首頁猿問僅執(zhí)行插入時(shí)無法更新城市

僅執(zhí)行插入時(shí)無法更新城市

PHP

MMMHUHU 2024-01-19 17:17:08

<?phpsession_start();include_once 'DBconfig.php';extract($_GET);$CityName = $_POST['CityName'];if (isset($CityID)){ $sql = "UPDATE city SET CityName = '$CityName', Modified = NOW() WHERE city.CityID = $CityID;";}else{ $sql = "INSERT INTO city (CityID, CityName, Created, Modified) VALUES (NULL, '$CityName', NOW(), NOW());";}$result = mysqli_query($con, $sql);if ($result){ header('location: ListCity.php');}else{ header('location: AddEditCity.php');}?>僅執(zhí)行插入塊更新不起作用 $CityID 變量來自提取函數(shù)，因此沒有命名約定問題無法解決它請(qǐng)幫助

查看完整描述

1 回答

哈士奇WWW

TA貢獻(xiàn)1799條經(jīng)驗(yàn) 獲得超6個(gè)贊

您正在從中提取$_GET（這始終是要避免的），然后$CityName從中獲取$_POST。這是不一致的，因?yàn)檎?qǐng)求不能同時(shí)是 GET 和 POST。它肯定必須是 POST 請(qǐng)求，否則插入根本無法工作。正如所評(píng)論的，您應(yīng)該使用準(zhǔn)備好的語句來避免 SQL 注入攻擊：

<?php

session_start();

include_once 'DBconfig.php';

$CityName = $_REQUEST['CityName'];

if (isset($_REQUEST['CityID']))

{

$CityID = $_REQUEST['CityID'];

$sql = "UPDATE city SET CityName = ?, Modified = NOW() WHERE city.CityID = ?";

$stmt = mysqli_prepare($con, $sql);

mysqli_stmt_bind_param($stmt, "si", $CityName, $CityID);

}

else

{

$sql = "INSERT INTO city (CityID, CityName, Created, Modified) VALUES (NULL, ?, NOW(), NOW())";

$stmt = mysqli_prepare($con, $sql);

mysqli_stmt_bind_param($stmt, "s", $CityName);

}

$result = mysqli_stmt_execute($stmt);

if ($result)

{

header('location: ListCity.php');

}

else

{

header('location: AddEditCity.php');

}

反對(duì) 回復(fù) 2024-01-19

1 回答
0 關(guān)注
167 瀏覽

關(guān)注

添加回答

舉報(bào)

0/150

提交

取消

使用 Ctrl+D 可將網(wǎng)站添加到書簽

微信客服

購課補(bǔ)貼
聯(lián)系客服咨詢優(yōu)惠詳情

幫助反饋 APP下載

慕課網(wǎng)APP
您的移動(dòng)學(xué)習(xí)伙伴

公眾號(hào)

掃描二維碼
關(guān)注慕課網(wǎng)微信公眾號(hào)

第七色在线视频,2021少妇久久久久久久久久,亚洲欧洲精品成人久久av18,亚洲国产精品特色大片观看完整版,孙宇晨将参加特朗普的晚宴

熱搜

最近搜索清空

僅執(zhí)行插入時(shí)無法更新城市

僅執(zhí)行插入時(shí)無法更新城市

1 回答

添加回答