JTable PHP 更新不工作
JTable PHP Update Not Working
我下载了 JTable PHP 演示文件并修改了代码。这是我的做法..
enter code here //Prepare jTable
$('#PeopleTableContainer').jtable({
title: 'User Maintenance',
actions: {
listAction: 'PersonActions.php?action=list',
createAction: 'PersonActions.php?action=create',
updateAction: 'PersonActions.php?action=update',
deleteAction: 'PersonActions.php?action=delete'
},
fields: {
strUsrName: {
key: true,
create: false,
edit: false,
list: true,
title: 'UserName'
},
strUsrFName: {
title: 'FirstName',
width: '10%'
},
strUsrMName: {
title: 'MiddleName',
width: '10%'
},
dtmUsrCreated: {
title: 'Record date',
width: '30%',
type: 'date',
create: false,
edit: false
}
}
});
这是我的查询...
//Updating a record (updateAction)
else if($_GET["action"] == "update")
{
//Update record in database
$result = mysql_query("UPDATE tbluser SET strUsrFName = '" . $_POST["strUsrFName"] . "', strUsrMName = " . $_POST["strUsrMName"] . " WHERE strUsrName = " . $_POST["strUsrName"] . ";") or die('ERROR: '.mysql_error());
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
print json_encode($jTableResult);
}
我的主要问题是:当我删除 die() 时,table 更新了它上面的数据但它没有更新数据库中的数据所以我猜错误在查询中或者可能在主键中。有人可以帮我吗?
您的查询不正确。您需要使用引号来确保将字符串值传递给非数字列。您的查询应如下所示:
$result = mysql_query("UPDATE tbluser SET strUsrFName = '" . $_POST["strUsrFName"] . "', strUsrMName = '" . $_POST["strUsrMName"] . "' WHERE strUsrName = '" . $_POST["strUsrName"] . "';") or die('ERROR: '.mysql_error());
正如我在评论中所说,不要再使用 mysql_query。它已被弃用并暴露于 sql 注入。
如果您使用 prepared statements,您就不会再遇到 quote 问题。
$sql = "UPDATE tbluser SET strUsrFName = :strUsrFName, strUsrMName = :strUsrMName WHERE strUsrName = :strUsrName;";
$sth = $pdo->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(":strUsrFName" => $_POST["strUsrFName"], ":strUsrMName" => $_POST["strUsrMName"], ":strUsrName" => $_POST["strUsrName"]));
我下载了 JTable PHP 演示文件并修改了代码。这是我的做法..
enter code here //Prepare jTable
$('#PeopleTableContainer').jtable({
title: 'User Maintenance',
actions: {
listAction: 'PersonActions.php?action=list',
createAction: 'PersonActions.php?action=create',
updateAction: 'PersonActions.php?action=update',
deleteAction: 'PersonActions.php?action=delete'
},
fields: {
strUsrName: {
key: true,
create: false,
edit: false,
list: true,
title: 'UserName'
},
strUsrFName: {
title: 'FirstName',
width: '10%'
},
strUsrMName: {
title: 'MiddleName',
width: '10%'
},
dtmUsrCreated: {
title: 'Record date',
width: '30%',
type: 'date',
create: false,
edit: false
}
}
});
这是我的查询...
//Updating a record (updateAction)
else if($_GET["action"] == "update")
{
//Update record in database
$result = mysql_query("UPDATE tbluser SET strUsrFName = '" . $_POST["strUsrFName"] . "', strUsrMName = " . $_POST["strUsrMName"] . " WHERE strUsrName = " . $_POST["strUsrName"] . ";") or die('ERROR: '.mysql_error());
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
print json_encode($jTableResult);
}
我的主要问题是:当我删除 die() 时,table 更新了它上面的数据但它没有更新数据库中的数据所以我猜错误在查询中或者可能在主键中。有人可以帮我吗?
您的查询不正确。您需要使用引号来确保将字符串值传递给非数字列。您的查询应如下所示:
$result = mysql_query("UPDATE tbluser SET strUsrFName = '" . $_POST["strUsrFName"] . "', strUsrMName = '" . $_POST["strUsrMName"] . "' WHERE strUsrName = '" . $_POST["strUsrName"] . "';") or die('ERROR: '.mysql_error());
正如我在评论中所说,不要再使用 mysql_query。它已被弃用并暴露于 sql 注入。 如果您使用 prepared statements,您就不会再遇到 quote 问题。
$sql = "UPDATE tbluser SET strUsrFName = :strUsrFName, strUsrMName = :strUsrMName WHERE strUsrName = :strUsrName;";
$sth = $pdo->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(":strUsrFName" => $_POST["strUsrFName"], ":strUsrMName" => $_POST["strUsrMName"], ":strUsrName" => $_POST["strUsrName"]));