我正在编写一个简单的脚本来在数据库中创建新行,读取并更新这些行/条目。我正在连接到rackspace托管的数据库。当我在我的localhost服务器(wamp)上运行脚本时,我可以读取,写入和更新数据库。但是当我在服务器上运行它(相同的脚本)时,它会从数据库中读取,但不会写入或更新数据库。我联系了Rackspace,他们没有帮助......这是我的剧本。有什么建议吗?
<?php
include_once('sanitize.php'); //sanitize.php used to sterilize inputs
/************************************************************************************/
/********************************* DATABASE CLASS ***********************************/
/************************************************************************************/
$hostname = 'xxx';
$database = 'xxx';
$username = 'xxx';
$password = 'xxx';
try {$DBH = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);}
catch(PDOException $e) { echo $e->getMessage();}
/************************************************************************************/
/********************************* MAIN FUNCTIONS ***********************************/
/************************************************************************************/
function list_active_orders() {
global $DBH;
$STH = $DBH -> prepare("SELECT * FROM orders ORDER BY id DESC");
$STH -> execute();
$dataSet = $STH -> fetchAll();
echo "<table class='activeOrders'>
<tr>
<th>DocNum</th>
<th>Customer</th>
<th>Rep</th>
<th>Product</th>
<th>Ordered</th>
<th>Shipped</th>
<th>Received</th>
<th>Delieverd</th>
</tr>";
foreach ($dataSet as $data) {
if(!$data['Ordered']) {
$Ordered = "<input type='checkbox' name='Ordered' value='Ordered' class='orderedCheckbox'>";
}
else {
$Ordered = $data['Ordered'];
}
if(!$data['Shipped']) {
$Shipped = "<input type='checkbox' name='Shipped' value='Shipped' class='shippedCheckbox'>";
}
else {
$Shipped = $data['Shipped'];
}
if(!$data['Received']) {
$Received = "<input type='checkbox' name='Received' value='Received' class='receivedCheckbox'>";
}
else {
$Received = $data['Received'];
}
if(!$data['Delivered']) {
$Delivered = "<input type='checkbox' name='Delivered' value='Delivered' class='deliveredCheckbox'>";
}
else {
$Delivered = $data['Delivered'];
}
echo "<tr id='".$data['id']."'>";
echo "<td>".$data['DocNum']."</td>";
echo "<td>".$data['Customer']."</td>";
echo "<td>".$data['Rep']."</td>";
echo "<td>".$data['Product']."</td>";
echo "<td>".$Ordered."</td>";
echo "<td>".$Shipped."</td>";
echo "<td>".$Received."</td>";
echo "<td>".$Delivered."</td>";
echo "</tr>";
}
echo "</table>";
}
function new_order($DocNum, $Customer, $Rep, $Product) {
global $DBH;
$STH = $DBH -> prepare("INSERT INTO orders (DocNum, Customer, Rep, Product) VALUES (:DocNum, :Customer, :Rep, :Product)");
$STH -> bindValue(':DocNum', $DocNum, PDO::PARAM_STR);
$STH -> bindValue(':Customer', $Customer, PDO::PARAM_STR);
$STH -> bindValue(':Rep', $Rep, PDO::PARAM_STR);
$STH -> bindValue(':Product', $Product, PDO::PARAM_STR);
$STH -> execute();
}
function update_order($column, $date, $id) {
global $DBH;
switch ($column) {
case 'Ordered':
$STH = $DBH -> prepare("UPDATE orders SET Ordered = :d WHERE id = :id");
break;
case 'Shipped':
$STH = $DBH -> prepare("UPDATE orders SET Shipped = :d WHERE id = :id");
break;
case 'Received':
$STH = $DBH -> prepare("UPDATE orders SET Received = :d WHERE id = :id");
break;
case 'Delivered':
$STH = $DBH -> prepare("UPDATE orders SET Delivered = :d WHERE id = :id");
break;
default:
# code...
break;
}
$STH -> bindValue(':d', $date, PDO::PARAM_STR);
$STH -> bindValue(':id', $id, PDO::PARAM_INT);
$STH -> execute();
}
/************************************************************************************/
/********************************** CONTROL LOOP ************************************/
/************************************************************************************/
$action = sanitize(@$_POST['action']);
$DocNum = sanitize(@$_POST['DocNum']);
$Customer = sanitize(@$_POST['Customer']);
$Rep = sanitize(@$_POST['Rep']);
$Product = sanitize(@$_POST['Product']);
$column = sanitize(@$_POST['column']);
$date = sanitize(@$_POST['d']);
$id = sanitize(@$_POST['id']);
switch ($action) {
case 'view_orders':
list_active_orders();
break;
case 'new_order':
new_order($DocNum, $Customer, $Rep, $Product);
break;
case 'Update_Order':
update_order($column, $date, $id);
break;
default:
break;
}
?>
**************** UPDATE ************
我发现了问题......这是我的sanitize.php文件。看了我的php错误日志后,我发现了这个条目数百次
[28-Apr-2014 15:54:43 America/Chicago] PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /mnt/target03/354651/orders.entrerock.com/web/content/sanitize.php on line 26
从我的functions.php文件中删除sanitize.php后,我能够写入数据库。我的问题是为什么会发生这种错误?我之前使用过这个清理脚本,从来没有遇到任何问题。这是脚本......
<?php
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
?>
答案 0 :(得分:0)
我的问题是为什么会发生这种错误?
答案是你试图混合两个库,PDO和mysql_*。
除了mysql_*之外,我不相信,但我相信你已经知道了。
我无法向你提供内在的理由,但这样做只是一个坏主意。
如果您正在使用PDO,并且正在准备好您的查询,则不必担心逃避视觉效果。