php - PHPでテーブルを更新してテーブルに挿入する問題

Question

[追加]リンクをクリックするとテーブルにデータを入力する必要があり、[編集]リンクをクリックすると既存のデータを更新する必要があります。

$ _POSTは、どちらの条件でもデータを受信します。しかし、天気に基づいて、私のクエリはEDIT（更新）またはAdd（挿入）を実行する必要があります。

私はそれをどのようにすべきかについて混乱しています。

これはコードのセクションです。（現在、EDITも挿入クエリを実行します。これは、常に他の部分で行われるためです）

if ($count==0)
    {
        if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

            //if($addval == 1)
            {
             mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');    
                     $addval=1;
            }
        else
           //if ($addval == 1)
             {
             mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
             }
             header('Location:'.$page);
             }

       }

完全なコードは

<!DOCTYPE html>
<html>
    <head>
        <title>List of users</title>
    </head>
<body>
    <?php
        $page='index.php';  
        $addval=6;

        mysql_connect("localhost","root","") or die (mysql_error());
        mysql_select_db("list") or die (mysql_error());

        if (empty($_POST) === false)
        {
            $count=0;
            $fname= $_POST['fname'];
            $lname= $_POST['lname'];
            $srno=  $_POST['SRNO'];
            $address=$_POST['address'];
            $comments=$_POST['comments'];
            $email=$_POST['email'];
            $phone=$_POST['phone'];

                if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
                {
                    echo '<h3>All fields are mandatory</h3>';

                }
                else
                {
                        if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
                        {
                            echo '<h3>This is not a valid e-mail address.</h3><br />';
                            $count=$count+1;
                        }
                        if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
                        {
                            echo '<h3>Name should contain character only!</h3><br />';
                            $count=$count+1;
                        }
                        if( !is_numeric($phone) ) 
                        {
                                echo '<h3>Please enter a valid phone number</h3><br />';
                                $count=$count+1;
                        }
                        if ($count==0)
                        {
                            if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

                            //if($addval == 1)
                            {
                                mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');   
                                $addval=1;
                            }
                            else
                            //if ($addval == 1)
                            {
                                mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
                            }
                            header('Location:'.$page);
                        }

                }
        }

        if(isset($_GET['delete']))
        {

            mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
            header('Location:'.$page);
        }

        if(isset($_GET['edit']))
        {
            $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));

            echo '<table border=0>';
            while ($get_row=mysql_fetch_assoc($getedit))
                {
                    echo '<form method="POST" action="">';

                    echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
                    echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
                    echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
                    echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
                    echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
                    echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
                    echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
                    echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                    echo '</form>';                                 
                }
            echo '</table>';

        }

        if(isset($_GET['add']))
        {
            echo '<table border=0>';

                    echo '<form method="POST" action="">';

                    echo '<tr><td>Sr.No:</td><td><input type="text"  name="SRNO" readonly="readonly"></td></tr>';
                    echo '<tr><td>First Name:</td><td><input type="text"  name="fname"></td></tr>';
                    echo '<tr><td>Last Name:</td><td><input type="text"  name="lname"></td></tr>';
                    echo '<tr><td>Phone No:</td><td><input type="text"  name="phone"></td></tr>';
                    echo '<tr><td>E-mail address:</td><td><input type="text"  name="email"</td></tr>';
                    echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
                    echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
                    echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                    echo '</form>';                                 

            echo '</table>';


        }

        echo '<a href=index.php?add=add>Add new entry...</a>';

        $get=mysql_query('SELECT  SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');

        if (mysql_num_rows($get)==0)
        {
            echo 'There are no entries';
        }
            else
        {
            echo '<table border=0 cellspacing=25 cellpadding=1>';
            echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';      
            while($get_row=mysql_fetch_assoc($get))
                {
                    echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';

                }
            echo '</table>';
        }       
    ?>

</body> 
</html>

score 1 · Accepted Answer

if (mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

データベースに対して値をチェックするための間違った方法です。mysql_query()
のマニュアルエントリを読んで、実際に何がこの関数を返すかを確認してください。

あなたのコードがSQLインジェクションに対して広く開かれていることは言うまでもありません

また、変数名のすべてのタイプミスを通知するには、エラー報告をオンにする必要があります。

error_reporting(E_ALL);

すべてのスクリプトの先頭に

score -1 · Accepted Answer

私はコードを変更しようとしました...この助けを願っています..試してみてください

 <!DOCTYPE html>
<html>

<head>
    <title>List of users</title>
  </head>
<body>

   <?php
       $page='index.php';  
       $addval=6;

    mysql_connect("localhost","root","welcome") or die (mysql_error());
    //mysql_select_db("list") or die (mysql_error());

    if (empty($_POST) === false)
    {
        $count=0;
        $fname= $_POST['fname'];
        $lname= $_POST['lname'];
        $srno=  $_POST['SRNO'];
        $address=$_POST['address'];
        $comments=$_POST['comments'];
        $email=$_POST['email'];
        $phone=$_POST['phone'];

            if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
            {
                echo '<h3>All fields are mandatory</h3>';

            }
            else
            {
                    if (filter_var($email,FILTER_VALIDATE_EMAIL) === false)
                    {
                        echo '<h3>This is not a valid e-mail address.</h3><br />';
                        $count=$count+1;
                    }
                    if (ctype_alpha($fname) === false || ctype_alpha($lname) === false)
                    {
                        echo '<h3>Name should contain character only!</h3><br />';
                        $count=$count+1;
                    }
                    if( !is_numeric($phone) ) 
                    {
                            echo '<h3>Please enter a valid phone number</h3><br />';
                            $count=$count+1;
                    }
                    if ($count==0)
                    {
                        if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)
                      // condition for update
                        if(isset($_GET['edit']))
                        {
                            mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'"  where SRNO="'.$srno.'"');   
                            $addval=1;
                        }
             //condition for add  
                        else if(isset($_GET['add']))
                        {
                            mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')");
                        }
                        header('Location:'.$page);
                    }

            }
    }

    if(isset($_GET['delete']))
    {

        mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete']));
        header('Location:'.$page);
    }

    if(isset($_GET['edit']))
    {
        $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit']));

        echo '<table border=0>';
        while ($get_row=mysql_fetch_assoc($getedit))
            {
                echo '<form method="POST" action="">';

                echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>';
                echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>';
                echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>';
                echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>';
                echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>';
                echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>';
                echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>';
                echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                echo '</form>';                                 
            }
        echo '</table>';

    }

    if(isset($_GET['add']))
    {
        echo '<table border=0>';

                echo '<form method="POST" action="">';

                echo '<tr><td>Sr.No:</td><td><input type="text"  name="SRNO" readonly="readonly"></td></tr>';
                echo '<tr><td>First Name:</td><td><input type="text"  name="fname"></td></tr>';
                echo '<tr><td>Last Name:</td><td><input type="text"  name="lname"></td></tr>';
                echo '<tr><td>Phone No:</td><td><input type="text"  name="phone"></td></tr>';
                echo '<tr><td>E-mail address:</td><td><input type="text"  name="email"</td></tr>';
                echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>';
                echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>';
                echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>';
                echo '</form>';                                 

        echo '</table>';


    }

    echo '<a href=index.php?add=add>Add new entry...</a>';

    $get=mysql_query('SELECT  SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC');

    if (mysql_num_rows($get)==0)
    {
        echo 'There are no entries';
    }
        else
    {
        echo '<table border=0 cellspacing=25 cellpadding=1>';
        echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';      
        while($get_row=mysql_fetch_assoc($get))
            {
                echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>';

            }
        echo '</table>';
    }       
?>

php - PHPでテーブルを更新してテーブルに挿入する問題

2 に答える 2

Related

Reference