PHP 代码未将表单值更新到数据库
PHP code not updating form values to database
我的数据库中有一个样本数据,我试图用我的表单提交中的数据覆盖,主键 PageID 设置为 0,据我所知,我的查询是正确的,我在提交时没有错误没有数据进入数据库。这是整个 PHP 文档。
<?php
if(isset($_POST['update'])){
$pageid = 0;
$dbc = @mysqli_connect ('localhost', 'elinksw_ju1ez', '*******', 'elinksw_ju1ez') OR die ('<p class="error">Cannot connect to the database.</body></html>');
$q = "UPDATE tblContent SET PageHeading='$_POST[PageHeading]' ,SubHeading='$_POST[SubHeading]' ,Content='$_POST[Content]' ,PageTitle='$_POST[PageTitle]' ,MetaDescription='$_POST[MetaDescription]' ,MetaKeywords='$_POST[MetaKeywords]' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q);
mysqli_close($dbc);
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="./includes/adminStyle.css">
<title>Administration - Edit content</title>
</head>
<body>
<header>
<h1>Edit Content</h1>
<h2>Welcome Administrator</h2>
</header>
<nav>
<a href="admin.php" class="myButton">Manage Homepage</a><br>
<a href="admin.php" class="myButton">Manage Products</a><br>
<a href="admin.php" class="myButton">Manage Contacts</a><br>
</nav>
<section>
<h2>Manage Homepage</h2>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="300" cellpadding="2" cellspacing="2">
<tr>
</tr>
<tr>
<td>Page Heading:</td>
<td><input type="text" name="PageHeading"></td> </tr>
<tr>
<td>Sub Heading:</td>
<td><input type="text" name="SubHeading"></td> </tr>
<tr>
<td>Page Title:</td>
<td><input type="text" name="PageTitle"></td> </tr>
<tr>
<td>MetaDescription:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="MetaDescription"></textarea></td> </tr>
<tr>
<td>MetaKeywords:</td>
<td><input type="text" name="MetaKeywords"></td> </tr>
<tr>
<td>Content:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="Content"></textarea></td> </tr>
<tr>
<td><input type="submit" name="update" value = "Update Database"></td> </tr>
</section>
</form>
</body>
</html>
这里是数据库中的table
首先,你的代码是危险的,容易受到注入攻击,你必须过滤和转义你的$_POST变量(http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks)
掌握正在发生的事情的快速而肮脏的解决方案包括:
$PageHeading = mysqli_real_escape_string($dbc, $_POST['PageHeading']);
$subHeading = mysqli_real_escape_string($dbc, $_POST['SubHeading']);
$Content = mysqli_real_escape_string($dbc, $_POST['Content']);
$PageTitle = mysqli_real_escape_string($dbc, $_POST['PageTitle']);
$MetaDescription = mysqli_real_escape_string($dbc, $_POST['MetaDescription']);
$MetaKeywords = mysqli_real_escape_string($dbc, $_POST['MetaKeywords']);
$q = "UPDATE tblContent SET PageHeading='$PageHeading' ,SubHeading='$SubHeading' ,Content='$Content' ,PageTitle='$PageTitle' ,MetaDescription='$MetaDescription' ,MetaKeywords='$MetaKeywords' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc)); //remove this on production
我的数据库中有一个样本数据,我试图用我的表单提交中的数据覆盖,主键 PageID 设置为 0,据我所知,我的查询是正确的,我在提交时没有错误没有数据进入数据库。这是整个 PHP 文档。
<?php
if(isset($_POST['update'])){
$pageid = 0;
$dbc = @mysqli_connect ('localhost', 'elinksw_ju1ez', '*******', 'elinksw_ju1ez') OR die ('<p class="error">Cannot connect to the database.</body></html>');
$q = "UPDATE tblContent SET PageHeading='$_POST[PageHeading]' ,SubHeading='$_POST[SubHeading]' ,Content='$_POST[Content]' ,PageTitle='$_POST[PageTitle]' ,MetaDescription='$_POST[MetaDescription]' ,MetaKeywords='$_POST[MetaKeywords]' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q);
mysqli_close($dbc);
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="./includes/adminStyle.css">
<title>Administration - Edit content</title>
</head>
<body>
<header>
<h1>Edit Content</h1>
<h2>Welcome Administrator</h2>
</header>
<nav>
<a href="admin.php" class="myButton">Manage Homepage</a><br>
<a href="admin.php" class="myButton">Manage Products</a><br>
<a href="admin.php" class="myButton">Manage Contacts</a><br>
</nav>
<section>
<h2>Manage Homepage</h2>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="300" cellpadding="2" cellspacing="2">
<tr>
</tr>
<tr>
<td>Page Heading:</td>
<td><input type="text" name="PageHeading"></td> </tr>
<tr>
<td>Sub Heading:</td>
<td><input type="text" name="SubHeading"></td> </tr>
<tr>
<td>Page Title:</td>
<td><input type="text" name="PageTitle"></td> </tr>
<tr>
<td>MetaDescription:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="MetaDescription"></textarea></td> </tr>
<tr>
<td>MetaKeywords:</td>
<td><input type="text" name="MetaKeywords"></td> </tr>
<tr>
<td>Content:</td>
<td><textarea style="width:300px;" cols="55" rows="5" name="Content"></textarea></td> </tr>
<tr>
<td><input type="submit" name="update" value = "Update Database"></td> </tr>
</section>
</form>
</body>
</html>
这里是数据库中的table
首先,你的代码是危险的,容易受到注入攻击,你必须过滤和转义你的$_POST变量(http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks)
掌握正在发生的事情的快速而肮脏的解决方案包括:
$PageHeading = mysqli_real_escape_string($dbc, $_POST['PageHeading']);
$subHeading = mysqli_real_escape_string($dbc, $_POST['SubHeading']);
$Content = mysqli_real_escape_string($dbc, $_POST['Content']);
$PageTitle = mysqli_real_escape_string($dbc, $_POST['PageTitle']);
$MetaDescription = mysqli_real_escape_string($dbc, $_POST['MetaDescription']);
$MetaKeywords = mysqli_real_escape_string($dbc, $_POST['MetaKeywords']);
$q = "UPDATE tblContent SET PageHeading='$PageHeading' ,SubHeading='$SubHeading' ,Content='$Content' ,PageTitle='$PageTitle' ,MetaDescription='$MetaDescription' ,MetaKeywords='$MetaKeywords' WHERE PageID='$pageid'";
$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc)); //remove this on production