0

助けてください... これは PHP への私の最初の試みです... $id、$firstname などをエコーし​​ようとしましたが、正しい結果がエコーされますが、データベースを更新できません。何が悪いのかわからない...

こちらが「profile.php」

<?
include("common.php");
include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top">
<? $link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
$email = $_SESSION['email'];
$sql = "SELECT * FROM fmcmember where email='$email'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result); ?>
   <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <form name="form4" method="post" action="update.php">
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td width="200" class="title">My Profile</td>
        <td width="300" class="title">
        </td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="id" type="hidden" value="<? echo $row[0] ?>" size="30"/></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="email">Email</td>
        <td class="email"><? echo $row[6] ?></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="content">Firstname</td>
        <td><input name="firstname" type="text" class="inputfield" value="<? echo $row[1] ?>" size="30" maxlength="40" /></td>
        <? if($row[3] == "M") { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/male.png" width="200" height="200" /></td>
        <? } else { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/female.jpg" width="200" height="200" /></td>
        <? } ?>

      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Lastname</td>
        <td><input name="lastname" type="text" class="inputfield" value="<? echo $row[2] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Gender</td>
        <td class="content">
          <input name="gender" type="radio"  value="M" <? if($row[3] == "M") { echo "checked"; }?> />Male
          <input name="gender" type="radio"  value="F" <? if($row[3] == "F") { echo "checked"; }?> />Female</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Date of birth</td>
        <td><input name="dob" type="text" class="inputfield" value="<? echo $row[4] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Address</td>
        <td><input name="address" type="text" class="inputfield" value="<? echo $row[5] ?>" size="30" maxlength="200" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Tel</td>
        <td><input name="tel" type="text" class="inputfield" value="<? echo $row[7] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Fax</td>
        <td><input name="fax" type="text" class="inputfield" value="<? echo $row[8] ?>" size="30" maxlength="40" /></td>
      </tr>
      <tr>
        <td class="content">&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="Update" type="submit" value="Update" />
          <input name="Reset" type="button" value="Reset" onclick="javascript:document.location.href='profile.php?action=reset'"/></td>
        <td>&nbsp;</td>
      </tr>
      </form>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>

update.php

<?
include("common.php");

//得到register.php 表單的數據
$id = $_POST["id"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$gender = $_POST["gender"];
$dob = $_POST["dob"];
$address = $_POST["address"];
$tel = $_POST["tel"];
$fax = $_POST["fax"];

$link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
mysql_query($sql, $link);
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top"><table width="100%" align="left" valign="top" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="300"><table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td class="title">&nbsp;</td>
          </tr>
          <tr>
            <td class="title">My Profile</td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td class="content">Your profile has been updated. Please return back to <a href="profile.php">my profile</a> page.</td>
          </tr>
        </table></td>
      </tr>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>
4

4 に答える 4

1

クエリの前に定義されていない変数に対してクエリを作成することはできません:

$sql = "update fmcmember set firstname='" . mysql_real_escape_string($firstname) . "', lastname='" . mysql_real_escape_string($lastname) . "', gender='" . mysql_real_escape_string($gender) . "', dob='" . mysql_real_escape_string($dob) . "', address='" . mysql_real_escape_string($address) . "', tel='" . mysql_real_escape_string($tel) . "', fax='" . mysql_real_escape_string($fax) . "' where id='" . mysql_real_escape_string($id) . "'";
mysql_query($sql, $link);

SQL クエリは安全ではありません: SQL インジェクションとは何ですか?

SQL クエリを編集しました。これで安全です。

于 2013-08-25T11:20:49.413 に答える
0

クエリを作成する前に、SQL クエリを定義する必要があります。update.php でこの行順序を使用します

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
mysql_query($sql, $link);
于 2013-08-25T11:12:41.807 に答える
0

このクエリをmysql_query($sql, $link);の上に記述します。

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
于 2013-08-25T11:18:48.503 に答える
0

profile.php で

$result=mysql_query($sql,$link);
于 2013-08-25T11:22:11.280 に答える