我在使用PHP脚本中更新MySQL中的某些值时遇到了一些困难。当我尝试使用以下代码更新下表行(用户"鲍勃"已经输入值以计算其总分和百分比,但是他的Test3等级必须更新为100,而不是先前的值为90(:
<html>
<head></head>
<body>
<form class="form" action="" method="post">
<?php
$mysqli = new mysqli('', '', '', '');
if(isset($_POST['calculate'])) {
$name = $_POST['name'];
$test1 = $_POST['test1'];
$test2 = $_POST['test2'];
$test3 = $_POST['test3'];
$obtained = ($test1 + $test2 + $test3);
$total = 300;
$percentage = round(($obtained/$total)*100);
$result = mysqli_query($mysqli, "INSERT INTO table1 (name, test1,
test2, test3, totalobtained, totalmarks, percent)
VALUES ('$name', '$test1', '$test2', '$test3',
'$obtained', '$total', '$percentage')");
}
$conn = mysqli_connect('', '', '', '');
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "UPDATE table1 SET test3='100', totalobtained='$obtained',
percent='$percentage' WHERE name='Bob'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
mysqli_close($conn);
?>
<table>
<tr>
<th>Name of Student*:</th>
<td><input type="text" name="name"></td>
</tr>
<tr>
<th>Test 1*:</th>
<td><input type="number" name="test1"></td>
</tr>
<tr>
<th>Test 2*:</th>
<td><input type="number" name="test2"></td>
</tr>
<tr>
<th>Test 3*:</th>
<td><input type="number" name="test3"></td>
</tr>
<tr>
<th>Total Marks Obtained:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$obtained";}?>
</td>
</tr>
<tr>
<th>Total Marks:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$total";}?>
</td>
</tr>
<tr>
<th>Percentage:</th>
<td><?php if(isset($_POST['calculate'])) { echo "$percentage",
'%';}?></td>
</tr>
<tr>
<th><input type="submit" name="calculate" value="Calculate"/>
</th>
</tr>
</table>
</form>
</body>
</html>
它将测试分数的测试3从上一个90分数中更新为100,但是,它并没有提取先前的测试分数来重新计算所获得的总数和百分比。结果,它更新了总共获得的,百分比为0。有些帮助将不胜感激,因为我是MySQL和PHP的新手。谢谢!
上表:
+----+-------+-------+-------+-------+----------------+-------------+---------+
| id | name | test1 | test2 | test3 | totalobtained | totalmarks | percent |
+----+-------+-------+-------+-------+----------------+-------------+---------+
| 7 | Bob | 100 | 100 | 90 | 290 | 500 | 96 |
+----+-------+-------+-------+-------+----------------+-------------+---------+
更新的表和更新语句的表:
+----+-------+-------+-------+-------+----------------+-------------+---------+
| id | name | test1 | test2 | test3 | totalobtained | totalmarks | percent |
+----+-------+-------+-------+-------+----------------+-------------+---------+
| 7 | Bob | 100 | 100 | 100 | 0 | 500 | 0 |
+----+-------+-------+-------+-------+----------------+-------------+---------+
只是看这个我相信SQL应该是
$sql = "UPDATE table1 SET test3='100', totalobtained=$obtained,
percent=$percentage WHERE name='Bob'";
您不需要'
就像Alex Howansky指出这很容易受到SQL注入的影响。