td>" . $row1['customer_id'] . "</td>"; 
    echo "<td>" . $row1['customer_address_id'] . "</td>"; 
    echo "<td>" . $row1['customer_name'] . "</td>"; 
    echo "<td>" . $row1['customer_phone'] . "</td>"; 
    echo "<td>" . $row1['customer_email'] . "</td>"; 
    echo "<td><a href='editFormcustomers.php?customer_id=".$row1['customer_id']."'>Edit</a></td>"; 
echo "<td><a href='deletecustomers.php?customer_id=".$row1['customer_id']."'>x</a></td><tr>"; 
    } 


echo "</tr>"; 

echo "</table>"; 

mysql_close($con); 

?> 

<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("delivery", $con); 

$result = mysql_query("SELECT * FROM address"); 



echo "<table border='19'> 
<tr> 
<th>Address ID</th> 
<th>Address </th> 
<th>Action</th> 
</tr>"; 

while($row2 = mysql_fetch_array($result)) 

    { 
    echo "<tr>"; 
    echo "<td>" . $row2['address_id'] . "</td>"; 
    echo "<td>" . $row2['line_1'] . "</td>"; 
    echo "<td><a href='editFormaddress.php?address_id=".$row2['address_id']."'>Edit</a></td>"; 
echo "<td><a href='deleteaddress.php?address_id=".$row2['address_id']."'>x</a></td><tr>"; 
    } 


echo "</tr>"; 

echo "</table>"; 

mysql_close($con); 

?> 

<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("delivery", $con); 

$result = mysql_query("SELECT * FROM package"); 



echo "<table border='19'> 
<tr> 
<th>Packasge ID</th> 
<th> Customer ID</th> 
<th>Employee ID</th> 
<th>Details</th> 
<th>Action</th> 
</tr>"; 

while($row3 = mysql_fetch_array($result)) 

    { 
    echo "<tr>"; 
    echo "<td>" . $row3['package_id'] . "</td>"; 
    echo "<td>" . $row3['customer_id'] . "</td>"; 
    echo "<td>" . $row3['order_taken_by_employee_id'] . "</td>"; 
    echo "<td>" . $row3['package_details'] . "</td>"; 
    echo "<td><a href='editFormpackage.php?package_id=".$row3['package_id']."'>Edit</a></td>"; 
echo "<td><a href='deletepackage.php?package_id=".$row3['package_id']."'>x</a></td><tr>"; 


    } 


echo "</tr>"; 

echo "</table>"; 

mysql_close($con); 

?> 

<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("delivery", $con); 

$result = mysql_query("SELECT * FROM employee"); 



echo "<table border='19'> 
<tr> 
<th>Employee ID</th> 
<th>Employee Name</th> 
<th>Phone Number</th> 
<th>Other Details</th> 
<th>Action</th> 
</tr>"; 

while($row4 = mysql_fetch_array($result)) 

    { 
    echo "<tr>"; 
    echo "<td>" . $row4['employee_id'] . "</td>"; 
    echo "<td>" . $row4['employee_name'] . "</td>"; 
    echo "<td>" . $row4['employee_phone'] . "</td>"; 
    echo "<td>" . $row4['other_employee_details'] . "</td>"; 
    echo "<td><a href='editFormemployee.php?employee_id=".$row4['employee_id']."'>Edit</a></td>"; 
echo "<td><a href='deleteemployee.php?employee_id=".$row4['employee_id']."'>x</a></td><tr>"; 

    } 


echo "</tr>"; 

echo "</table>"; 


mysql_close($con); 

?> 


    <div 



    <div class="clear"></div> 
    </div> <!--end of center_content--> 

    <div class="footer"> 
AB Delivery 
</div> 

</div> 


</body> 
</html>

來源

2013-04-22 user2309174

回答

0

更新腳本中的where子句引用包ID,但是無法在表單中設置包ID。

$result=mysql_query("UPDATE package SET customer_id ='$customer_id',order_taken_by_employee_id='$order_taken_by_employee_id', package_details='$package_details' where package_id='$package_id'");

之前,我們得到的解決方案,我要指出的是,你非常容易受到SQL注入,因爲你不直前將數據庫與它消毒你的表單輸入。請檢查以幫助您找到正確的路徑http://us2.php.net/manual/en/function.mysql-real-escape-string.php

下面的解決方案可以正常工作,但是在POST中傳遞軟件包ID在技術上也可能會被黑客入侵。在服務器或數據庫會話中傳遞ID是最安全的(Most secure way to pass variables between two pages with PHP),但下面的解決方案將幫助您順利完成任務。

您正在設置來自GET查詢參數的包ID,但一旦您的表單提交,它將提交到表單action參數中定義的URL,您可以看到它不包含包id。

爲了解決這個問題,你應該添加的package_id作爲隱藏的表單變量,像這樣:

<form method="post" action="http://localhost/delivery2/editFormpackage.php"> 
Customer ID:<input type="text" name="customer_id" value="<?php echo  $query2['customer_id']; ?>" /><br /> 
Order Taken by Employee ID:<input type="text" name="order_taken_by_employee_id" value="<?php echo $query2['order_taken_by_employee_id']; ?>" /><br /><br /> 
Package Details:<input type="text" name="package_details" value="<?php echo $query2['package_details']; ?>" /><br /><br /> 
<br /> 
<input type="hidden" name="package_id" value="<?php echo $query2['package_id'];?>" /> 
<input type="submit" name="submit" value="update" /> 
</form>

然後從全局變量$ _POST中的package_id像這樣設置的package_id:

if(isset($_POST['submit'])) 
{ 
$package_id = $_POST['package_id']; 
$customer_id=$_POST['customer_id']; 
$order_taken_by_employee_id=$_POST['order_taken_by_employee_id']; 
$package_details=$_POST['package_details']; 
$result=mysql_query("UPDATE package SET customer_id ='$customer_id',order_taken_by_employee_id='$order_taken_by_employee_id', package_details='$package_details' where package_id='$package_id'"); 
// rest of your code

來源

2013-04-23 05:07:04 adamfish

+0

謝謝,但它仍然沒有保存數據。 – user2309174 2013-04-23 09:21:55

+0

您是否收到任何類型的錯誤?你還可以發佈你的腳本更新嗎? – adamfish 2013-04-24 00:18:49

+0

我現在正在工作謝謝你,我不得不改變網址。 – user2309174 2013-04-24 01:46:09

0

這是正確的代碼:

<form method="post" action="http://localhost/delivery2/editFormpackage.php"> 
     Customer ID:<input type="text" name="customer_id" value="<?php echo  $query2['customer_id']; ?>" /><br /> 
     Order Taken by Employee ID:<input type="text" name="order_taken_by_employee_id" value="<?php echo $query2['order_taken_by_employee_id']; ?>" /><br /><br /> 
     Package Details:<input type="text" name="package_details" value="<?php echo $query2['package_details']; ?>" /><br /><br /> 
     <br /> 
     <input type="hidden" name="package_id" value="<?php echo $query2['package_id'];?>" /> 
     <input type="submit" name="submit" value="update" /> 
     </form>

來源

2013-04-24 01:49:56 user2309174

相關問題

 相關問題