问题描述:

I'm writing a script in which you can change the price of an article/item through a form, but it doesn't update my new prices. I think there might be a mistake in my $update, because I don't get any error messages when I change the affected rows (typo on purpose). But I just don't see it. What am I doing wrong? Thanks in advance.

<?php

$dbhost = "localhost";

$dbuser = "root";

$dbpass = "";

$dbname = "webauth";

$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$artikelquery = "SELECT * FROM artikel;";

$artikel = mysqli_query($connection, $artikelquery);

?>

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">

Kies een artikel:</br>

<select name="artikel">

<?php

while($artikelrow = mysqli_fetch_row($artikel)) {

echo '<option value="'.$artikelrow[1].'">'."$artikelrow[1], $artikelrow[3] euro</option>";

}

?>

</select>

</br></br>

Vul de nieuwe prijs van het artikel in:</br>

<input type="number" name="prijs"></br></br>

<input type="submit" value="Verzend">

</form>

<?php

if($_SERVER['REQUEST_METHOD'] == "POST") {

if($_POST['prijs'] == "") {

echo 'bla';

}

else {

$nieuwprijs = $_POST['prijs'];

$artikel = $_POST['artikel'];

$update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";

mysqli_query($connection, $update);

echo 'Artikel '. $artikel .' is aangepast naar '. $nieuwprijs .' euro.';

}

}

?>

网友答案:

You are very vulenerable to SQL Injection. Anyway your problem is the table name:

$update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";

Should be

$update = "UPDATE artikel ..."

Without final s, as your SELECT query

$artikelquery = "SELECT * FROM artikel;";
网友答案:

I'd submit this as a comment if I had enough reputation. But here's my suggestion for tracking down SQL errors.

Add this after the UPDATE:

if (mysqli_connect_errno()) echo '<div>DB Error: '. mysqli_error($connection) .'</div>';

Also, I'd suggest doing some input validation or escaping so you're not susceptible to SQL injection.

相关阅读:
Top