1

データベース内のデータを更新するために、保存された情報を含むデータを挿入したのと同じphpフォームでデータベースから情報を取得するにはどうすればよいですか:

この更新ステートメントを使用しましたが、エラーがあります:

$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation]  , Report_ID=$_GET[Report_ID]   
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID, RootCause_ID=$RootCause_ID , RiskRating_ID=$RiskRating_ID , Impact_ID=$Impact_ID ,Efforts_ID= $Efforts_ID, Likelihood_ID= $Likelihood_ID, Finding=$Finding,Implication=$Implication , Recommendation =$Recommendation  , Report_ID=$Report_ID";

これは、データを挿入して更新するフォームのコードです。

<?php
$con = mysql_connect("localhost","root","mevooo");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
?>

<form method="post"  action="test.php">
<fieldset>
<legend>Insert New Data </legend>
<p> Service Name : 
<select name="Services">
<option value="">  </option>

<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM servicetype_lookup  ");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['ServiceType_ID'];
    $value = $row['ServiceType_Name'];
    echo "<option value='$id'>$value</option>";
}
?>
</select>

</p>

Ref : <input type="text" name="ref" /><br />
Title : <input type="text" name="title" /><br />
Risk Rating : 
<select name="RiskRating">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM riskrating_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['RiskRating_ID'];
    $value = $row['RiskRating_Name'];
    echo "<option value='$id'>$value</option>";
}
?>


</select><br />
Root Cause : 
<select name="RootCause">
<option value=""> -Select- </option>

<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM rootcause_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['RiskCause_ID'];
    $value = $row['RiskCause_Title'];
    echo "<option value='$id'>$value</option>";
}
?>

</select><br />
Impact :
<select name="impact">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM impact_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Impact_ID'];
    $value = $row['Impact_Name'];
    echo "<option value='$id'>$value</option>";
}
?>

</select><br />
Likelihood :
<select name="likelihood">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM likelihood_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Likelihood_ID'];
    $value = $row['Likelihood_Name'];
    echo "<option value='$id'>$value</option>";
}
?>


</select><br/>
Efforts : 
<select name="Efforts">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM efforts_lookup");
while($row = mysql_fetch_assoc($result))  {
    $id = $row['Efforts_ID'];
    $value = $row['Efforts_Name'];
    echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Finding : <br/>
<TEXTAREA NAME="Finding" COLS=100 ROWS=10> 
</TEXTAREA>
<br/>
Implication: <br/>
<TEXTAREA NAME="Implication" COLS=100 ROWS=10> 
</TEXTAREA>
<br/>
Recommendation : <br/>
<TEXTAREA NAME="Recommendation" COLS=100 ROWS=10> 

</TEXTAREA>
<br/><input type="submit" value=" Save " onclick="window.location.href='Database.php'" />
</fieldset>
</form>
<?php
mysql_select_db("ers_1", $con);

$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation]  , Report_ID=$_GET[Report_ID]   
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND RootCause_ID=$RootCause_ID AND RiskRating_ID=$RiskRating_ID AND Impact_ID=$Impact_ID AND Efforts_ID= $Efforts_ID AND Likelihood_ID= $Likelihood_ID AND Finding=$Finding AND Implication=$Implication AND Recommendation =$Recommendation AND Report_ID=$Report_ID";

 mysql_real_escape_string($insert); 
            mysql_real_escape_string($Finding_ID);

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record updated .";

mysql_close($con);
?> 
<input type="button" value="HOME" onclick="location='Database.php'

">

そして、これはエラーです:

Notice: Undefined index: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: ServiceType_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RootCause_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RiskRating_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Impact_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Efforts_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined variable: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 126
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' ServiceType_ID=, RootCause_ID= , RiskRating_ID= , Impact_ID= ,Efforts_ID= , Lik' at line 2
4

2 に答える 2

1

WHERE の条件は、カンマの代わりに AND、OR を使用する必要があります。

WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID,....

あるべき

WHERE Finding_ID=$Finding_ID AND  ServiceType_ID=$ServiceType_ID AND ...
于 2012-08-14T09:11:35.670 に答える
0

クエリは基本的に、データベースへの歓迎の扉です。

get1 つ目:クエリ内で直接パラメーターを使用しないでください。最初は彼らと協力してください。

''2つ目:数字であっても必ず足す。追加のセキュリティを提供します。

3番目: WHERE パラメータはANDorで区切られますOR

<?php

// Convert your ID's to INT ( or other specific type you use )
$_Finding_ID = (int)$_GET['Finding_ID'];
$_ServiceType_ID = (int)$_GET['ServiceType_ID'];
$_RootCause_ID = (int)$_GET['RootCause_ID'];
$_RiskRating_ID = (int)$_GET['RiskRating_ID'];
$_Impact_ID = (int)$_GET['Impact_ID'];
$_Efforts_ID = (int)$_GET['Efforts_ID'];
$_Likelihood_ID = (int)$_GET['Likelihood_ID'];
$_Finding = (int)$_GET['Finding'];
$_Implication = (int)$_GET['Implication'];
$_Recommendation = (int)$_GET['Recommendation'];
$_Report_ID = (int)$_GET['Report_ID'];

$sql = "UPDATE
            findings
        SET
            Finding_ID = '".$_Finding_ID."',
            ServiceType_ID = '".$_ServiceType_ID."',
            RootCause_ID = '".$_RootCause_ID."',
            RiskRating_ID = '".$_RiskRating_ID."',
            Impact_ID = '".$_Impact_ID."',
            Efforts_ID = '".$_Efforts_ID."',
            Likelihood_ID = '".$_Likelihood_ID."',
            Finding = '".$_Finding."',
            Implication = '".$_Implication."',
            Recommendation = '".$_Recommendation."',
            Report_ID = '".$_Report_ID."'
        WHERE
            Finding_ID = '".$Finding_ID."'
            AND ServiceType_ID ='". $ServiceType_ID."'
            AND RootCause_ID = '".$RootCause_ID."'
            AND RiskRating_ID = '".$RiskRating_ID."'
            AND Impact_ID = '".$Impact_ID."'
            AND Efforts_ID = '".$Efforts_ID."'
            AND Likelihood_ID = '".$Likelihood_ID."'
            AND Finding = '".$Finding."'
            AND Implication = '".$Implication."'
            AND Recommendation = '".$Recommendation."'
            AND Report_ID = '".$Report_ID."'";
?>

もちろん、できる予防策は他にもたくさんありますが、最初はこれが最善の方法です。

PS: 長いクエリは、そのように分割すると、管理と読み取りが容易になります。コードをクリーンできれいに保つようにしてください。スクランブルされたコードを操作するのが好きな人はいません。

于 2012-08-14T09:27:44.503 に答える