php更新搜索结果的同一页面上的价格
我是php和sql的新手。我想问一个关于如何在php搜索结果的同一页面更新价格的问题。我需要添加.backgroundimage {
display: inline-block;
position: relative;
top: 70px;
bottom: 46px;
}
.Youtube {
position: absolute;
left: 280px;
bottom: 46px;
right: 380px;
}
和input按钮,以便在搜索结果中更新图书的价格。提交后,应将书籍的新价格更新到数据库中并重新显示在同一页面上。
这是搜索html页面和结果php页面的现有代码。搜索结果已经显示在页面上,但如何更新价格?单击按钮后,页面将显示错误您尚未输入搜索详细信息。请返回重试。请帮帮我。
搜索页面:
submit 
更新页面:
<html>
<head>
<title>Book-O-Rama Catalog Search</title>
</head>
<body>
<h1>Book-O-Rama Catalog Search</h1>
<form action="results.php" method="post">
Choose Search Type:<br />
<select name="searchtype">
<option value="author">Author
<option value="title">Title
<option value="isbn">ISBN
</select>
<br />
Enter Search Term:<br />
<input name="searchterm" type="text" size="40">
<br />
<input type="submit" name="submit" value="Search">
</form>
</body>
</html>
<html>
<head>
<title>Book-O-Rama Search Results</title>
</head>
<body>
<h1>Book-O-Rama Search Results</h1>
<?php
// create short variable names
$searchtype=$_POST['searchtype'];
$searchterm=trim($_POST['searchterm']);
if (!$searchtype || !$searchterm) {
echo 'You have not entered search details. Please go back and try again.';
exit;
}
if (!get_magic_quotes_gpc()){
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
@ $db = new mysqli('localhost', 'pf31ee', 'pf31ee', 'pf31ee');
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
$query = "select * from books where ".$searchtype." like '%".$searchterm."%'";
$result = $db->query($query);
$num_results = $result->num_rows;
echo "<p>Number of books found: ".$num_results."</p>";
for ($i=0; $i <$num_results; $i++) {
$row = $result->fetch_assoc();
echo "<p><strong>".($i+1).". Title: ";
echo htmlspecialchars(stripslashes($row['title']));
echo "</strong><br />Author: ";
echo stripslashes($row['author']);
echo "<br />ISBN: ";
echo stripslashes($row['isbn']);
echo "<br />Price: ";
echo stripslashes($row['price']);
echo "</p>";
}
$result->free();
$db->close();
?>
<form action="results.php" method="post">
<input type="submit" name="submit" value="Update price"> <input type="text" name="price" maxlength="7" size="7">
<input type="hidden" name="searchtype" value="<?php echo htmlspecialchars($_POST['searchtype']);?>" />
<input type="hidden" name="searchterm" value="<?php echo htmlspecialchars($_POST['searchterm']);?>" />
<?php
$updateprice=$_POST['price'];
@ $db = new mysqli('localhost', 'pf31ee', 'pf31ee', 'pf31ee');
mysql_select_db('books');
$query1 = "UPDATE books SET price = ".$updateprice." WHERE ".$searchtype." like '%".$searchterm."%'";
$result1 = $db->query($query1);
$result->free();
$db->close();
?>
</form>
</body>
</html>
create table customers
( customerid int unsigned not null auto_increment primary key,
name char(50) not null,
address char(100) not null,
city char(30) not null
);
create table orders
( orderid int unsigned not null auto_increment primary key,
customerid int unsigned not null,
amount float(6,2),
date date not null
);
create table books
( isbn char(13) not null primary key,
author char(50),
title char(100),
price float(4,2)
);
create table order_items
( orderid int unsigned not null,
isbn char(13) not null,
quantity tinyint unsigned,
primary key (orderid, isbn)
);
create table book_reviews
(
isbn char(13) not null primary key,
review text
);
1 个答案:
答案 0 :(得分:0)
您还需要在更新表单中传递搜索类型和值。您可以使用隐藏的输入字段。
PROCEDURE EXAMPLE(p_recordset OUT SYS_REFCURSOR) AS
TYPE COUNTRY_ARR IS TABLE OF VARCHAR2(60) INDEX BY BINARY_INTEGER;
V_COUNTRY_ARR COUNTRY_ARR;
BEGIN
V_COUNTRY_ARR(1) := 'US';
V_COUNTRY_ARR(2) := 'AUS';
V_COUNTRY_ARR(3) := 'NA';
OPEN p_recordset FOR SELECT * FROM TABLE(CAST(V_COUNTRY_ARR AS COUNTRY_ARR));
END EXAMPLE;
此代码也适用于SQL注入。您应该使用parameterized queries和传入列的白名单。根据手册,<html>
<head>
<title>Book-O-Rama Search Results</title>
</head>
<body>
<h1>Book-O-Rama Search Results</h1>
<?php
// create short variable names
$searchtype=$_POST['searchtype'];
$searchterm=trim($_POST['searchterm']);
if (!$searchtype || !$searchterm) {
echo 'You have not entered search details. Please go back and try again.';
exit;
}
if (!get_magic_quotes_gpc()){
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
@ $db = new mysqli('localhost', 'pf31ee', 'pf31ee', 'pf31ee');
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
$query = "select * from books where ".$searchtype." like '%".$searchterm."%'";
$result = $db->query($query);
$num_results = $result->num_rows;
echo "<p>Number of books found: ".$num_results."</p>";
for ($i=0; $i <$num_results; $i++) {
$row = $result->fetch_assoc();
echo "<p><strong>".($i+1).". Title: ";
echo htmlspecialchars(stripslashes($row['title']));
echo "</strong><br />Author: ";
echo stripslashes($row['author']);
echo "<br />ISBN: ";
echo stripslashes($row['isbn']);
echo "<br />Price: ";
echo stripslashes($row['price']);
echo "</p>";
}
$result->free();
$db->close();
?>
<form action="" method="post">
<input type="submit" name="submit" value="Update price"> <input type="text" name="price" maxlength="7" size="7">
<input type="hidden" name="searchtype" value="<?php echo htmlspecialchars($_POST['searchtype']);?>" />
<input type="hidden" name="searchterm" value="<?php echo htmlspecialchars($_POST['searchterm']);?>" />
</form>
</body>
</html>
功能不足:
请注意,使用addslashes()进行数据库参数转义可能会导致大多数数据库出现安全问题。
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?