我正在尝试更新数据库中的记录。记录和某些字段显示在表格的页面上。按下网页中记录旁边的编辑按钮后,它将带用户到新页面,该记录的信息将显示在新页面上,该记录的数据将显示在文本框中。
我不确定是什么问题,起初我以为是变量名,但我不这么认为了。
<form action="../models/updateReview.php" method="POST">
<div class="row">
<div class="input-field">
<input type="hidden" name="reviewId" value="<?php echo $indStmt['revid']; ?>">
</div>
</div>
<div class="row">
<div class="input-field">
<input type="text" name="author" class="validate" value="<?php echo $indStmt['author']; ?>">
<label class="author">Author</label>
</div>
</div>
<div class="row">
<div class="input-field">
<input type="text" name="location" class="validate" value="<?php echo $indStmt['location']; ?>">
<label class="location">Location</label>
</div>
</div>
<div class="row">
<div class="input-field">
<input type="text" name="rating" class="validate" value="<?php echo $indStmt['rating']; ?>">
<label class="rating">Rating(1-5)</label>
</div>
</div>
<div class="row">
<div class="input-field">
<input type="text" name="review" class="validate" value="<?php echo $indStmt['review']; ?>">
<label class="review">Review</label>
</div>
</div>
<div class="row center">
<button class="btn-large black" type="submit">Edit</button>
</div>
</form>
<?php
$reviewId = trim(filter_input(INPUT_POST, 'reviewId', FILTER_SANITIZE_STRING));
$reviewName = trim(filter_input(INPUT_POST, 'author', FILTER_SANITIZE_STRING));
$reviewLocation = trim(filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING));
$reviewRating = trim(filter_input(INPUT_POST, 'rating', FILTER_SANITIZE_STRING));
$reviewMessage = trim(filter_input(INPUT_POST, 'review', FILTER_SANITIZE_STRING));
if (empty($reviewName) || empty($reviewLocation) || empty($reviewRating) || empty($reviewMessage)){
echo "Invalid Data Entry. Please check all field and try again";
}else {
require('dbConnect.php');
$statement = $connection->prepare('UPDATE tblreviews SET author = :author, location = :location, rating = :rating, review = :review WHERE revid = :reviewId');
$statement->bindValue(':author', $reviewName);
$statement->bindValue(':location', $reviewLocation);
$statement->bindParam(':rating', $reviewRating);
$statement->bindParam(':review', $reviewMessage);
$statement->execute();
header('Location: ../views/reviews.php');
}
?>
第一段代码是按下编辑按钮时出现的表单页面。第二个是我尝试更新实际记录的过程。它经过执行,并把用户带回主页,就好像它可以工作一样,但是记录实际上并未更新。
根据以上注释-您没有将reviewId绑定到该语句。这是另一种使其自动化程度更高的方法,因为如果未检测到错误,则会自动创建sql语句的参数。使用这样的方法意味着除非各种测试返回true,否则SQL不会执行。
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
/* the sql to be executed */
$sql='update `tblreviews` set `author`=:author, `location`=:location, `rating`=:rating, `review`=:review where `revid`=:reviewid';
/* fields and their filters */
$args=array(
'reviewId' => FILTER_SANITIZE_STRING,
'author' => FILTER_SANITIZE_STRING,
'location' => FILTER_SANITIZE_STRING,
'rating' => FILTER_SANITIZE_STRING,
'review' => FILTER_SANITIZE_STRING
);
/* placeholder arrays */
$errors=[];
$params=[];
/* Check that all fields are populated */
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) )$errors[]=sprintf( 'The field %s is not set', $field );
}
/* check that there are not spurious additional fields in the POST array - or ones forgotten about */
foreach( $_POST as $field ){
if( !in_array( $field, array_keys( $args ) ) )$errors[]=sprintf( 'Unknown field %s', $field );
}
/* no errors, proceed */
if( empty( $errors ) ){
/* filter the POST array & generate variables */
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
require 'dbConnect.php';
/* create the params array for use in the prepared statement - using "variable variables" */
foreach( array_keys( $args ) as $field )$params[ sprintf( ':%s', $field ) ]=${$field};
/* prepare & execute the sql statement */
$stmt=$connection->prepare( $sql );
$status=$stmt->execute( $params );
/* redirect */
exit( header( sprintf('Location: ../views/reviews.php?status=%s', $status ? 'ok' : 'error' ) ) );
}else{
/* There were errors ... */
echo "Invalid data entry. Please check all fields and try again";
printf('<pre>%s</pre>',print_r($errors,true));
}
}
?>