您的位置: 首页  >  技术问答  >  PHP不读取MySQL更新的名称
分类: 技术问答 2022-04-09 12:04:53
问题描述:

I'm working on a fantasy football database just for fun and I have made some progress with a PHP page but am stuck with an issue in getting data from my html data to be read by my php update script (update.php)

Here's my code for the form: 

  $servername = "localhost";
  $username = "root";
  $password = "nottelling";
  $dbname = "Football";

  // Create connection

  $conn = new mysqli($servername, $username, $password, $dbname);

  // Check connection

  if ($conn->connect_error){
    die("Connection failed: " . $conn->connect_error);
  } 

  $sqlqb = "SELECT Name_Team_Position FROM Football.2016_Players_QB;";
  $resultqb = $conn->query($sqlqb);
  echo " <form method=\"post\" action=\"update.php\"> <br> Enter Passcode:";
  echo " <input name = \"Passcode\" type = \"text\"> </input> <br><br> ";
  echo " Pick your QB: <select name='QB'> </option> "; // list box select command
  foreach ($conn->query($sqlqb) as $row){         
    // Array or records stored in $row
    echo " <option value=$row[id]>$row[Name_Team_Position]</option> "; 
    /* Option values are added by looping through the array */ 
  }  
  echo " </select> ";// Closing of list box
  echo " <br><br> <input type=\"submit\" value=\"Submit\"> </input> ";
  echo " </form> ";
  $conn->close();
 ?>

And here's update.php 

  $servername = "localhost";
  $username = "root";
  $password = "nottelling";
  $dbname = "Football";

  // Create connection

  $conn = new mysqli($servername, $username, $password, $dbname);

  // Check connection

  if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
  } 

  $value1 = $_POST['Passcode'];
  $value2 = $_POST['QB'];

  $sql = "UPDATE Football.PlayerTeams SET QB = '$value2' WHERE Password = '$value1';";

   if ($conn->query($sql) === TRUE) {
     echo "New record created successfully";
   } else {
     echo "Error: " . $sql . "<br>" . $conn->error;
   }

  $conn->close();

?>

My problem as concisely as I can put it:

This script is definitely connecting properly to the DB and executing the update query successfully. The problem is that $value1 is not receiving any value from the html form. If I insert the string "test" into the row corresponding with the passcode, and then I use the form this code producing, it runs successfully but then when I check the db "test" is gone and instead its just blank - "". Can someone help me figure out what I'm doing wrong in trying to get the drop-down value to my action script?

This is wrong:

echo " Pick your QB: <select name='QB'> </option> ";

The </option> are wrong placed

Replace: echo " Pick your QB: <select name='QB'>";

Replace: echo " <br><br> <input type=\"submit\" value=\"Submit\">";

The $row['id'] is the value that you become in your QB if your POST.

echo " <option value='TheValueYouNeededHere'>Display Name</option> ";

And for POST use filter_input — Gets a specific external variable by name and optionally filters it:

filter_input(INPUT_POST, QB, filter);

The filters you find here: http://php.net/manual/de/filter.filters.php

Copy from User:

$sql = "UPDATE Football.PlayerTeams SET QB = '".$value2."' WHERE Password = '".$value1."'";

Is more beautiful for the eyes, you must not use ".$Value." In php works without i mean, correct me when i'm wrong

Security:

Your MySQL query can easy injected. And your passwort is Visible. It gives multiple choices to avoid this.

MySQL injecton: You can replace some char's. (Char are single character) The most dangerous things you can replace with other characters. Filter Input have nice filters like htmlspecialchars. I Think you find much things if you search little :)

Password: First make <input type='password'>. Then Hash your password or pick MD5 or something to make it "unreadeble". You can set it on MySQL. With PHP u build the "secure" value. MD5 is not the best option. Its only easy to implement for beginning.

Hope this helps :)

Please try the following and let me know.

echo " Pick your QB: <select name='QB'> </option> "; // list box select command
foreach ($conn->query($sqlqb) as $row){
echo " <option value=$row[id]>$row[Name_Team_Position]</option> ";

into echo " Pick your QB: "; // list box select command while($row = $resultqb->fetch_assoc()){ echo " ".$row['Name_Team_Position']." ";

$sql = "UPDATE Football.PlayerTeams SET QB = '$value2' WHERE Password = '$value1';";

Into

$sql = "UPDATE Football.PlayerTeams SET QB = '".$value2."' WHERE Password = '".$value1."'";

Try replacing 

foreach ($conn->query($sqlqb) as $row)

{  // Array or records stored in $row

echo " <option value=$row[id]>$row[Name_Team_Position]</option> "; 

/* Option values are added by looping through the array */

with

while($row = $resultqb->fetch_assoc()) 

{  // Array or records stored in $row

echo " <option value=$row['id']>$row['Name_Team_Position']</option> "; 

/* Option values are added by looping through the array */

Edit Array index should be in strings.

Because you have nothing in you value attribute of option. Try to inspect options tag you will see your value =$row[id] which is senseless try to use this

echo " <option value='".$row['id']."'>$row['Name_Team_Position']</option> ";

or

foreach ($conn->query($sqlqb) as $row)

  { ?>

 <option value=<?php echo $row[id];?>><?php echo $row['Name_Team_Position'];?></option>


 <?php } ?>

相关推荐