使用 HTML 和 MYSQL PHP 的 CRUD 操作
CRUD OPERATION USING HTML and MYSQL PHP
注意:未定义变量:db in C:\xampp\htdocs\xampp\index1.php on line 32
Warning: mysqli_query() expects parameter 1 to be mysqli, null given
in C:\xampp\htdocs\xampp\index1.php on line 32
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result,
null given in C:\xampp\htdocs\xampp\index1.php on line 43 Notice:
Undefined variable: update in C:\xampp\htdocs\xampp\index1.php on line
69
<!DOCTYPE html>
<html>
<head>
<title>CRUD: CReate, Update, Delete PHP MySQL</title>
</head>
<body>
<?php if (isset($_SESSION['message'])): ?>
<div class="msg">
<?php
echo $_SESSION['message'];
unset($_SESSION['message']);
?>
</div>
<?php endif?>
<?php
if (isset($_GET['edit'])) {
$id = $_GET['edit'];
$update = true;
$record = mysqli_query($db, "SELECT * FROM info WHERE id=$id");
if (count($record) == 1) {
$n = mysqli_fetch_array($record);
$name = $n['name'];
$address = $n['address'];
}
}
?>
<?php
$results = mysqli_query($db, "SELECT * FROM info");?>
<table>
<thead>
<tr>
<th>Name</th>
<th>Address</th>
<th colspan="2">Action</th>
</tr>
</thead>
<?php while ($row = mysqli_fetch_array($results)) {?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['address']; ?></td>
<td>
<a href="index.php?edit=<?php echo $row['id']; ?>" class="edit_btn" >Edit</a>
</td>
<td>
<a href="server.php?del=<?php echo $row['id']; ?>" class="del_btn">Delete</a>
</td>
</tr>
<?php }?>
</table>
<form>
<form method="post" action="php_code.php" >
<input type="hidden" name="id" value="<?php echo $id; ?>">
<div class="input-group">
<label>Name</label>
<input type="text" name="name" value="">
</div>
<div class="input-group">
<label>Address</label>
<input type="text" name="address" value="">
</div>
<div class="input-group">
<?php if ($update == true): ?>
<button class="btn" type="submit" name="update" style="background: #556B2F;" >update</button>
<?php else: ?>
<button class="btn" type="submit" name="save" >Save</button>
<?php endif?>
</div>
</form>
</body>
</html>
2ND FILE
<?php
session_start();
$db = mysqli_connect('localhost', 'root', '', 'crud');
$name = "";
$address = "";
$id = 0;
$update = false;
if (isset($_POST['save'])) {
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "INSERT INTO info (name, address) VALUES ('$name', '$address')");
$_SESSION['message'] = "Address saved";
header('location: index.php');
}
if (isset($_POST['update'])) {
$id = $_POST['id'];
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "UPDATE info SET name='$name', address='$address' WHERE id=$id");
$_SESSION['message'] = "Address updated!";
header('location: index.php');
}
if (isset($_GET['del'])) {
$id = $_GET['del'];
mysqli_query($db, "DELETE FROM info WHERE id=$id");
$_SESSION['message'] = "Address deleted!";
header('location: index.php');
}
And your code is fully prone to SQL injection
阅读有关 PHP 准备好的语句的信息。
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
假设文件 1 名称为 codefile.php,包含连接的文件 2 为 connection.php 因此,写入 codefile.php include("connection.php")
将 codefile.php 中的 $db 更改为 $conn,就像 connection.php 中一样,您已经在 $conn 变量
中创建了连接
检查下方 link:
w3schools.com/php/php_includes.asp
codefile.php
<?php
include("connection.php");
$results = mysqli_query($conn, "SELECT * FROM info");
?>
<!DOCTYPE html>
<html>
<head>
<title>CRUD: CReate, Update, Delete PHP MySQL</title>
</head>
<body>
..................
..................
..................
connection.php
<?php
session_start();
$db_host = "localhost";
$db_location = " ";
$db_name = "crud";
$conn= mysqli_connect ($db_host,$db_name, $db_location,$db_name)or die ("could not connect to mysql");
..................
..................
..................
注意:未定义变量:db in C:\xampp\htdocs\xampp\index1.php on line 32
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\xampp\index1.php on line 32
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\xampp\index1.php on line 43 Notice: Undefined variable: update in C:\xampp\htdocs\xampp\index1.php on line 69
<!DOCTYPE html>
<html>
<head>
<title>CRUD: CReate, Update, Delete PHP MySQL</title>
</head>
<body>
<?php if (isset($_SESSION['message'])): ?>
<div class="msg">
<?php
echo $_SESSION['message'];
unset($_SESSION['message']);
?>
</div>
<?php endif?>
<?php
if (isset($_GET['edit'])) {
$id = $_GET['edit'];
$update = true;
$record = mysqli_query($db, "SELECT * FROM info WHERE id=$id");
if (count($record) == 1) {
$n = mysqli_fetch_array($record);
$name = $n['name'];
$address = $n['address'];
}
}
?>
<?php
$results = mysqli_query($db, "SELECT * FROM info");?>
<table>
<thead>
<tr>
<th>Name</th>
<th>Address</th>
<th colspan="2">Action</th>
</tr>
</thead>
<?php while ($row = mysqli_fetch_array($results)) {?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['address']; ?></td>
<td>
<a href="index.php?edit=<?php echo $row['id']; ?>" class="edit_btn" >Edit</a>
</td>
<td>
<a href="server.php?del=<?php echo $row['id']; ?>" class="del_btn">Delete</a>
</td>
</tr>
<?php }?>
</table>
<form>
<form method="post" action="php_code.php" >
<input type="hidden" name="id" value="<?php echo $id; ?>">
<div class="input-group">
<label>Name</label>
<input type="text" name="name" value="">
</div>
<div class="input-group">
<label>Address</label>
<input type="text" name="address" value="">
</div>
<div class="input-group">
<?php if ($update == true): ?>
<button class="btn" type="submit" name="update" style="background: #556B2F;" >update</button>
<?php else: ?>
<button class="btn" type="submit" name="save" >Save</button>
<?php endif?>
</div>
</form>
</body>
</html>
2ND FILE
<?php
session_start();
$db = mysqli_connect('localhost', 'root', '', 'crud');
$name = "";
$address = "";
$id = 0;
$update = false;
if (isset($_POST['save'])) {
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "INSERT INTO info (name, address) VALUES ('$name', '$address')");
$_SESSION['message'] = "Address saved";
header('location: index.php');
}
if (isset($_POST['update'])) {
$id = $_POST['id'];
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "UPDATE info SET name='$name', address='$address' WHERE id=$id");
$_SESSION['message'] = "Address updated!";
header('location: index.php');
}
if (isset($_GET['del'])) {
$id = $_GET['del'];
mysqli_query($db, "DELETE FROM info WHERE id=$id");
$_SESSION['message'] = "Address deleted!";
header('location: index.php');
}
And your code is fully prone to SQL injection
阅读有关 PHP 准备好的语句的信息。 https://www.w3schools.com/php/php_mysql_prepared_statements.asp
假设文件 1 名称为 codefile.php,包含连接的文件 2 为 connection.php 因此,写入 codefile.php include("connection.php")
将 codefile.php 中的 $db 更改为 $conn,就像 connection.php 中一样,您已经在 $conn 变量
检查下方 link: w3schools.com/php/php_includes.asp
codefile.php
<?php
include("connection.php");
$results = mysqli_query($conn, "SELECT * FROM info");
?>
<!DOCTYPE html>
<html>
<head>
<title>CRUD: CReate, Update, Delete PHP MySQL</title>
</head>
<body>
..................
..................
..................
connection.php
<?php
session_start();
$db_host = "localhost";
$db_location = " ";
$db_name = "crud";
$conn= mysqli_connect ($db_host,$db_name, $db_location,$db_name)or die ("could not connect to mysql");
..................
..................
..................