时间戳

首页 > 解决方案 > 出生日期不显示,表格无法在 PHP 中编辑

php - 出生日期不显示,表格无法在 PHP 中编辑

问题描述

我将简要描述我的问题。我的网络应用程序中有两个主要问题:

  1. 出生日期未显示在编辑页面中(完成)
  2. 我无法将我的记录提交到数据库(部分原因是问题 1)

这是我的代码:

<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "students";

$mysqli = new mysqli($host, $username, $password, $database);
if (!$mysqli) {
    die("Cannot connect to mysql");
} 

 if (isset($_POST['save'])) {

        // Display errors if all fields are blank
        $errors = [];
        if (strlen(trim($_POST['student_id'])) === 0) {
            $errors['student_id'] = "Không được để trống trường này";            
        }

        if (strlen(trim($_POST['first_name'])) === 0) {
            $errors['first_name'] = "Không được để trống trường này";
        } 

        if (strlen(trim($_POST['last_name'])) === 0) {
            $errors['last_name'] = "Không được để trống trường này";
        } 

        if (strlen(trim($_POST['email'])) === 0) {
            $errors['email'] = "Không được để trống trường này";
        } else {
            if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $errors['email'] = 'Email phải đúng định dạng';
            } 
        }

        if (strlen(trim($_POST['dob'])) === 0) {
            $errors['dob'] = "Không được để trống trường này";
        }        
              
    }

    
    // If there is not any black field, show the information at the index page 
        $id = $_GET['id'];
        $sql = "SELECT * FROM students WHERE id = $id";
        $result = $mysqli->query($sql);
        $students = $result->fetch_assoc(); 
        print_r($students) ;

    if (isset($errors) && count($errors) == 0) {       

        $student_id = $_POST['student_id'];
        $first_name = $_POST['first_name'];
        $last_name = $_POST['last_name'];
        $email = $_POST['email'];
        $dob = $_POST['dob'];

        $sql = "UPDATE students(student_id, first_name, last_name, email, dob) 
                SET student_id = '$student_id', first_name = '$first_name', last_name = '$last_name', email = '$email', dob = '$dob'
                WHERE id = '$id'"; 

        $result = $mysqli->query($sql);
        

        if ($result) {
            header('location: index.php');
        }            
}
?>


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Create Student List</title>
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css" integrity="sha384-B0vP5xmATw1+K9KRQjQERJvTumQW0nPEzvF6L/Z6nronJ3oUOFUFpCjEUQouq2+l" crossorigin="anonymous">
    <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
</head>
<body>
    <div class="card">
        <div class="card-body">
            <h3 class="card-title">Create Student</h3>    
            <form method="POST" action="./update.php" id="update">

                <!-- Student ID -->
                <div class="form-group">
                    <label for="student_id">Student ID <span style="color:red;">*</span></label>
                    <input type="text" id="student_id" name="student_id" class="form-control <?php echo isset($errors['student_id']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['student_id'] ?>"> 
                    <?php if (isset($errors) && isset($errors['student_id'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['student_id']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- First Name -->
                <div class="form-group">
                    <label for="first_name">First Name <span style="color:red;">*</span></label>
                    <input type="text" id="first_name" name="first_name" class="form-control <?php echo isset($errors['first_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['first_name'] ?> "> 
                    <?php if (isset($errors) && isset($errors['first_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['first_name']; ?></small>
                    <?php } ?> 
                </div>

                <!-- Last Name -->
                <div class="form-group">
                    <label for="last_name">Last name <span style="color:red;">*</span></label>
                    <input type="text" id="last_name" name="last_name" class="form-control <?php echo isset($errors['last_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['last_name'] ?>"> 
                    <?php if (isset($errors) && isset($errors['last_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['last_name']; ?></small>
                    <?php } ?> 
                </div>

                <!-- Email -->
                <div class="form-group">
                    <label for="email">Email <span style="color:red;">*</span></label>
                    <input type="email" id="email" name="email" class="form-control <?php echo isset($errors['email']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['email'] ?> "> 
                    <?php if (isset($errors) && isset($errors['email'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['email']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- Date of Birth -->
                <div class="form-group">
                    <label for="dob">Date of Birth <span style="color:red;">*</span></label>
                    <input type="date" id="dob" name="dob" class="form-control <?php echo isset($errors['dob']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['dob'] ?> "> 
                    <?php if (isset($errors) && isset($errors['dob'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['dob']; ?></small>
                    <?php } ?> 
                </div>                

                <!-- Buttons -->
                <button type="submit" class="btn btn-primary" name="save">Save</button>
                <a class="btn btn-secondary" href="./index.php">Cancel</a>

            </form>
        </div>
    </div>


    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js" integrity="sha384-9/reFTGAW83EW2RDu2S0VKaIzap3H66lZH81PoYlFhbGU+6BZp6G7niu735Sk7lN" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js" integrity="sha384-+YQ4JLhjyBLPDQt//I+STsc9iw4uQqACwlvpslubQzn4u2UU2UFM80nGisd026JF" crossorigin="anonymous"></script>
</body>
</html>

以下是一些关于这些的图片: 在此处输入图像描述

希望你能帮助我尽可能地解决这些问题。谢谢!

标签: php

解决方案

出生日期问题:价值标签末尾的额外空格

value="<?php echo $students['dob'] ?> "

数据库问题:

  • 格式错误的更新语句
  • 不安全、易受攻击的查询

你有点混合插入和更新。

UPDATE students(student_id, first_name, last_name, email, dob) 
SET student_id = '$student_id', first_name = '$first_name', last_name = '$last_name', email = '$email', dob = '$dob'
WHERE id = '$id'

更新语句不会像您拥有的那样在括号中使用字段列表。所以声明失败了。但是,您应该通过使用查询绑定和准备好的语句再次保护 SQL 注入攻击。看起来像这样:

$sql = "UPDATE students SET student_id = '?', first_name = '?', last_name = '?', email = '?', dob = '?' WHERE id = '?'"; 
$query = $mysqli->prepare($sql);
$query->bind_param("isssi", $student_id, $first_name, $last_name, $email, $dob, $id);
$query->execute();

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

推荐阅读