值未正确发布到数据库[重复]

This question already has an answer here:

I have a simple issue that I can't solve. I've tried googling and looking on SO, but found nothing that helps.

Basically, I have a PHP page that has inputs, and the inputs are POSTed to another PHP file that in turn queries a few MySQL statements and updates the database with the information in the first PHP page.

This is my PHP with the form:

<!DOCTYPE html lang="en">
<head>
<meta charset="utf-8">
<title>form page</title>
</head>

<body>

<form action="mainfileupdatetest.php" method="POST">
    <p>
        <label for="test">A:</label>
        <input type="text" name="test" id="test">
        <label for="test2">B:</label>
        <input type="text" name="test2" id="test2">
        <label for="test3">A:</label>
        <input type="text" name="test3" id="test3">
        <label for="test4">B:</label>
        <input type="text" name="test4" id="test4">
    </p>
    <button type="submit" value="submit">
</form>

<?php
$mysqli->close();
?>

</body>
</html>

And this is the PHP file that updates the database:

<?php
$link = mysqli_connect("localhost", "root", "fakepassword", "fakedb");

if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

$test = mysqli_real_escape_string($link, $_REQUEST['test']);
$test2 = mysqli_real_escape_string($link, $_REQUEST['test2']);
$test3 = mysqli_real_escape_string($link, $_REQUEST['test3']);
$test4 = mysqli_real_escape_string($link, $_REQUEST['test4']);

$sql = "UPDATE mainfile SET A='$test', B='$test2' WHERE id='1'";
$sql = "UPDATE mainfile SET A='$test3', B='$test4' WHERE id='2'";
if(mysqli_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: Could not execute $sql. " . mysqli_error($link);
}

mysqli_close($link);
?>

There are no PHP or MySQL errors that pop up, but when I input information into the form, only certain ones get saved into the database by MySQL.

This is the table as seen on PHPMyAdmin:

enter image description here

And when I input information like this: enter image description here

(side question, why doesn't the submit button show the name I gave it? [value:submit])

I get no error: enter image description here

But on the database:

enter image description here

That happens. Anyone able to enlighten me?

</div>

As you use the same variable $sql, like :

1) $sql = "UPDATE mainfile SET A='$test', B='$test2' WHERE id='1'";

2) $sql = "UPDATE mainfile SET A='$test3', B='$test4' WHERE id='2'";

and execute $sql variable on mysqli_query() like:

if(mysqli_query($link, $sql)){ echo "Records added successfully."; } 
else{ echo "ERROR: Could not execute $sql. " . mysqli_error($link); }

so second udate query will work.

2) $sql = "UPDATE mainfile SET A='$test3', B='$test4' WHERE id='2'";

$sql = "UPDATE prob1 SET A='$test', B='$test2' WHERE id='1';";

$sql .= "UPDATE prob1 SET A='$test3', B='$test4' WHERE id='2';";
if(mysqli_multi_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: Could not execute $sql. " . mysqli_error($link);
}

Right, you are collecting 2 database rows worth of data in the HTML form in one row, and you look like you want to use these 4 fields to amend 2 different rows on your database.

Your problem is that you are over writing one of your queries before you have actually submitted it to the database.

Your code is also wide open to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements

So I changed it to use prepared, parameterised and bound statements.

<?php
$link = mysqli_connect("localhost", "root", "fakepassword", "fakedb");

if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

/* bad unsafe    
$test = mysqli_real_escape_string($link, $_REQUEST['test']);
$test2 = mysqli_real_escape_string($link, $_REQUEST['test2']);
$test3 = mysqli_real_escape_string($link, $_REQUEST['test3']);
$test4 = mysqli_real_escape_string($link, $_REQUEST['test4']);
*/

// One prepared query will do for both update commands
$sql = "UPDATE mainfile SET A=?, B=? WHERE id=?";
$stmt = $link->prepare($sql);

// bind the first set of values to the query
$stmt->bind_param('ssi', $_REQUEST['test'],
                         $_REQUEST['test2'],
                         1);
// and execute the query
$stmt->execute();

// Check for errors
if ( !$link->error ) {
    echo "FIRST row Updated.";
} else{
    echo "ERROR: Could not execute $sql. " . mysqli->error;
}

// bind second set of data to the query
$stmt->bind_param('ssi', $_REQUEST['test3'],
                         $_REQUEST['test4'],
                         2);
// execute the query
$stmt->execute();

// Check for errors 
if ( !$link->error ) {
    echo "SECOND row Updated.";
} else{
    echo "ERROR: Could not execute $sql. " . mysqli->error;
}
?>

You could have done this in a loop, but to keep it simple and hopefully easier to follow I just did everything simply