修改: 添加了新的代码块
//SCRIPT TO INSERT THE CHANGED ENTRY
echo "the <b>CONFIRM CHANGES</b> button was pressed<br /><br />";
$STH = $DBH->("INSERT INTO register (register, location, type, capacity, length, qty, serial, cert, lastinsp, inspby, status, datein, dateout, notes) value (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
//bind the parameters to the variables
$data = array("$register", "$location", "$type", "$capacity", "$qty", "$serial", "$cert", "$lastinsp", "$inspby", "$status", "$datein", "$dateout", "$notes");
$STH->execute($data);
echo "Data has been written to the database!<br /><br />";
echo "<hr />";
我已经屈服于同伴的压力,并开始使用PDO重写我的项目(顺便说一下,看起来更容易理解我的头脑!)
我通过$id从表单传递行$_SERVER['PHP_SELF']但是没有获取下一个数据库查询的变量。
我希望有意义,受影响的行被注释,代码在下面。
提前感谢。
<?php
//Global Settings
$pagetitle="PDO Test";
$menu="no";
require 'header.php';
require 'dbvars.php';
require 'dafunc.php';
//Page Specific Settigns
$self=htmlentities($_SERVER['PHP_SELF']);
//connect to the database
try {
$dbh = new PDO("mysql:host=$sqlhost;dbname=$sqldb", $sqluser, $sqlpass);
/*** echo a message saying we have connected ***/
echo "Connected to <b>$sqlhost</b> : <b>$sqldb</b><br /><br />";
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//if the EDIT button was pressed, do this
if(isset($_POST['edit']))
{
$id=$_POST['id'];
//SCRIPT TO EDIT ENTRY
echo "the <b>EDIT</b> button was pressed<br /><br />";
echo "The ID is: $id<br /><br />";
//this is where I'm trying to use the $id passed from the last form on this page
$sth = $dbh -> prepare( "select * from register WHERE id=\"$id\"" );
$sth -> execute();
$row = $sth -> fetch();
echo "<form action=\"$self\" method=\"post\">";
echo "<table width=\"372\" border=\"0\" align=\"center\">";
echo "<tr><td>ID</td><td>" . $row['id'] . "</td></tr>";
echo "<input name=\"id\" type=\"hidden\" value=\"" . $row['id'] ."\" />";
echo "<tr><td>Register</td><td><input name=\"register\" type=\"text\" value=\"". $row['register'] ."\"/></td></tr>";
echo "<tr><td>Location</td><td><input name=\"location\" type=\"text\" value=\"". $row['location'] ."\"/></td></tr>";
echo "<tr><td>Type</td><td><input name=\"type\" type=\"text\" value=\"". $row['type'] ."\"/></td></tr>";
echo "<tr><td>Capacity</td><td><input name=\"capacity\" type=\"text\" value=\"". $row['capacity'] ."\"/></td></tr>";
echo "<tr><td>Length</td><td><input name=\"length\" type=\"text\" value=\"". $row['length'] ."\"/></td></tr>";
echo "<tr><td>Qty</td><td><input name=\"qty\" type=\"text\" value=\"". $row['qty'] ."\"/></td></tr>";
echo "<tr><td>Serial#</td><td><input name=\"serial\" type=\"text\" value=\"". $row['serial'] ."\"/></td></tr>";
echo "<tr><td>Certificate#</td><td><input name=\"cert\" type=\"text\" value=\"". $row['cert'] ."\"/></td></tr>";
echo "<tr><td>Last Inspection Completed On</td><td><input name=\"lastinsp\" type=\"text\" value=\"". $row['lastinsp'] ."\"/></td></tr>";
echo "<tr><td>Last Inspection Completed By</td><td><input name=\"inspby\" type=\"text\" value=\"". $row['inspby'] ."\"/></td></tr>";
echo "<tr><td>Date introduced into service</td><td><input name=\"datein\" type=\"text\" value=\"". $row['datein'] ."\"/></td></tr>";
echo "<tr><td>Date removed from service</td><td><input name=\"dateout\" type=\"text\" value=\"". $row['dateout'] ."\"/></td></tr>";
echo "<tr><td>Notes</td><td><input name=\"notes\" type=\"text\" value=\"". $row['notes'] ."\"/></td></tr>";
echo "</table>";
echo "<input type=\"submit\" name=\"confirm_change\" id=\"confirm_change\" value=\"Confirm Changes\" />";
echo "</form>";
}
//if the confirm_change button was pressed, do this
if(isset($_POST['confirm_change']))
{
//fetch form values
$id = $_POST['id'];
$register = $_POST['register'];
$location = $_POST['location'];
$type = $_POST['type'];
$capacity = $_POST['capacity'];
$length = $_POST['length'];
$qty = $_POST['qty'];
$serial = $_POST['serial'];
$cert = $_POST['cert'];
$lastinsp = $_POST['lastinsp'];
$inspby = $_POST['inspby'];
$datein = $_POST['datein'];
$dateout = $_POST['dateout'];
$status = $_POST['status'];
$notes = $_POST['notes'];
//SCRIPT TO DELETE ENTRY
echo "the <b>CONFIRM CHANGES</b> button was pressed<br /><br />";
/*
$STH = $DBH->("INSERT INTO folks (register, location, type, capacity, length, qty, serial, cert, lastinsp, inspby, status, datein, dateout, notes) value (:register, :location, :type, :capacity, :length, :qty, :serial, :cert, :lastinsp, :inspby, :status, :datein, :dateout, :notes)");
//bind the parameters to the variables
$data = array("$register", "$location", "$type", "$capacity", "$qty", "$serial", "$cert", "$lastinsp", "$inspby", "$status", "$datein", "$dateout", "$notes");
$STH->execute($data);
echo "Data has been written to the database!<br /><br />";
*/
}
//if the DELETE button was pressed, do this
if(isset($_POST['delete']))
{
//SCRIPT TO DELETE ENTRY
echo "the <b>DELETE</b> button was pressed<br /><br />";
}
//if the edit button wasn't pressed, do this instead
echo " <form method=\"post\" action=\"$self\">
<table>
<tr>
<th>ID</th>
<th>REGISTER</th>
<th>LOCATION</th>
<th>TYPE</th>
<th>CAPACITY</th>
<th>LENGTH</th>
<th>QTY</th>
<th>SERIAL#</th>
<th>CERT#</th>
<th>LAST INSPECTION</th>
<th>BY</th>
<th>DATE IN</th>
<th>DATE OUT</th>
<th>NOTES</th>
</tr>";
//get data from the db
$sql = "SELECT * FROM register";
foreach ($dbh->query($sql) as $row)
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['register'] . "</td>";
echo "<td>" . $row['location'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "<td>" . $row['capacity'] . "</td>";
echo "<td>" . $row['length'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['serial'] . "</td>";
echo "<td>" . $row['cert'] . "</td>";
echo "<td>" . $row['lastinsp'] . "</td>";
echo "<td>" . $row['inspby'] . "</td>";
echo "<td>" . $row['datein'] . "</td>";
echo "<td>" . $row['dateout'] . "</td>";
echo "<td>" . $row['notes'] . "</td>";
//this is where I'm getting the $id from for the edit script
echo "<input type=\"hidden\" name=\"id\" id=\"" . $row['id'] . "\">";
echo "<td><input type=\"submit\" name=\"edit\" id=\"edit\" value=\"Edit\" /></td>";
echo "<td><input type=\"submit\" name=\"delete\" id=\"delete\" value=\"Delete\" /></td>";
echo "</tr>";
}
echo "</table></form>";
?>
答案 0 :(得分:0)
我认为您只是错误地使用execute。首先,您应该:
$sth = $dbh->prepare("INSERT INTO folks (register, location, type, capacity, length, qty, serial, cert, lastinsp, inspby, status, datein, dateout, notes) value (:register, :location, :type, :capacity, :length, :qty, :serial, :cert, :lastinsp, :inspby, :status, :datein, :dateout, :notes)");
然后,当您使用命名参数如“:register”时,需要在执行中提供关联数组,如:
bind the parameters to the variables
$data = array(
":register" => $register,
":location" => $location,
//...
":notes" => $notes);
$sth->execute($data);
如果你只是想传递一个参数值数组,你可以放?传递给prepare的SQL字符串中的标记(见下文)。
您的第一个查询(在编辑if块中)也需要修复。您永远不应该将POST数据直接放入SQL查询中,因为这样做会使您容易受到SQL injection attacks的攻击。您首先需要“转义”POST数据中的任何控制字符(例如引号)。可以使用prepare方法执行此操作:
$sth = $dbh->prepare("select * from register WHERE id=?");
$sth->execute(array($id));
在此处调用execute时,提供的值数组用于“填写”预准备语句$sth中的问号,然后执行该语句。请查看PDO::prepare文档页面上的示例。