更新表顺序opencart

时间:2014-03-22 23:00:33

标签: php request sql-update opencart

请告诉我可能是什么问题,在查询刷新时无法获取变量order_id,如果未指定,则所有请求都会通过,但更新表中的所有记录,给出建议在哪里查看或内容读。 谢谢!

控制器:

public function edit(){

        if (isset($this->request->get['order_id'])) {
            $order_id = $this->request->get['order_id'];
        } else {
            $order_id = 0;
        }   

        if ($this->request->server['REQUEST_METHOD'] == 'POST') {
            $this->model_account_order->update($order_id, $this->request->post);
            $this->redirect($this->url->link('account/myorders', '', 'SSL'));
        }           

...

        $this->data['action'] = $this->url->link('account/myorders/edite', '', 'SSL');

        if (isset($this->request->get['order_id']) && ($this->request->server['REQUEST_METHOD'] != 'POST')) {
            $edit_order = $this->model_account_order->getOrderData($this->request->get['order_id']);
        }

        if (isset($this->request->post['linkto'])) {
            $this->data['linkto'] = $this->request->post['linkto'];
        } elseif (isset($edit_order)) {
            $this->data['linkto'] = $edit_order['linkto'];
        } else {
            $this->data['linkto'] = '';
        }

        if (isset($this->request->post['description'])) {
            $this->data['description'] = $this->request->post['description'];
        } elseif (isset($edit_order)) {
            $this->data['description'] = $edit_order['description'];
        } else {
            $this->data['description'] = '';
        }

型号:

public function update($order_id,$data){
        $this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");

    }

1 个答案:

答案 0 :(得分:0)

非常简单但功能强大的解决方案 - $order_id检查模型:

public function update($order_id, $data) {
    if (!$order_id) {
        return false;
    }

    return $this->db->query("UPDATE " . DB_PREFIX . "order SET forma = '" . $this->db->escape($data['forma']) . "', linkto = '" . $this->db->escape($data['linkto']) . "', description = '" . $this->db->escape($data['description']) . "', cvet = '" . $this->db->escape($data['cvet']) . "', sizes = '" . (int)$data['sizes'] . "', counts = '" . (int)$data['counts'] . "', tcena = '" .(int)$data['tcena'] . "', sposob = '" . $this->db->escape($data['sposob']) . "' , delivery_usa = '" . $this->db->escape($data['delivery_usa']) . "', hint = '" . $this->db->escape($data['hint']) . "', novapochta ='" . $this->db->escape($data['novapochta']) . "' WHERE order_id = '" . (int)$order_id . "'");
}