Update Database Not Working
Can an开发者_JAVA技巧yone tell me why this isn't working? Everything comes up fine but when I hit submit it doesn't update the database.
$row = mysql_fetch_array($sql);
$title = $row['title'];
$content = $row['content'];
$author = $row['author'];
$author_email = $row['author_email'];
$cat = $row['category'];
$date = $row['date'];
$id = $row['id'];
$form = "<tr><td>$id
<form action='edit.php' method='post'>
<input type='text' value='$title' name='title'><br>
<textarea name='content'>$content</textarea><br>
<input type='submit' name='submit'>
</td></tr>";
$ptitle = htmlentities($_POST['title']);
$pcontent = htmlentities($_POST['content']);
if($_POST['submit']){
if ($ptitle && $pcontent){
mysql_query("UPDATE blogdata SET id='$id', title='$ptitle', author='$author', author_email='$author_email', date='$date', category='$category', content='$pcontent' WHERE id='$id'");
}
else
echo "A forms empty.";
}
else
echo "$form";
Note first that you should not be using the values that have been submitted directly from the form without first validating them. I will not address that here, but I will address your query:
You cannot set the value of the row identifier that you plan to use in your WHERE clause; this causes a concurrency problem. Your row identifier should be immutable.
Thus, your query should look like this (reminder: I have not fixed the security related issues):
UPDATE blogdata SET title='$ptitle', author='$author',
author_email='$author_email', date='$date', category='$category',
content='$pcontent' WHERE id='$id'
Because its badly written code with bugs in it?
You should use htmlentities to escape content you are writing to the browser. You should use mysql_real_escape_string to escape content you are writing to the database. Your code should have comments in it explaining what it does. You should check the return value for mysql_query and poll mysql_error when appropriate. You shouldn't quote numeric values in your SQL.
加载中,请稍侯......
精彩评论