【发布时间】:2014-07-23 14:42:11
【问题描述】:
我正在制作一个表单来更新我的 MySQL 数据库,但由于某种原因,我在浏览器中收到以下错误:
C:\wamp\www\Helpdeskapplicatie\update_hardware.php on line 49
谁能告诉我我做错了什么??
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/layout.css"/>
</head>
<body>
<div id="menu">
<div id="menu_wrapper">
<ul>
<li>Configuratiebeheer<img src="afb/pijltje.png" width="10"/></a>
<ul>
<li><a href="configuratiebeheer_hardware.php">Lijst hardware</a></li>
<li><a href="hardware_toevoegen.php">Hardware toevoegen</a></li>
<li><a href="hardware_verwijderen.php">Hardware verwijderen</a></li>
</ul>
</li>
</ul>
</div>
</div>
<?php
$connect=mysql_connect("localhost", "root","");
mysql_select_db("helpdesk_middenpolder", $connect);
$id=$_GET['id'];
$q="SELECT * FROM hardware WHERE hardwareID=$id";
$r=mysql_query($q);
echo "<table border='1'>";
echo "<th>merknaam</th><th>producttype</th><th>hardwaretype</th>";
while ($x=mysql_fetch_array($r)){
echo "<tr>";
echo "<td>";
echo "<input type='text' value='".$x['merknaam']."'>";
echo "</td>";
echo "<td>";
echo "<input type='text' value='".$x['producttype']."'>";
echo "</td>";
echo "<td>";
echo "<input type='text' value='".$x['hardwaretype']."'>";
echo "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($connect);
?>
<?php
if(isset($_POST['updatehardware'])){
$query = "UPDATE hardware SET merknaam='".$x['merknaam']."', producttype='".$x['producttype']."', hardwaretype='".$x['hardwaretype']."' WHERE hardwareID='".$id['id']."'";
mysql_query($query);
}
?>
<form method="post">
<input type="submit" name="updatehardware" value="Hardware updaten">
</form>
</body>
</html>
【问题讨论】:
-
在该行中使用
$id而不是$id['id'] -
您没有对用于构建 SQL 查询的数据进行输入验证。这很容易以灾难告终,因为我可以将任何我想要的值放在那里,包括 SQL 命令。 xkcd.com/327