当前位置: 文江博客话题详情

在 php 中更新 mysql 的一行

发布于 2025-01-06 01:14:23 字数 1884 浏览 3 评论 0原文

我有一个看起来像这样的表:

姓名用户名密码角色

学生 [电子邮件受保护] 学生

学生2 学生2 [电子邮件受保护] 学生2 学生

和我希望能够在 php 中编辑一行。 这些值取自 html 文件,如下所示:

用户名

[email  ;受保护] <--这将写在文本框中

密码

Student2 <--这将写在文本框中

姓名

Student2 <--这将写在文本框中

姓氏

Student2 <--这将写在文本框中< /em>

角色

学生<--这将写在文本框中

我的 php 文件是:

<?php
$hostname = "localhost"; 
$database = "mydb"; 
$username = "myuser"; 
$password = "mypsw";
$link = mysql_connect( $hostname , $username , $password ) or 
        die("Prosoxi!Provlima stin sundesi me ton server : " . mysql_error());
mysql_select_db($database,$link);

mysql_query("UPDATE user 
         SET username = '".mysql_real_escape_string($_POST[nusername])."', 
         SET password = '".mysql_real_escape_string($_POST[npassword])."', 
         SET name = '".mysql_real_escape_string($_POST[nname])."', 
         SET surname = '".mysql_real_escape_string($_POST[nsurname])."', 
         SET role = '".mysql_real_escape_string($_POST[nrole])."' 
         WHERE username='".mysql_real_escape_string($_POST[us])."'");

mysql_close($link);
header("Location: users.php");
?>

1.更新没有发生,所以 php 文件中有一些错误,我找不到。

2.如果我选择某个用户名,如何才能在 html 文件中使用正确的值来实现已填充的框?

有人可以帮助我吗?先感谢您。 :)

原文

I have a table that looks like this:

name surname username password role

student student [email protected] student student

student2 student2 [email protected] student2 student

and I want to be able to edit a row in php.
The values are taken from a html file like this:

Username

[email protected] <--This will be written in a text box

Password

student2 <--This will be written in a text box

Name

student2 <--This will be written in a text box

Surname

student2 <--This will be written in a text box

Role

student <--This will be written in a text box

My php file is:

<?php
$hostname = "localhost"; 
$database = "mydb"; 
$username = "myuser"; 
$password = "mypsw";
$link = mysql_connect( $hostname , $username , $password ) or 
        die("Prosoxi!Provlima stin sundesi me ton server : " . mysql_error());
mysql_select_db($database,$link);

mysql_query("UPDATE user 
         SET username = '".mysql_real_escape_string($_POST[nusername])."', 
         SET password = '".mysql_real_escape_string($_POST[npassword])."', 
         SET name = '".mysql_real_escape_string($_POST[nname])."', 
         SET surname = '".mysql_real_escape_string($_POST[nsurname])."', 
         SET role = '".mysql_real_escape_string($_POST[nrole])."' 
         WHERE username='".mysql_real_escape_string($_POST[us])."'");

mysql_close($link);
header("Location: users.php");
?>

1.The update does not happen, so there's something wrong in the php file, that I can't find.

2. How can I achieve already filled boxes in the html file, with the right values, if I choose a certain username?

Can someone help me? Thank you in advance. :)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

呢古 2025-01-13 01:14:23

这里发生了很多事情。

  1. 始终使用整数作为主键,例如:id MEDIUMINT NOT NULL AUTO_INCRMENT。然后将其设为主键。

  2. 您需要使用mysql_real_escape_string()清理您对数据库的输入

  3. 您需要连接您的查询,因此它应该如下所示:

    mysql_query("更新用户
    SET 用户名 = '".mysql_real_escape_string($_POST[nusername])."'
    SET 密码 = '".mysql_real_escape_string($_POST[npassword])."'
    SET name = '".mysql_real_escape_string($_POST[nname])."'
    SET surname = '".mysql_real_escape_string($_POST[nsurname])."'
    SET 角色 = '".mysql_real_escape_string($_POST[nrole])."'
    WHERE username='".mysql_real_escape_string($_POST[us])."'");

这是更正后的代码:

    <?php
$hostname = "localhost"; 
$database = "mydb"; 
$username = "myuser"; 
$password = "mypsw";
$link = mysql_connect( $hostname , $username , $password ) or 
        die("Prosoxi!Provlima stin sundesi me ton server : " . mysql_error());
mysql_select_db($database,$link);

mysql_query("UPDATE user 
         SET username = '".mysql_real_escape_string($_POST['nusername'])."', 
         SET password = '".mysql_real_escape_string($_POST['npassword'])."', 
         SET name = '".mysql_real_escape_string($_POST['nname'])."', 
         SET surname = '".mysql_real_escape_string($_POST['nsurname'])."', 
         SET role = '".mysql_real_escape_string($_POST['nrole'])."' 
         WHERE username='".mysql_real_escape_string($_POST['us'])."'");

mysql_close($link);
header("Location: users.php");
?>

注意 _POST var 周围的单引号,$_POST['nusername'] 你有 $_POST[nusername]。

尝试现在,看看它是否更新。

There is a lot going on here.

  1. Always us a integer as a primary key, example: id MEDIUMINT NOT NULL AUTO_INCREMENT. Then make it the primary key.

  2. you need to sanitize your input to the database using mysql_real_escape_string()

  3. you need to concatenate your query, so it should look like this:

    mysql_query("UPDATE user
    SET username = '".mysql_real_escape_string($_POST[nusername])."'
    SET password = '".mysql_real_escape_string($_POST[npassword])."'
    SET name = '".mysql_real_escape_string($_POST[nname])."'
    SET surname = '".mysql_real_escape_string($_POST[nsurname])."'
    SET role = '".mysql_real_escape_string($_POST[nrole])."'
    WHERE username='".mysql_real_escape_string($_POST[us])."'");

Here is corrected code:

    <?php
$hostname = "localhost"; 
$database = "mydb"; 
$username = "myuser"; 
$password = "mypsw";
$link = mysql_connect( $hostname , $username , $password ) or 
        die("Prosoxi!Provlima stin sundesi me ton server : " . mysql_error());
mysql_select_db($database,$link);

mysql_query("UPDATE user 
         SET username = '".mysql_real_escape_string($_POST['nusername'])."', 
         SET password = '".mysql_real_escape_string($_POST['npassword'])."', 
         SET name = '".mysql_real_escape_string($_POST['nname'])."', 
         SET surname = '".mysql_real_escape_string($_POST['nsurname'])."', 
         SET role = '".mysql_real_escape_string($_POST['nrole'])."' 
         WHERE username='".mysql_real_escape_string($_POST['us'])."'");

mysql_close($link);
header("Location: users.php");
?>

notice the single quote surrounding the _POST var, $_POST['nusername'] you had $_POST[nusername].

Try it now, and see if it updates.

回复 原文
清秋悲枫 2025-01-13 01:14:23

当您遇到查询问题时,请始终回显查询本身以查看是否正在处理正确的数据!此外,我会这样编写查询:

$sql = "UPDATE user 
            SET username = '".mysql_real_escape_string($_POST[nusername])."'
            SET password = '".mysql_real_escape_string($_POST[npassword])."'
            SET name = '".mysql_real_escape_string($_POST[nname])."'
            SET surname = '".mysql_real_escape_string($_POST[nsurname])."'
            SET role = '".mysql_real_escape_string($_POST[nrole])."'
            WHERE username='".mysql_real_escape_string($_POST[us])."'";

// test
echo $sql;

mysql_query($sql);

When you have a query issue, always echo the query itself to see if the correct data is going through! Furthermore, I would write the query like this:

$sql = "UPDATE user 
            SET username = '".mysql_real_escape_string($_POST[nusername])."'
            SET password = '".mysql_real_escape_string($_POST[npassword])."'
            SET name = '".mysql_real_escape_string($_POST[nname])."'
            SET surname = '".mysql_real_escape_string($_POST[nsurname])."'
            SET role = '".mysql_real_escape_string($_POST[nrole])."'
            WHERE username='".mysql_real_escape_string($_POST[us])."'";

// test
echo $sql;

mysql_query($sql);
回复 原文
天荒地未老 2025-01-13 01:14:23
   $query =  mysql_query("UPDATE user 
                SET username = '" .mysql_escape_string($_POST[nusername]) . "' 
                password = ' " .mysql_escape_string($_POST[npassword]) . "'
                name = '" . mysql_escape_string($_POST[nname]) . " '
                surname = '" . mysql_escape_string($_POST[nsurname])."'
                SET role = '".mysql_escape_string($_POST[nrole]) . "'
                WHERE username='" .mysql_escape_string( $_POST[us]) . "'");

如果其他一切都失败,则回显 SQL 语句,然后粘贴到 SQL Browser/PHPMyAdmin 上,然后在那里进行调试。然后您只需将代码替换为无错误的代码即可。

您需要确保您发送的数据也不受 sql 注入的影响。有人可能会绕过它..

   $query =  mysql_query("UPDATE user 
                SET username = '" .mysql_escape_string($_POST[nusername]) . "' 
                password = ' " .mysql_escape_string($_POST[npassword]) . "'
                name = '" . mysql_escape_string($_POST[nname]) . " '
                surname = '" . mysql_escape_string($_POST[nsurname])."'
                SET role = '".mysql_escape_string($_POST[nrole]) . "'
                WHERE username='" .mysql_escape_string( $_POST[us]) . "'");

If everything else fails echo the SQL statement then paste on SQL Browser/PHPMyAdmin then debug it there. Then you just replace the code with the error-free one.

You need to make sure that the data you are sending are sql-inject free as well. Someone might just bypass it..

回复 原文
归属感 2025-01-13 01:14:23

您的查询需要修改如下。

mysql_query("UPDATE user 
            SET username = '" .$_POST[nusername] . "' ,
            password = ' " .$_POST[npassword] . "',
            name = '" . $_POST[nname] . " ',
            surname = '" . $_POST[nsurname]',
            role = '$_POST[nrole] . "'
            WHERE username='" . $_POST[us] . "'");

此外,您还可能受到 SQL 注入攻击。所以你最好也使用mysql_real_escape_string()函数。

http://php.net/manual/en/function.mysql -real-escape-string.php

另外,我想建议您采取一些步骤来解决此类问题。这只是一个例子。

步骤 1

当您的 PHP 代码中需要 SQL 语句时。您最好先将其编写在 MySQL 工具中,然后使用示例值进行测试。

UPDATE subscriber 
    SET
    Subscriber_Name = 'Test' , 
    Email = '[email protected]'     
    WHERE
    Subscriber_ID = '2' ;

第 2 步:

如果查询工作正常,则将其复制到 php.ini。并用 mysql_real_escape_string() 支持替换值。

$sql = "UPDATE subscriber 
    SET
    Subscriber_Name = '" .  mysql_real_escape_string($_POST['name']) . "' , 
    Email = '" .  mysql_real_escape_string($_POST['email']) . "'    
    WHERE
    Subscriber_ID = '" .  mysql_real_escape_string($_POST['id']) . "' ;"

第 3 步:

执行您的查询。

$result = mysql_query($sql);

步骤 4:

您可以查看是否有任何错误。

echo mysql_error();

编辑:

为您解答问题2“如果我选择某个用户名,如何才能在html文件中使用正确的值来实现已填充的框?”可能是这样的。

首先,您必须编写一条选择语句并获取您想要的任何数据。前任。

$sql = "SELECT user.username, user.name, user.surname , user.role  FROM USER WHERE user.username = '" . mysql_real_escape_string($_POST[us]) . "'";

$result = mysql_query($sql, $link) or die(mysql_error());

$row = mysql_fetch_assoc($result);

然后输入您的 HTML 代码。前任:

<form action="edit_user.php" method="post"> 
<p>Username<input type="text"name="nusername" size="40" value="<?php echo $row['username'];?>"></p> 
<p>Password<input type="password"name="npassword" size="40"></p>
<p>Name<input type="text"name="nname" size="40"  value="<?php echo $row['name'];?>"></p> 
<p>Surname<input type="text"name="nsurname" size="40"  value="<?php echo $row['surname'];?>"></p> 
<p>Role<input type="text"name="nrole" size="40"  value="<?php echo $row['role'];?>"></p> 
<p><input type="submit></p>
</form>

Your query need to be modified as bellow.

mysql_query("UPDATE user 
            SET username = '" .$_POST[nusername] . "' ,
            password = ' " .$_POST[npassword] . "',
            name = '" . $_POST[nname] . " ',
            surname = '" . $_POST[nsurname]',
            role = '$_POST[nrole] . "'
            WHERE username='" . $_POST[us] . "'");

Also you are open for the SQL Injection attacks. So you better use mysql_real_escape_string() function as well.

http://php.net/manual/en/function.mysql-real-escape-string.php

Also I would like to suggest you few steps to over come this kind of issue. This is just an example.

Step 1

When you need a SQL statement in your PHP code. You better write it in your MySQL tool first and test it with sample values.

UPDATE subscriber 
    SET
    Subscriber_Name = 'Test' , 
    Email = '[email protected]'     
    WHERE
    Subscriber_ID = '2' ;

Step 2:

If the query works fine then copy it to php. And replace values with mysql_real_escape_string() support.

$sql = "UPDATE subscriber 
    SET
    Subscriber_Name = '" .  mysql_real_escape_string($_POST['name']) . "' , 
    Email = '" .  mysql_real_escape_string($_POST['email']) . "'    
    WHERE
    Subscriber_ID = '" .  mysql_real_escape_string($_POST['id']) . "' ;"

Step 3:

Execute your query.

$result = mysql_query($sql);

Step 4 :

You can see any if there any errors available.

echo mysql_error();

EDIT:

Answer for you Question 2 "How can I achieve already filled boxes in the html file, with the right values, if I choose a certain username?" could be like this.

First you have to write a select statement and get whatever data you want. Ex.

$sql = "SELECT user.username, user.name, user.surname , user.role  FROM USER WHERE user.username = '" . mysql_real_escape_string($_POST[us]) . "'";

$result = mysql_query($sql, $link) or die(mysql_error());

$row = mysql_fetch_assoc($result);

Then put your HTML code. Ex:

<form action="edit_user.php" method="post"> 
<p>Username<input type="text"name="nusername" size="40" value="<?php echo $row['username'];?>"></p> 
<p>Password<input type="password"name="npassword" size="40"></p>
<p>Name<input type="text"name="nname" size="40"  value="<?php echo $row['name'];?>"></p> 
<p>Surname<input type="text"name="nsurname" size="40"  value="<?php echo $row['surname'];?>"></p> 
<p>Role<input type="text"name="nrole" size="40"  value="<?php echo $row['role'];?>"></p> 
<p><input type="submit></p>
</form>
回复 原文
往日 2025-01-13 01:14:23

显然您发布的最新代码存在语法错误,当您从帖子中获取数据时,您有 $_POST[nusername] ,它应该是 $_POST['nusername'] 因为它是数组的索引,我还建议回显查询并注释标头调用,以便您可以看到发送到 MySQL 的查询是什么

Apparently there is a syntax error in the latest code you posted, when you obtain the data from post you have $_POST[nusername] and it should be $_POST['nusername']since it is an index of the array, and I also recommend echoing the query and commenting the header call so you can see what is the query that is being sent to MySQL

回复 原文
~没有更多了~

关于作者

不回头走下去

暂无简介

文章
评论
28 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

佚名

文章 0 评论 0

今天

文章 0 评论 0

゛时过境迁

文章 0 评论 0

达拉崩吧

文章 0 评论 0

呆萌少年

文章 0 评论 0

孤者何惧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文