PHP表单无法更新

Question

我目前正在制作一个客户端数据库管理系统。该系统的 mySQL 中有四个表，它们是:管理员、员工、客户和项目。项目表有一个来自客户端表的外键，即 clientid。

现在，我已经为所有这些表制作了表单，以便用户可以将数据输入到其中。奇怪的是，唯一可以成功更新的表格是员工表格。客户和项目表单根本无法更新。它返回成功，但数据没有改变。

以下是人员更新代码。

    <?php 
    include 'database.php';

    $staffid = $_GET['staffid'];
    $sql = "SELECT * FROM staff WHERE staffid='$staffid'";
    $result = mysqli_query($conn,$sql);

    while ($row=mysqli_fetch_array($result)){
      $staffname = $row['staffname'];
      $staffemail = $row['staffemail'];
      $staffphone = $row['staffphone'];
    }

   if(isset($_POST['submit'])){
     $staffname = $_POST['staffname'];
     $staffemail = $_POST['staffemail'];
     $staffphone = $_POST['staffphone'];

   $sql = "UPDATE staff SET   

    staffname='$staffname',staffemail='$staffemail',staffphone='$staffphone'  WHERE staffid='$staffid'";

    $result = mysqli_query($conn,$sql);

    if($result){
        echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
    }
    else {
        echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
    }
}
?>


<form action="" method="post">
<table class ="table1">
<tr>
<td>Staff Name:</td> <td><input type="text" name="staffname" size="50" value="<?php echo $staffname;?>"></td>
</tr>

<tr>
<td>Staff Email:</td> <td><input type="text" name="staffemail" size="50" value="<?php echo $staffemail;?>"></td>
</tr>

<tr>
<td>Staff Phone No:</td> <td><input type="text" name="staffphone" size="50" value="<?php echo $staffphone;?>"></td>
</tr>

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewstaff.php"'></td>
</table>
</form>

现在是客户端表的更新代码。

<?php 
include 'database.php';

$clientid = $_GET['clientid'];
$sql = "SELECT * FROM client WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());

while ($row=mysqli_fetch_array($result)){
    $clientid = $row['clientid'];
    $clientname = $row['clientname'];
    $clientno = $row['clientno'];
    $clientemail = $row['clientemail'];
    $clientadd = $row['clientadd'];
}

if(isset($_POST['submit'])){
    $clientid = $row['clientid'];
    $clientname = $row['clientname'];
    $clientno = $row['clientno'];
    $clientemail = $row['clientemail'];
    $clientadd = $row['clientadd'];

    $sql = "UPDATE client SET clientid='$clientid',clientname='$clientname',clientno='$clientno',clientemail='$clientemail',clientadd='$clientadd' WHERE clientid='$clientid'";

    $result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());

    if($result){
        echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
    }
    else {
        echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
    }
}
?>


<form action="" method="post">
<table class ="table1">
<tr>
<td>Client ID:</td> <td><input type="text" name="clientid" size="50" value="<?php echo $clientid;?>"></td>
</tr>

<tr>
<td>Client Name:</td> <td><input type="text" name="clientname" size="50" value="<?php echo $clientname;?>"></td>
</tr>

<tr>
<td>Client Phone No.:</td> <td><input type="text" name="clientno" size="50" value="<?php echo $clientno;?>"></td>
</tr>

<tr>
<td>Client Email:</td> <td><input type="text" name="clientemail" size="50" value="<?php echo $clientemail;?>"></td>
</tr>

<tr>
<td>Client Address:</td> <td><input type="text" name="clientadd" size="50" value="<?php echo $clientadd;?>"></td>
</tr>

<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewclient.php"'></td>
</table>
</form>

也许我很蠢或者什么，但我花了 3 个小时试图解决这个问题，我这快要哭了，哈哈。一直在阅读这里有关更新表单的所有线程，但仍然没有答案。希望这里的任何人都可以帮助我。谢谢。

Answer 1

您用于客户端表更新的代码使用以下代码:

if(isset($_POST['submit'])){
    $clientid = $row['clientid'];       // $row should be $_POST
    $clientname = $row['clientname'];   // $row should be $_POST
    $clientno = $row['clientno'];       // $row should be $_POST
    $clientemail = $row['clientemail']; // $row should be $_POST
    $clientadd = $row['clientadd'];     // $row should be $_POST

但是这些 $row 应该是 $_POST，否则更新后的数据将与之前的数据相同(因为 $row是查询 SELECT * FROM client WHERE clientid='$clientid' 的结果。您在人员表更新代码中做得正确:

 if(isset($_POST['submit'])){
     $staffname = $_POST['staffname'];
     $staffemail = $_POST['staffemail'];
     $staffphone = $_POST['staffphone'];

<小时/>

请注意，您的脚本面临 SQL Injection Attack 的风险。看看 Little Bobby Tables 发生了什么。偶if you are escaping inputs, its not safe! 。使用prepared parameterized statements相反。