php - 通过 mysql 更新 PHP 中的表单

Question

我正在构建一个列表，用户可以在其中更新或删除现有联系人。我创建了index.php，它成功地将联系人发送到数据库。 list.php 在表格中显示从index.php 输入的联系人列表。现在，用户应该删除或编辑每个联系人。

不幸的是，我的 edit_user.php 在点击“编辑”后返回错误: 您的 SQL 语法有错误；检查与您的 MySQL 服务器版本相对应的手册，了解在第 1 行 '' 附近使用的正确语法。 另外，当我在 list.php 中点击“编辑”时，我希望 edit_user.php 显示带有预填充联系信息的编辑表单。

我是网络开发的新手。抱歉，代码太多了。请帮助我发现我的错误。 这是config.php

<?php

$dbhost = 'mysql51-031.wc2.dfw1.stabletransit.com';
$dbuser = '549359_sargis';
$dbpass = '********';
$dbname = '549359_sargis';
$table  = 'Contacts';

$connection = mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
$select_db = mysql_select_db($dbname,$connection) or die(mysql_error());


?>

这是我的 list.php

<?php
include("config.php");
?>

<html>
<head>
    <title>Contact List</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
                <a href="index.php">Create New Contact</a><hr/>

</head>
<body>
    <?php

    $result = mysql_query("SELECT * FROM Contacts", $connection);
    $num_rows = mysql_num_rows($result);

    if($num_rows > 0)
    {

        echo "<center><h1>Contact List: (Updated)</h1><table border = '1'>";
            echo "<thead>";
                echo "<tr>";
                    echo "<th> Firstname </th>";
                    echo "<th> Lastname </th>";
                    echo "<th> Email </th>";
                    echo "<th> Phone </th>";
                    echo "<th> Date </th>";
                    echo "<th> Action </th>";
                echo "</th>";
            echo "</thead>";

            echo "<tbody>";

            $query = mysql_query("SELECT * FROM Contacts");
            while($record = mysql_fetch_array($query))
            {
                echo "<tr>";
                echo "<td>" . $record['firstname'] . "</td>";
                echo "<td>" . $record['lastname'] . "</td>";
                echo "<td>" . $record['email'] . "</td>";
                echo "<td>" . $record['phone_number'] . "</td>";
                echo "<td>" . $record['timesstamp'] . "</td>";
                echo "<td align='center'>"; ?>
                <a href="edit_user.php"><input type="hidden" name="id" value="<?php echo $id; ?>" />Edit</a>
                <?php echo "| <a href='list.php?action=delete&id=$id'>Delete</a></td>";
                echo "</tr>";
            }

            echo "</table>";
            echo "</center>";
    }
    else
        echo "<center><h4>No contacts found.</h4></center>";

    ?>

</body>
</html>

这是 edit_user.php

<?php
include("config.php");
?>

<html>
<head>
    <title>Edit User</title>
            <link rel="stylesheet" type="text/css" href="style.css" />

</head>


<?php

if(isset($_POST['submit']))
//if (isset($_POST))
{
        $id = intval($_POST['id']);
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $email = $_POST['email'];
        $phonenumber = $_POST['phonenumber'];

            $sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);
            //$sql = "UPDATE Contacts SET firstname='$firstname', lastname='$lastname', email='$email', phone_number='$phonenumber', timesstamp =NOW() WHERE id=$id";
            //print_r($_POST).'<br />';echo $sql;exit;
            $result = mysql_query($sql);

            if($result) 
            {
                header("Location: list.php");
            } 
            else 
            {
                echo "There was a problem with the query: ".mysql_error().".";
            }
}


?>
<body>
            <form action="edit_user.php?id=<?php echo $id;?>" method="POST">
                <div>
                    First name: <input type ='text' id='firstname' name='firstname' value="<?php echo $firstname; ?>"/><br />
                    Last name: <input type = 'text' id='lastname' name='lastname'value="<?php echo $lastname; ?>"/><br />
                    Email: <input type = 'text' id='email' name='email' value="<?php echo $email; ?>"/><br />
                    Phone Number: <input type = 'text' id='phone_number' name='phonenumber' value="<?php echo $phonenumber; ?>"/><br />
                    <input type = 'submit' name = 'submit' value='Update' />
                </div>
            </form>
</body>
</html>

Answer 1

通常，此错误是由于 SQL 语句中的无效字符未转义造成的。

但我建议更改一些内容。

首先移动

$id = $_POST['id'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$phonenumber = $_POST['phonenumber'];

到之后

if(isset($_POST['submit'])) {

此外，为了好玩，请更改:

$id = $_POST['id'];

至:

$id = intval($_POST['id']);

然后在 SQL 语句中将其更改为:

$sql = "UPDATE Contacts SET firstname='".mysql_real_escape_string($firstname)."', lastname='".mysql_real_escape_string($lastname)."', email='".mysql_real_escape_string($email)."', phone_number='".mysql_real_escape_string($phonenumber)."', timesstamp =NOW() WHERE id=".mysql_real_escape_string($id);