2. 질의 응답
  3. 테이블 업데이트 및 PHP의 테이블 삽입 문제

테이블 업데이트 및 PHP의 테이블 삽입 문제

2013-03-12 3 views
-1

링크 추가를 클릭하면 편집 링크를 클릭 할 때 기존 데이터를 업데이트해야합니다. 테이블에 데이터를 입력해야합니다.테이블 업데이트 및 PHP의 테이블 삽입 문제

$ _POST는 두 가지 조건에서 데이터를 수신합니다. 날씨에 따라 EDIT (업데이트) 또는 Add (삽입) 쿼리가 실행되어야합니다.

내가 어떻게해야하는지 혼란 스럽다.

이것은 코드의 섹션입니다.

if ($count==0) 
    { 
     if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true) 

      //if($addval == 1) 
      { 
      mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"');  
        $addval=1; 
      } 
     else 
      //if ($addval == 1) 
      { 
      mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')"); 
      } 
      header('Location:'.$page); 
      } 

     }

전체 코드는

<!DOCTYPE html> 
<html> 
    <head> 
     <title>List of users</title> 
    </head> 
<body> 
    <?php 
     $page='index.php'; 
     $addval=6; 

     mysql_connect("localhost","root","") or die (mysql_error()); 
     mysql_select_db("list") or die (mysql_error()); 

     if (empty($_POST) === false) 
     { 
      $count=0; 
      $fname= $_POST['fname']; 
      $lname= $_POST['lname']; 
      $srno= $_POST['SRNO']; 
      $address=$_POST['address']; 
      $comments=$_POST['comments']; 
      $email=$_POST['email']; 
      $phone=$_POST['phone']; 

       if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
       { 
        echo '<h3>All fields are mandatory</h3>'; 

       } 
       else 
       { 
         if (filter_var($email,FILTER_VALIDATE_EMAIL) === false) 
         { 
          echo '<h3>This is not a valid e-mail address.</h3><br />'; 
          $count=$count+1; 
         } 
         if (ctype_alpha($fname) === false || ctype_alpha($lname) === false) 
         { 
          echo '<h3>Name should contain character only!</h3><br />'; 
          $count=$count+1; 
         } 
         if(!is_numeric($phone)) 
         { 
           echo '<h3>Please enter a valid phone number</h3><br />'; 
           $count=$count+1; 
         } 
         if ($count==0) 
         { 
          if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true) 

          //if($addval == 1) 
          { 
           mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"'); 
           $addval=1; 
          } 
          else 
          //if ($addval == 1) 
          { 
           mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')"); 
          } 
          header('Location:'.$page); 
         } 

       } 
     } 

     if(isset($_GET['delete'])) 
     { 

      mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete'])); 
      header('Location:'.$page); 
     } 

     if(isset($_GET['edit'])) 
     { 
      $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit'])); 

      echo '<table border=0>'; 
      while ($get_row=mysql_fetch_assoc($getedit)) 
       { 
        echo '<form method="POST" action="">'; 

        echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>'; 
        echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>'; 
        echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>'; 
        echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>'; 
        echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>'; 
        echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>'; 
        echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>'; 
        echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>'; 
        echo '</form>';         
       } 
      echo '</table>'; 

     } 

     if(isset($_GET['add'])) 
     { 
      echo '<table border=0>'; 

        echo '<form method="POST" action="">'; 

        echo '<tr><td>Sr.No:</td><td><input type="text" name="SRNO" readonly="readonly"></td></tr>'; 
        echo '<tr><td>First Name:</td><td><input type="text" name="fname"></td></tr>'; 
        echo '<tr><td>Last Name:</td><td><input type="text" name="lname"></td></tr>'; 
        echo '<tr><td>Phone No:</td><td><input type="text" name="phone"></td></tr>'; 
        echo '<tr><td>E-mail address:</td><td><input type="text" name="email"</td></tr>'; 
        echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>'; 
        echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>'; 
        echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>'; 
        echo '</form>';         

      echo '</table>'; 


     } 

     echo '<a href=index.php?add=add>Add new entry...</a>'; 

     $get=mysql_query('SELECT SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC'); 

     if (mysql_num_rows($get)==0) 
     { 
      echo 'There are no entries'; 
     } 
      else 
     { 
      echo '<table border=0 cellspacing=25 cellpadding=1>'; 
      echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';  
      while($get_row=mysql_fetch_assoc($get)) 
       { 
        echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>'; 

       } 
      echo '</table>'; 
     }  
    ?> 

</body> 
</html>

출처

2013-03-12 Coutinho Nigel

+0

는 mysql_로 * 기능을 사용하지 마십시오보십시오. 그들은 더 이상 사용되지 않습니다. – hjpotter92

+0

확인. 레이첼. 감사. 나는 그 부분을 제거했다. : D –

답변

-1

모든 스크립트의 상단에

error_reporting(E_ALL);

... 희망이 도움이 ..하시기 바랍니다

<!DOCTYPE html> 
<html> 

<head> 
    <title>List of users</title> 
    </head> 
<body> 

    <?php 
     $page='index.php'; 
     $addval=6; 

    mysql_connect("localhost","root","welcome") or die (mysql_error()); 
    //mysql_select_db("list") or die (mysql_error()); 

    if (empty($_POST) === false) 
    { 
     $count=0; 
     $fname= $_POST['fname']; 
     $lname= $_POST['lname']; 
     $srno= $_POST['SRNO']; 
     $address=$_POST['address']; 
     $comments=$_POST['comments']; 
     $email=$_POST['email']; 
     $phone=$_POST['phone']; 

      if (empty($lname) === true || empty($fname) === true || empty($address) === true || empty($comments) === true || empty($email) === true || empty($phone) === true) 
      { 
       echo '<h3>All fields are mandatory</h3>'; 

      } 
      else 
      { 
        if (filter_var($email,FILTER_VALIDATE_EMAIL) === false) 
        { 
         echo '<h3>This is not a valid e-mail address.</h3><br />'; 
         $count=$count+1; 
        } 
        if (ctype_alpha($fname) === false || ctype_alpha($lname) === false) 
        { 
         echo '<h3>Name should contain character only!</h3><br />'; 
         $count=$count+1; 
        } 
        if(!is_numeric($phone)) 
        { 
          echo '<h3>Please enter a valid phone number</h3><br />'; 
          $count=$count+1; 
        } 
        if ($count==0) 
        { 
         if(mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true) 
         // condition for update 
         if(isset($_GET['edit'])) 
         { 
          mysql_query('update names set fname="'.$fname.'", lname="'.$lname.'", address="'.$address.'", comments="'.$comments.'", email="'.$email.'", phone="'.$phone.'" where SRNO="'.$srno.'"'); 
          $addval=1; 
         } 
      //condition for add 
         else if(isset($_GET['add'])) 
         { 
          mysql_query("INSERT INTO names (fname,lname,phone,email,comments,address) VALUES ('$fname', '$lname','$phone','$email','$comments','$address')"); 
         } 
         header('Location:'.$page); 
        } 

      } 
    } 

    if(isset($_GET['delete'])) 
    { 

     mysql_query('DELETE from names where SRNO='.mysql_real_escape_string((int)$_GET['delete'])); 
     header('Location:'.$page); 
    } 

    if(isset($_GET['edit'])) 
    { 
     $getedit=mysql_query('SELECT SRNO, fname, lname, phone, email, address, comments from names where SRNO='.mysql_real_escape_string((int)$_GET['edit'])); 

     echo '<table border=0>'; 
     while ($get_row=mysql_fetch_assoc($getedit)) 
      { 
       echo '<form method="POST" action="">'; 

       echo '<tr><td>Sr.No:</td><td><input type="text" value='.$get_row['SRNO'].' name="SRNO" readonly="readonly"></td></tr>'; 
       echo '<tr><td>First Name:</td><td><input type="text" value='.$get_row['fname'].' name="fname"></td></tr>'; 
       echo '<tr><td>Last Name:</td><td><input type="text" value='.$get_row['lname'].' name="lname"></td></tr>'; 
       echo '<tr><td>Phone No:</td><td><input type="text" value='.$get_row['phone'].' name="phone"></td></tr>'; 
       echo '<tr><td>E-mail address:</td><td><input type="text" value='.$get_row['email'].' name="email"</td></tr>'; 
       echo '<tr><td>Address:</td><td><textarea name="address" rows=4>'.$get_row['address'].'</textarea></td></tr>'; 
       echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4>'.$get_row['comments'].'</textarea></td></tr>'; 
       echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>'; 
       echo '</form>';         
      } 
     echo '</table>'; 

    } 

    if(isset($_GET['add'])) 
    { 
     echo '<table border=0>'; 

       echo '<form method="POST" action="">'; 

       echo '<tr><td>Sr.No:</td><td><input type="text" name="SRNO" readonly="readonly"></td></tr>'; 
       echo '<tr><td>First Name:</td><td><input type="text" name="fname"></td></tr>'; 
       echo '<tr><td>Last Name:</td><td><input type="text" name="lname"></td></tr>'; 
       echo '<tr><td>Phone No:</td><td><input type="text" name="phone"></td></tr>'; 
       echo '<tr><td>E-mail address:</td><td><input type="text" name="email"</td></tr>'; 
       echo '<tr><td>Address:</td><td><textarea name="address" rows=4></textarea></td></tr>'; 
       echo '<tr><td>Comments:</td><td><textarea name="comments" rows=4></textarea></td></tr>'; 
       echo '<tr><td><input type="submit" name="submit" value="save"></td><td><a href="index.php">Cancel</a></td></tr>'; 
       echo '</form>';         

     echo '</table>'; 


    } 

    echo '<a href=index.php?add=add>Add new entry...</a>'; 

    $get=mysql_query('SELECT SRNO, fname, lname, email, phone, address, comments from names ORDER BY SRNO ASC'); 

    if (mysql_num_rows($get)==0) 
    { 
     echo 'There are no entries'; 
    } 
     else 
    { 
     echo '<table border=0 cellspacing=25 cellpadding=1>'; 
     echo'<tr><th>Sr. No</th><th>First Name</th><th>Last Name</th><th>Phone No</th><th>E-mail</th><th>Address</th><th>Comments!!</th><th>Modify</th><th>Delete!</th></tr>';  
     while($get_row=mysql_fetch_assoc($get)) 
      { 
       echo '<tr><td>'.$get_row['SRNO'].'</td><td>'.$get_row['fname'].'</td><td>'.$get_row['lname'].'</td><td>'.$get_row['phone'].'</td><td>'.$get_row['email'].'</td><td>'.$get_row['address'].'</td><td>'.$get_row['comments'].'</td><td><a href="index.php?edit='.$get_row['SRNO'].'">Edit</a></td><td><a href="index.php?delete='.$get_row['SRNO'].'">Delete</a></td></tr>'; 

      } 
     echo '</table>'; 
    }  
?>

출처

2013-03-12 11:40:22 alwaysLearn

+0

고마워. 내가 변경 한 두 개의 if 문을 추가했습니다. –

+0

나의 기쁨 .... – alwaysLearn

1 
if (mysql_query('SELECT SRNO from names where SRNO='.$SRNO) === true)

이 데이터베이스에 대해 값을 확인하는 잘못된 방법이다 (항상 다른 부분에 간다 현재 편집에 너무 삽입 쿼리를 실행).
실제로 코드가 SQL 인젝션 또한

에 활짝 열려 있음을 언급이 작동하지

을 반환 무엇을 볼 수 mysql_query()에 대한 매뉴얼 항목을 참조하십시오, 당신은 오류가보고 설정해야 통지한다 변수 이름의 모든 오타 : 나는 코드를 수정하는 것을 시도했다

출처

2013-03-12 11:34:33

+0

고마워 ... 나는 그것을 추가했다 : D –

관련 문제

 관련 문제