我有一个搜索数据库的搜索页面。搜索后,它会将结果带到一个页面,该页面有一个表单,用户可以在其中编辑条目。然而,当我试图编辑条目时,它会出现"主题编辑失败"。我看不出我做错了什么。这是edit.php。
if (isset($_POST['submit']))
{
//form was submitted
$First_Name = mysql_real_escape_string($_POST["First_Name"]);
$Last_Name = mysql_real_escape_string($_POST["Last_Name"]);
$message = "Your details have been received";
//Database Query
$query = "UPDATE subjects SET ";
$query .= "First_Name = '{$First_Name}'";
$query .= "Last_Name = '{$Last_Name}'";
$query .= "LIMIT 1";
$result = mysqli_query($connect, $query);
if($result && mysqli_affected_rows($connect) == 1)
{
//Success
echo "Subject Edited. ";
}
else
{
//failure
echo "Subject Editing failed. ";
}
}
这是表格:
<form action="edit.php" method ="post">
<p>First_Name
<?php
$fquery = $_GET['fquery'];
$lquery = $_GET['lquery'];
$fquery = htmlspecialchars($fquery);
$lquery = htmlspecialchars($lquery);
$fquery = mysql_real_escape_string($fquery);
$lquery = mysql_real_escape_string($lquery);
$raw_results = mysql_query("SELECT * FROM member
WHERE (`First_Name` = '$fquery') AND (`Last_Name` = '$lquery')") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){
$string = "";
while($results = mysql_fetch_array($raw_results)){
$string .= "<p class='"name'">".$results['First_Name']." ";
}
}
else{
$string = "No results";
}
echo $string; ?>
<input type="text" name="First_Name" value ="" />
</p>
<p>Last Name:
<?php
$fquery = $_GET['fquery'];
$lquery = $_GET['lquery'];
$fquery = htmlspecialchars($fquery);
$lquery = htmlspecialchars($lquery);
$fquery = mysql_real_escape_string($fquery);
$lquery = mysql_real_escape_string($lquery);
$raw_results = mysql_query("SELECT * FROM member
WHERE (`First_Name` = '$fquery') AND (`Last_Name` = '$lquery')") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){
$string = "";
while($results = mysql_fetch_array($raw_results)){
$string .= "<p class='"name'">".$results['Last_Name']." ";
}
}
else{
$string = "No results";
}
echo $string; ?>
<input type="text" name="Last_Name" value ="" />
</p>
提交表单后,数据库将更新查询。谢谢你的帮助!!
您的查询失败,因为您的语句中没有合适的分隔符。
参见此处
$query = "UPDATE subjects SET ";
$query .= "First_Name = '{$First_Name}'";
$query .= ",Last_Name = '{$Last_Name}'"; //<---------- Comma added (before last name)
$query .= " LIMIT 1";//<----- Space added before LIMIT
我想您的查询中需要一个逗号和额外的空格。现在您的查询如下:
UPDATE subjects SET First_Name = '{$First_Name}'Last_Name = '{$Last_Name}'LIMIT 1
当你需要它看起来像这样时:
UPDATE subjects SET First_Name = '{$First_Name}', Last_Name = '{$Last_Name}' LIMIT 1
您应该始终检查查询结果并记录错误。在这种情况下,您会被明确告知查询中存在语法错误。
您也可能是服务器,不使用一堆字符串来构建查询,甚至可能使用参数化的准备语句。在这种情况下,您可以这样编写SQL:
$query = <<<EOD
UPDATE subjects
SET First_Name = ?, Last_Name = ?
LIMIT 1
EOD;
这在代码中可读性更强。