php - MYSQL を更新できません

Question

助けてください... これは PHP への私の最初の試みです... $id、$firstname などをエコーしようとしましたが、正しい結果がエコーされますが、データベースを更新できません。何が悪いのかわからない...

こちらが「profile.php」

<?
include("common.php");
include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top">
<? $link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
$email = $_SESSION['email'];
$sql = "SELECT * FROM fmcmember where email='$email'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result); ?>
   <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <form name="form4" method="post" action="update.php">
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td width="200" class="title">My Profile</td>
        <td width="300" class="title">
        </td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="id" type="hidden" value="<? echo $row[0] ?>" size="30"/></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="email">Email</td>
        <td class="email"><? echo $row[6] ?></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="content">Firstname</td>
        <td><input name="firstname" type="text" class="inputfield" value="<? echo $row[1] ?>" size="30" maxlength="40" /></td>
        <? if($row[3] == "M") { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/male.png" width="200" height="200" /></td>
        <? } else { ?>
        <td rowspan="16" align="left" valign="top">
        <img src="images/myinfo/female.jpg" width="200" height="200" /></td>
        <? } ?>

      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Lastname</td>
        <td><input name="lastname" type="text" class="inputfield" value="<? echo $row[2] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Gender</td>
        <td class="content">
          <input name="gender" type="radio"  value="M" <? if($row[3] == "M") { echo "checked"; }?> />Male
          <input name="gender" type="radio"  value="F" <? if($row[3] == "F") { echo "checked"; }?> />Female</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Date of birth</td>
        <td><input name="dob" type="text" class="inputfield" value="<? echo $row[4] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Address</td>
        <td><input name="address" type="text" class="inputfield" value="<? echo $row[5] ?>" size="30" maxlength="200" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Tel</td>
        <td><input name="tel" type="text" class="inputfield" value="<? echo $row[7] ?>" size="30" maxlength="40" /></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td class="content">Fax</td>
        <td><input name="fax" type="text" class="inputfield" value="<? echo $row[8] ?>" size="30" maxlength="40" /></td>
      </tr>
      <tr>
        <td class="content">&nbsp;</td>
        <td>&nbsp;</td>
        </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="Update" type="submit" value="Update" />
          <input name="Reset" type="button" value="Reset" onclick="javascript:document.location.href='profile.php?action=reset'"/></td>
        <td>&nbsp;</td>
      </tr>
      </form>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>

update.php

<?
include("common.php");

//得到register.php 表單的數據
$id = $_POST["id"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$gender = $_POST["gender"];
$dob = $_POST["dob"];
$address = $_POST["address"];
$tel = $_POST["tel"];
$fax = $_POST["fax"];

$link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
mysql_query($sql, $link);
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

include("header.php");
?>  
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
    <td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
    <td align="left" valign="top"><table width="100%" align="left" valign="top" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="300"><table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td class="title">&nbsp;</td>
          </tr>
          <tr>
            <td class="title">My Profile</td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td class="content">Your profile has been updated. Please return back to <a href="profile.php">my profile</a> page.</td>
          </tr>
        </table></td>
      </tr>
    </table></td>
  </tr>
</table></td>
<?
include("footer.php");
?>

score 1 · Accepted Answer

クエリの前に定義されていない変数に対してクエリを作成することはできません:

$sql = "update fmcmember set firstname='" . mysql_real_escape_string($firstname) . "', lastname='" . mysql_real_escape_string($lastname) . "', gender='" . mysql_real_escape_string($gender) . "', dob='" . mysql_real_escape_string($dob) . "', address='" . mysql_real_escape_string($address) . "', tel='" . mysql_real_escape_string($tel) . "', fax='" . mysql_real_escape_string($fax) . "' where id='" . mysql_real_escape_string($id) . "'";
mysql_query($sql, $link);

SQL クエリは安全ではありません: SQL インジェクションとは何ですか?

SQL クエリを編集しました。これで安全です。

score 0 · Accepted Answer

クエリを作成する前に、SQL クエリを定義する必要があります。update.php でこの行順序を使用します

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
mysql_query($sql, $link);

score 0 · Accepted Answer

このクエリをmysql_query($sql, $link);の上に記述します。

$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";

score 0 · Accepted Answer

0

profile.php で

$result=mysql_query($sql,$link);

于 2013-08-25T11:22:11.280 に答える

php - MYSQL を更新できません

4 に答える 4

Related

Reference