访问数据库中的新存储数据

时间:2014-05-11 21:00:42

标签: php mysql database

我使用客户表单和购买表单收集数据,然后将其存储在db_clientData.phpdb_purchaseData.php上,我将其写在客户端和购买的数据库表上。

然后在db_salesReport.php文件上我访问了这两个表,但它没有显示新存储的信息,只显示了我手动估算的旧行(而不是使用表格)。

为什么不显示新信息?
有人能告诉我我错过了什么吗?

新客户表单:

<form  action="db_clientData.php" method="post">
First Name: <input type='text' name='client_fname' /><br />
Last Name: <input type='text' name='client_lname' /><br />
City: <select name='client_city'>
    <option>Prishtine</option>
    <option>Mitrovice</option>
    <option>Peje</option>
    <option>Gjakove</option>
        <option>Ferizaj</option>
        <option>Prizren</option>
</select><br />
Gender: <select name='client_sex'>
    <option>F</option>
    <option>M</option>
</select><br />
Username(3-10 characters): <input type='text' name='client_username' /><br />
Password(3-10 characters): <input type='password' name='client_pass' /><br />
<input type='submit' value='Submit' />
<input type="reset" value="Clear" />

购买表格:

    <form  action="db_purchaseData.php" method="post">
Book: <select name='purchase_book'>
    <option>Darka e gabuar</option>
    <option>Populli i ndalur</option>
    <option>Bageti e Bujqesi</option>
    <option>Fjala gdhend gurin</option>
        <option>Shtiegje Poetike</option>
        <option>Bashkohesit</option>
        <option>Colored Water</option>
        <option>Selected Poems</option>
        <option>Olivion Favorites</option>
</select><br />
Amount: <input type='number' name='purchase_amount' /><br />

<input type='submit' value='Submit' />
<input type="reset" value="Clear" />
</form>

存储新客户:

<?php
        include('db_login.php');
            // Connect
    $connection = mysql_connect($db_host, $db_username, $db_password);
        if (!$connection){
            die("Could not connect to the database: <br />". mysql_error( ));
        }
            // Select the database
    $db_select = mysql_select_db($db_database);
        if (!$db_select){
            die ("Could not select the database: <br />". mysql_error( ));
        }


$fname = isset($_POST['client_fname']) ? $_POST['client_fname'] : null;
$lname = isset($_POST['client_lname']) ? $_POST['client_lname'] : null;
$city = isset ($_POST['client_city']) ? $_POST['client_city'] : null;
$sex = isset($_POST['client_sex']) ? $_POST['client_sex'] : null;
$username = isset ($_POST['client_username']) ? $_POST['client_username'] : null;
$pass = isset ($_POST['client_pass']) ? $_POST['client_pass'] : null;


$sql = "INSERT INTO clients (client_fname, client_lname, client_city, client_sex, client_username, client_pass) VALUES ('$fname','$lname','$city','$sex','$username',MD5('$pass'))";
mysql_query($sql, $connection);  


mysql_close();

echo "Data stored on database."; 

?>

<a href="db_testAuth.php"><br><input type='button' value='Log In'></a>

存储新购买:

<?php
        include('db_login.php');
            // Connect
    $connection = mysql_connect($db_host, $db_username, $db_password);
        if (!$connection){
            die("Could not connect to the database: <br />". mysql_error( ));
        }
            // Select the database
    $db_select = mysql_select_db($db_database);
        if (!$db_select){
            die ("Could not select the database: <br />". mysql_error( ));
        }


$bookname = isset($_POST['purchase_book']) ? $_POST['purchase_book'] : null;
$bookamount = isset($_POST['purchase_amount']) ? $_POST['purchase_amount'] : null;


$sql = "INSERT INTO purchases (purchase_book, purchase_amount) VALUES ('$bookname','$bookamount')";
mysql_query($sql, $connection);  


mysql_close();

echo "Data stored on database."; 

?>

<a href="db_salesReport.php"><br><input type='button' value='Sales Report'></a>

在db_salesReport.php上调用数据:

<body>
<p>Sales Report</p>
<table border="2">
    <tr>
        <th>Client ID</th>
        <th>Name</th>
        <th>Surname</th>
        <th>Username</th>
        <th>Purchase ID</th>
    <th>Book title</th>
    <th>Amount</th>

    </tr>
   <?php
            //Include our login information
    include('db_login.php');
            // Connect
    $connection = mysql_connect($db_host, $db_username, $db_password);
        if (!$connection){
            die("Could not connect to the database: <br />". mysql_error( ));
        }
            // Select the database
    $db_select = mysql_select_db($db_database);
        if (!$db_select){
            die ("Could not select the database: <br />". mysql_error( ));
        }
            // Assign the query
    $query = "SELECT clients.client_id, clients.client_fname, clients.client_lname, clients.client_username, purchases.purchase_id, purchases.purchase_book, purchases.purchase_amount from clients,purchases where clients.book_id=purchases.book_id;";
            // Execute the query
        $result = mysql_query($query);
        if (!$result){
            die ("Could not query the database: <br />". mysql_error( ));
        }
            // Fetch and display the results
    while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
        $client_id = $row["client_id"];
        $client_fname = $row["client_fname"];
        $client_lname = $row["client_lname"];
        $client_username = $row["client_username"];
    $purchase_id = $row["purchase_id"];
        $purchase_book = $row["purchase_book"];
    $purchase_amount = $row["purchase_amount"];
            echo "<tr>";
            echo "<td>$client_id</td>";
                        echo "<td>$client_fname</td>";
            echo "<td>$client_lname</td>";
            echo "<td>$client_username</td>";
            echo "<td>$purchase_id</td>";
                        echo "<td>$purchase_book</td>";
            echo "<td>$purchase_amount</td>";
            echo "</tr>";
        }
                // Close the connection
    mysql_close($connection);
   ?>
</body>
</html>

1 个答案:

答案 0 :(得分:0)

这是因为您提取数据的查询假设客户与购买之间存在关联:

from clients,purchases where clients.book_id=purchases.book_id

但是,我不会在您的客户或购买表单中添加任何有关book_id的内容。

此外,请确保您的数据已经过清理,这样您就不会成为mysql注入的受害者。

相关问题
最新问题