PHP &MySQL不更新数据库 [英] PHP & MySQL does not update database

查看:44
本文介绍了PHP &MySQL不更新数据库的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

谁能看看这段代码并告诉我为什么它不更新数据库?我知道它被黑客攻击了,我是 PHP 的新手

could anyone look this code over and tell me why it doesnt update the database? I know its hacked together, I am a novice at PHP

提前致谢

<?php
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$sql="SELECT * FROM $tbl_name WHERE depot = 'plainview'";
$result=mysql_query($sql);

// Count table rows
$count=mysql_num_rows($result);

//update
if(isset($_POST['Submit'])){
for($i=0;$i<$count;$i++){

$sql1 = "UPDATE $tbl_name SET 

    available='{$_POST['available'][$i]}', 
    rent='{$_POST['rent'][$i]}', 
    corp_ready='{$_POST['corp_ready'][$i]}', 
    down='{$_POST['down'][$i]}', 
    gfs='{$_POST['gfs'][$i]}',
    dateTime = NOW()  

WHERE id='$id[$i]'"; 


$result1 = mysql_query($sql1) or die(mysql_error());
}
}

//redirect
if($result1){
header("location: plainview.php");
}



mysql_close();
?>

======================

======================

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$sql="SELECT * FROM $tbl_name WHERE depot = 'plainview'";
$result=mysql_query($sql);

// Count table rows
$count=mysql_num_rows($result);

//update
if(isset($_POST['Submit'])){
for($i=0;$i<$count;$i++){

$sql1 = "UPDATE $tbl_name SET 

available='".mysql_real_escape_string($_POST['available'][$i])."', 
rent='".mysql_real_escape_string($_POST['rent'][$i])."',  
corp_ready='".mysql_real_escape_string($_POST['corp_ready'][$i])."', 
down='".mysql_real_escape_string($_POST['down'][$i])."',  
gfs='".mysql_real_escape_string($_POST['gfs'][$i])."', 
dateTime = NOW()   
WHERE id='".$id[$i]."'";



$result1 = mysql_query($sql1) or die(mysql_error());
}
}

//redirect
if($result1){
header("location: plainview.php");
}




mysql_close();
?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script language="JavaScript1.1" type="text/javascript">
<!--
function mm_jumpmenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
<title>Untitled Document</title>
</head>

<body>

<div>
    <p>Plainview, North East Region</p>
    <p>Select a different region: <select onchange="mm_jumpmenu('parent',this,0)" name="lostlist">
                <option value="" selected="selected">Choose Your Depot</option>
                <option value="plainview.php">Plainview</option>
                <option value="worcrester.php">Worcrester</option>

                </select></p>
</div><Br />

<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="700" border="0" cellspacing="1" cellpadding="0">

<tr>
<td>ID</td>
<td align="center"><strong>Product Name</strong></td>
<td align="center"><strong>Available</strong></td>
<td align="center"><strong>Rent</strong></td>
<td align="center"><strong>Corp Ready</strong></td>
<td align="center"><strong>Down</strong></td>
<td align="center"><strong>GFS</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="left"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td>

<td align="left"><?php echo $rows['product']; ?></td>
<td align="center"><input name="available[]" type="text" id="available" value="<?php echo $rows['available']; ?>" size="5"></td>
<td align="center"><input name="rent[]" type="text" id="rent" value="<?php echo $rows['rent']; ?>" size="5"></td>
<td align="center"><input name="corp_ready[]" type="text" id="corp_ready" value="<?php echo $rows['corp_ready']; ?>" size="5"></td>
<td align="center"><input name="down[]" type="text" id="down" value="<?php echo $rows['down']; ?>" size="5" /></td>
<td align="center"><input name="gfs[]" type="text" id="gfs" value="<?php echo $rows['gfs']; ?>" size="5"></td>

</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php

echo "$sql1";

?>


</body>
</html>

推荐答案

总是转义所有用户输入.您的更新查询应类似于

Always escape all user input. Your update query should look like 

$sql1 = "UPDATE $tbl_name SET 

available='".mysql_real_escape_string($_POST['available'][$i])."', 
rent='".mysql_real_escape_string($_POST['rent'][$i])."',  
corp_ready='".mysql_real_escape_string($_POST['corp_ready'][$i])."', 
down='".mysql_real_escape_string($_POST['down'][$i])."',  
gfs='".mysql_real_escape_string($_POST['gfs'][$i])."', 
dateTime = NOW()   
WHERE id='".$id[$i]."'";

这篇关于PHP &amp;MySQL不更新数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆