请告诉我可能是什么问题,在查询刷新时无法获取变量order_id,如果未指定,则所有请求都会通过,但更新表中的所有记录,给出建议在哪里查看或内容读。 谢谢!
控制器:
public function edit(){
if (isset($this->request->get['order_id'])) {
$order_id = $this->request->get['order_id'];
} else {
$order_id = 0;
}
if ($this->request->server['REQUEST_METHOD'] == 'POST') {
$this->model_account_order->update($order_id, $this->request->post);
$this->redirect($this->url->link('account/myorders', '', 'SSL'));
}
...
$this->data['action'] = $this->url->link('account/myorders/edite', '', 'SSL');
if (isset($this->request->get['order_id']) && ($this->request->server['REQUEST_METHOD'] != 'POST')) {
$edit_order = $this->model_account_order->getOrderData($this->request->get['order_id']);
}
if (isset($this->request->post['linkto'])) {
$this->data['linkto'] = $this->request->post['linkto'];
} elseif (isset($edit_order)) {
$this->data['linkto'] = $edit_order['linkto'];
} else {
$this->data['linkto'] = '';
}
if (isset($this->request->post['description'])) {
$this->data['description'] = $this->request->post['description'];
} elseif (isset($edit_order)) {
$this->data['description'] = $edit_order['description'];
} else {
$this->data['description'] = '';
}
型号:
public function update($order_id,$data){
$this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");
}
答案 0 :(得分:0)
非常简单但功能强大的解决方案 - $order_id
检查模型:
public function update($order_id, $data) {
if (!$order_id) {
return false;
}
return $this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");
}