每当我运行以下PHP代码时,我都会得到输出
预订确认!祝贺。您的预订ID为:6
成功预订。
bookingid是一个序列,然后我从插入的值中获取该预订ID以获取序列的当前值。所以我不知道我做错了什么。
<html><body>
<?php
$con = oci_connect("system", "password", "localhost/XE");
if (!$con) {
$m = oci_error();
exit('Connect Error ' . $m['message']);
}
$thid = $_GET["hid"];
$trno = $_GET["rno"];
$tgid = $_GET["gid"];
$sd = $_GET["sdate"];
$ed = $_GET["edate"];
$dchange = "ALTER SESSION SET NLS_DATE_FORMAT= 'YYYY-MM-DD'";
$stid1 = oci_parse($con,$dchange);
oci_execute($stid1);
$c1 = "SELECT * FROM B WHERE HOTELID = '$thid' AND ROOMNO = '$trno' AND ((STARTDATE < '$sd' AND ENDDATE > '$sd') or (STARTDATE < '$ed' AND ENDDATE > '$ed') or (STARTDATE >= '$sd' AND ENDDATE <= '$ed'))";
$c2 = oci_parse($con, $c1);
oci_execute($c2);
$row = oci_fetch_row($c2);
if(!$row)
{
$temp = "INSERT INTO B VALUES(bno.nextval,'$thid','$trno','$tgid','$sd','$ed')";
$stid = oci_parse($con,$temp);
oci_execute($stid);
oci_free_statement($stid);
//$c7 = "SELECT bookid FROM B WHERE HOTELID = '$thid' AND ROOMNO = '$trno' AND GUEStID = '$tgid' AND STARTDATE = '$sd' AND ENDDATE = '$ed'";
//printf("<h3>Booking Confirmed! Congatulation. </h3>") ;
**$c8 = oci_parse($con, "SELECT MAX(BOOKID) FROM B");
oci_execute($c8);
printf("<h3>Booking Confirmed! Congratulation. Your Booking Id is: %u</h3>", $c8);**
}
else
printf("<h3>Booking already exist. </br>Please try with another search.</h3>");
?>
</n> <form action="index.php"><input type="submit" value="BACK" />
</form>
</BODY>
答案 0 :(得分:0)
给你一些建议。
您应该使用bind variables而不是在SQL语句中拼接文字(除非您希望在填充共享池时降低数据库的性能)。
SELECT MAX(BOOKID) FROM B是获取预订ID的错误且不安全的方式。好像两个并行的会话进行了预订,您可能会得到错误的结果(如果表中的最大ID高于当前序列值,您也会得到错误的结果)。而是做select bno.currval from dual或使用returning clause作为插入的一部分(假设PHP使用它)
,您应该指定良好实践的列名称。即做INSERT INTO B (BOOKID, HOTELID, ROOMNO, STARTDATE, ENDDATE) VALUES(bno.nextval....