大家好,所以我正在尝试允许用户在提交数据后编辑他们的数据。我有一个使用自动递增主键设置的员工表。正是我的这段代码让我很麻烦//getting id from url
$StaffID = $_GET['StaffID'];
我一生都无法弄清楚它有什么问题,因为语法似乎是正确的。它告诉我索引是未识别的。
<?php
// including the database connection file
include_once("connect.php");
if(isset($_POST['update']))
{
$StaffID = $_POST['StaffID'];
// checking empty fields
if(empty($Name) || empty($Address) || empty($Telephone) || empty($BusinessID)) {
if(empty($Name)) {
echo "<font color='red'>Name field is empty.</font><br/>";
}
if(empty($Address)) {
echo "<font color='red'>Age field is empty.</font><br/>";
}
if(empty($Telephone)) {
echo "<font color='red'>Email field is empty.</font><br/>";
}
if(empty($BusinessID)){
echo "<font color='red'>Email field is empty.</font><br>/";
}
} else {
//updating the table
$result = mysqli_query($conn, "UPDATE staff SET Name='$Name',Address='$Address',Telephone='$Telephone', BusinessID='$BusinessID' WHERE StaffID = $StaffID");
//redirectig to the display page. In our case, it is index.php
header("Location: HomePHP.php");
}
}
?>
<?php
//getting id from url
$StaffID = $_GET['StaffID']; // <---- ERROR
//selecting data associated with this particular id
$result = mysqli_query($conn, "SELECT * FROM staff WHERE StaffID=$StaffID");
while($res = mysqli_fetch_array($result))
{
$Name = $res['Name'];
$Address = $res['Address'];
$Telephone = $res['Telephone'];
$BusinessID = $res['BusinessID'];
}
?>
您应该首先更改语法以防止SQL注入。我想你的问题就会得到解决。
$stmt = $mysqli->prepare("UPDATE staff SET Name= ?, Address= ?, Telephone= ?, BusinessID= ? WHERE StaffID = ?");
$stmt->bind_param( "sssii", $Name, $Address, $Telephone, $BusinessID, $StaffID);
$stmt->execute();