使用PHP Form将数据更新到MySql数据库 [英] Updating data into MySql database using PHP Form
问题描述
只要我用在页面开头定义的随机字符串更新数据库,它就可以正常工作。但是,当我尝试使用$ _POST ['text']从表单接收数据库时,数据库中的值没有更新。
我真的有不知道问题是什么,所以我希望有人能够帮助我完成这项工作。请让我知道如果我的问题不够清楚。
test.php
< HTML>
< head>
< script type =text / javascriptsrc =./ js / tinymce / tinymce.min.js>< / script>
< script type =text / javascript>
tinymce.init(
selector:textarea,
plugins:'advlist autolink autoresize autosave link image lists charmap media paste preview spellchecker',
image_advtab:true
});
< / script>
< / head>
< body>
<?php
$ con = mysqli_connect(example.com,test,abc123,my_db);
//检查连接
if(mysqli_connect_errno())
{
echo无法连接到MySQL:。 mysqli_connect_error();
$ result = mysqli_query($ con,SELECT content FROM page_content WHERE page ='Zangpedagoog');
while($ row = mysqli_fetch_array($ result))
{
$ text = $ row ['content'];
}
?>
< form method =postaction =./ send.php>
< textarea name =textwidth =100%>
<?php echo $ text?>
< / textarea>
< input id =submitname =submittype =submitvalue =Send>< / form>< / body>< / html>
send.php
<?php
$ update = $ _POST ['text'];
echo $ update;
$ random ='123456';
echo $ random;
$ con = mysql_connect(example.com,test,abc123,my_db);
//检查连接
if(!$ con)
{
echo无法连接到MySQL:。 mysql_connect_error();
}
mysql_query(UPDATE page_content SET content = $ update WHERE page ='Zangpedagoog',$ con);
mysql_close($ con);
?>
我猜这是在这里:
mysql_query(UPDATE page_content SET content = $ update WHERE page ='Zangpedagoog',$ con);
您正在将$ update直接放入字符串中。
这是非常危险和愚蠢的,但这不是你的目的。
我猜,真正导致错误的是缺少$更新。
现在,get的值直接放入查询中,而不是作为字符串,我认为您需要。
请记住,这是非常开放的SQL注入!
修正码:
mysql_query(UPDATE page_content SET content ='$ update'WHERE page ='Zangpedagoog' ,$ CON);
I hope there is someone who can help me. I'm trying to update data into a MySql database using a PHP form with a textarea. As long as I update the database with a random string, which is defined at the beginning of the page, it works fine. But when I try to update the database with the $_POST['text'] I receive from the form, the value in the database is not updated.
I really have no idea what the problem is, so I hope there is someone who can help me to make this work. Please let me know if my question isn't clear enough.
test.php
<html>
<head>
<script type="text/javascript" src="./js/tinymce/tinymce.min.js"></script>
<script type="text/javascript">
tinymce.init({
selector: "textarea",
plugins : 'advlist autolink autoresize autosave link image lists charmap media paste preview spellchecker',
image_advtab: true
});
</script>
</head>
<body>
<?php
$con=mysqli_connect("example.com","test","abc123","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT content FROM page_content WHERE page = 'Zangpedagoog'");
while($row = mysqli_fetch_array($result))
{
$text=$row['content'] ;
}
?>
<form method="post" action="./send.php">
<textarea name="text" width="100%">
<?php echo $text ?>
</textarea>
<input id="submit" name="submit" type="submit" value="Send"></form></body></html>
send.php
<?php
$update = $_POST['text'];
echo $update;
$random = '123456';
echo $random;
$con=mysql_connect("example.com","test","abc123","my_db");
// Check connection
if (!$con)
{
echo "Failed to connect to MySQL: " . mysql_connect_error();
}
mysql_query("UPDATE page_content SET content=$update WHERE page='Zangpedagoog'",$con);
mysql_close($con);
?>
I guess it's here:
mysql_query("UPDATE page_content SET content=$update WHERE page='Zangpedagoog'",$con);
You are putting $update directly in the string. That is very dangerous and stupid, but that's not what you came for. The thing that is really causing an error, I guess, is the lack of ''s around $update. Now the value get's directly put into the query, instead of as a string, what I think you want. Keep in mind that this is very open for SQL injections! Fixed code:
mysql_query("UPDATE page_content SET content='$update' WHERE page='Zangpedagoog'",$con);
这篇关于使用PHP Form将数据更新到MySql数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!