php 使用提交按钮更新数据库数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29760338/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Update database data with submit button
提问by Soroosh n
I want to update a database with new data so that when you put your text in a text-box and then click the submit button, the data will be sent to the database, with a specific id. All I want to send is brightness, with the code below. When I write something like this, and I run it, I receive a 403 error: Access forbidden. How can I fix this?
我想用新数据更新数据库,以便当您将文本放入文本框中然后单击提交按钮时,数据将发送到数据库,并具有特定的 id。我想发送的只是亮度,代码如下。当我写这样的东西并运行它时,我收到一个 403 错误:访问被禁止。我怎样才能解决这个问题?
<?php
function updater($value,$id){
// Create connection
$conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE table_name SET name=$value WHERE id=$id";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
//$conn->close();
}
?>
<!DOCTYPE html>
<html>
<header>
</header>
<body>
<form action="<?php updater($_POST['name'],1); ?>" method="post" style="height:50px;width:50px;">
<input type="text" name="name" /><br><br>
<input type="submit" /><br/>
</form>
</body>
</html>
采纳答案by Max D
like this:
像这样:
<?php
function updater($value,$id){
// Create connection
$conn = new mysqli( 'localhost' , 'user_name' , 'pass' ,'data_base_name' );
$value =mysqli_real_escape_string($conn,$value);
$id =mysqli_real_escape_string($conn,$id);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE table_name SET name='{$value}' WHERE id='{$id}'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
if(isset($_POST['name'])){
updater($_POST['name'],$_POST['id'])
}
?>
<!DOCTYPE html>
<html>
<header>
</header>
<body>
<form action="" method="post" style="height:50px;width:50px;">
<input type="hidden" name="id" value="1" />
<input type="text" name="name" /><br><br>
<input type="submit" /><br/>
</form>
</body>
</html>
回答by Kevin
You need to put the URL inside the action attribute that does the form processing, not the function:
您需要将 URL 放在进行表单处理的 action 属性中,而不是函数中:
action="<?php updater($_POST['name'],1); ?>" // not this
action="<?php echo $_SERVER['PHP_SELF']; ?>" // path to this page
If this is on the same page, you can just omit it or use $_SERVER['PHP_SELF'], then catch the form submission. Inside that process, then invoke your custom function.
如果这是在同一页面上,您可以省略它或使用$_SERVER['PHP_SELF'],然后捕获表单提交。在该过程中,然后调用您的自定义函数。
if($_SERVER['REQUEST_METHOD'] === 'POST') {
$value = $_POST['name'];
$id = 1;
updater($value, $id);
}
An easy fix would be just to quote the string inside it:
一个简单的解决方法就是引用其中的字符串:
$sql = "UPDATE table_name SET name='$value' WHERE id=$id";
But this is open to SQL injection, another way to do safer queries is to prepare them:
但这对 SQL 注入是开放的,另一种更安全的查询方法是准备它们:
function updater($value,$id) {
// Create connection
$conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE table_name SET name = ? WHERE id= ?";
$update = $conn->prepare($sql);
$update->bind_param('si', $value, $id);
$update->execute();
if ($update->affected_rows > 0) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
}
