我正在尝试在MySQL数据库生成的列表中编辑项目。这是代码:
<?php
// contact to database
$connect = mysql_connect("<HOST>", "<USER>", "<PASSWORD>") or die ("Error , check your server connection.");
mysql_select_db("tvc");
?>
<html>
<head>
<title></title>
</head>
<body>
<?php
$result = mysql_query("UPDATE closet SET
pattern = '{$_POST['pattern']}'
WHERE id='{$_POST['id']}'") or die ("Error in query");
// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='patterns.php'>Back to Patterns List</a>";
}
else {
echo "ERROR";
}
?>
</body>
</html>
我会收到"查询中的错误"错误消息,我无法弄清楚是什么原因。
任何帮助将不胜感激!
您忘了在WHERE
,
更改
$result = mysql_query("UPDATE closet SET
pattern = '{$_POST['pattern']}',
WHERE id='{$_POST['id']}'") or die ("Error in query");
to
$pattern = mysql_real_escape_string($_POST['pattern']);
$id= mysql_real_escape_string($_POST['id']);
$result = mysql_query("UPDATE closet SET
pattern = '".$pattern."' WHERE id='".$id."'") or
die("Could not connect: " . mysql_error());
建议:
1.学习以防止MySQL注射:良好的链接
2.不建议编写新代码。相反,应使用MySQLI或PDO_MYSQL扩展名。更多阅读:PHP手册