好吧,所以我坐在这里弄乱了我的一些旧代码。
以下是我打印出产品和当前库存的循环示例。 每当我想手动更改时,我将打开它并输入新的库存值。 但我被卡住了,出于某种原因,我无法将其插入数据库中的右侧ProdId。
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $oneLiter )) {
echo '<input type="hidden" name="id" value="'<?php echo $row['ProdId']; ?>'"/>'
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
以下代码来自我尝试插入我已更改的值。
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
foreach($_POST['prod'] as $item) {
$stock = mysql_real_escape_string(htmlspecialchars($item));
// check that prodname/color fields are both filled in
if ($stock == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $prodname, $color, $size, $packing, $minstock, $stock, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE produkter_sthlm SET Lagerstatus='$stock' WHERE ProdId='$item'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: lagerstatus_stockholm.php");
}
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// query db
$result = mysql_query("SELECT * FROM produkter_sthlm")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['ProdId'];
$prodname = $row['Prodnamn'];
$color = $row['Farg'];
$size = $row['Storlek'];
$packing = $row['antalPack'];
$minstock = $row['minLager'];
$stock = $row['Lagerstatus'];
// show form
renderForm($id, $prodname, $color, $size, $packing, $minstock, $stock, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
我知道 mysql_query(&#34; UPDATE produkter_sthlm SET Lagerstatus =&#39; $ stock&#39; WHERE ProdId =&#39; $ item&#39;&#34;)是错的,但我无法弄清楚如何从$ _POST
获得真正的ProdId如果有任何帮助,我可以发布带有架构副本等的完整文件。
刚刚在整个文件中进行了编辑。
<?php
session_start();
if(!isset($_SESSION['myusername'])){
header("location:login.php");
}
// connect to the database
include '/include/config.php';
function renderForm($id, $prodname, $color, $size, $packing, $minstock, $stock, $error)
{
$oneLiter = mysql_query("SELECT * FROM produkter_sthlm WHERE `Storlek`=1 AND `Active`=1") or die(mysql_error());
$fourLiter = mysql_query("SELECT * FROM produkter_sthlm WHERE `Storlek`=4 AND `Active`=1") or die(mysql_error());
$fiveLiter = mysql_query("SELECT * FROM produkter_sthlm WHERE `Storlek`=5 AND `Active`=1") or die(mysql_error());
$tenLiter = mysql_query("SELECT * FROM produkter_sthlm WHERE `Storlek`=10 AND `Active`=1") or die(mysql_error());
$twentyLiter = mysql_query("SELECT * FROM produkter_sthlm WHERE `Storlek`=20 AND `Active`=1") or die(mysql_error());
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Lagerstatus Stockholm - Petrolia Lagersystem</title>
<!-- Core CSS - Include with every page -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<link href="css/custom-style.css" rel="stylesheet">
<!-- Page-Level Plugin CSS - Blank -->
<!-- SB Admin CSS - Include with every page -->
<link href="css/sb-admin.css" rel="stylesheet">
</head>
<body>
<div id="wrapper">
<?php include "top_menu.php"; ?>
<?php include "side_menu.php"; ?>
<div id="page-wrapper">
<div class="row">
<h1 class="page-header">Lagerstatus - Stockholm <?php print(Date("F j, Y H:i:s")); ?></h1>
<form action="" method="post">
<div class="button-container">
<button type="submit" name="submit" class="btn btn-primary"><i class="fa fa-save fa-fw"></i>Spara ändring</button>
</div>
<div class="col-md-6 well">
<h2 class="horizontal">1 Liter</h2>
<?php echo "<table border='1' cellpadding='10'>";
echo "<tr><th>Typ</th> <th>Antal</th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $oneLiter )) {
echo '<input type="hidden" name="id" value="'.$row['ProdId'].'"/>';
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<h2 class="horizontal">4 Liter</h2>
<?php echo "<table border='1' cellpadding='10'>";
echo "<tr><th>Typ</th> <th>Antal</th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $fourLiter )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
</div>
<!-- /.col-lg-6 -->
<div class="col-md-6 well">
<h2 class="horizontal">5 Liter</h2>
<?php echo "<table border='1' cellpadding='10'>";
echo "<tr><th>Typ</th> <th>Antal</th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $fiveLiter )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<h2 class="horizontal">10 Liter</h2>
<?php echo "<table border='1' cellpadding='10'>";
echo "<tr><th>Typ</th> <th>Antal</th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $tenLiter )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<h2 class="horizontal">20 Liter</h2>
<?php echo "<table border='1' cellpadding='10'>";
echo "<tr><th>Typ</th> <th>Antal</th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $twentyLiter )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="prod['. $row['ProdId'] .']" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
</div>
<!-- /.col-lg-6 -->
</form>
</div>
<!-- /.row -->
</div>
<!-- /#page-wrapper -->
</div>
<!-- /#wrapper -->
<!-- Core Scripts - Include with every page -->
<script src="js/jquery-1.10.2.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/plugins/metisMenu/jquery.metisMenu.js"></script>
<!-- Page-Level Plugin Scripts - Blank -->
<!-- SB Admin Scripts - Include with every page -->
<script src="js/sb-admin.js"></script>
<!-- Page-Level Demo Scripts - Blank - Use for reference -->
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
foreach($_POST['prod'] as $item) {
$stock = mysql_real_escape_string(htmlspecialchars($item));
// check that prodname/color fields are both filled in
if ($stock == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $prodname, $color, $size, $packing, $minstock, $stock, $error);
}
else
{
echo "lol" . $_POST['prod'];
// save the data to the database
mysql_query("UPDATE produkter_sthlm SET Lagerstatus='$stock' WHERE ProdId='$item'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: lagerstatus_stockholm.php");
}
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// query db
$result = mysql_query("SELECT * FROM produkter_sthlm")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['ProdId'];
$prodname = $row['Prodnamn'];
$color = $row['Farg'];
$size = $row['Storlek'];
$packing = $row['antalPack'];
$minstock = $row['minLager'];
$stock = $row['Lagerstatus'];
// show form
renderForm($id, $prodname, $color, $size, $packing, $minstock, $stock, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
?>
答案 0 :(得分:0)
第一个脚本的第三行(包括评论):
echo '<input type="hidden" name="id" value="'<?php echo $row['ProdId']; ?>'"/>'
最后缺少分号。它也会在while循环的每次迭代中得到回应,这将导致$_POST['id']始终包含页面上最后一个“隐藏”输入标记的值。
我的建议是使用生成的密钥创建两个输入数据数组:
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $oneLiter )) {
echo '<input type="hidden" name="id[]" value="'<?php echo $row['ProdId']; ?>'"/>';
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Prodnamn'] . '<div class="min_lager">' . $row['minLager'] . '</div></td>';
echo '<td><input class="lager" type="number" name="status[]" value="' . $row['Lagerstatus'] . '"></td>';
echo "</tr>";
}
// close table>
echo "</table>";
然后您可以按如下方式循环结果。由于隐藏的输入和数字输入是成对呈现的,因此各个POST阵列的键将匹配:
foreach ($_POST['id'] as $key => $prodId) {
// As both seem to be integers, SQL injections can easily be filtered out by explicitly casting it to an integer
$prodId = (int) $prodId;
if ($prodId > 0) {
$prodStatus = (int) $_POST['status'][$key];
// do your processing here
}
}