Mysql INSERT SUBQUERY无法正常工作

时间:2014-08-21 18:41:48

标签: php mysql forms

任何人都可以告诉我这个查询有什么问题

$query = "
    INSERT INTO brand_generic.brand_drug (
        drug_id, brand_drug_name, manufacturer, type, price
) VALUES (
    (SELECT id FROM brand_generic.generic_drug WHERE generic_drug_name = '{$safe_generic_drug_name}'), '{$safe_brand_drug_name}', '{$safe_manufacturer_name}', '{$safe_type}', {$safe_price}
);";

它没有显示任何错误,但它也没有从PHP文件插入数据库,但是当我通过phpmyadmin手动执行它时,它只是将实际值放在变量的位置。 我不认为我的查询有任何错误,但仍然没有在数据库中插入数据,所以我想我应该把文件的全部内容放在这里...... 

<?php
if(isset($_POST['submit'])){
 $generic_drug_name = $_POST['generic_drug_name'];
 $brand_drug_name = $_POST['brand_drug_name'];
 $manufacturer_name = $_POST['manufacturer_name'];
 $type = $_POST['type'];
 $price = $_POST['price'];
 }else{
    $generic_drug_name = '';
    $brand_drug_name = '';
    $manufacturer_name = '';
    $type = '';
    $price = '';
}
    $errors = ''; 
    $errors['generic_drug_nameErr'] = '';
    $errors['brand_drug_nameErr'] = '';
    $errors['manufacturer_nameErr'] = '';
    $errors['typeErr'] = '';
    $errors['priceErr'] = '';

?>
 <body>
  <header>
    <?php echo navigation(); ?>
  </header>
<section>       
<div id="envelope">

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">

<?php       

        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            if (empty($_POST["generic_drug_name"])) {
               $errors['generic_drug_nameErr'] = "Name is required";

            }else{
               $generic_drug_name = test_input($_POST["generic_drug_name"]);
                 // check if name only contains letters and whitespace
                 if (!preg_match("/^[a-zA-Z ]*$/",$generic_drug_name)) {
                   $errors['generic_drug_nameErr'] = "Only letters and white space allowed";
                 }
               }
            if (empty($_POST["brand_drug_name"])) {
               $errors['brand_drug_nameErr'] = "Name is required";

            }else{
               $brand_drug_name = test_input($_POST["brand_drug_name"]);
                 // check if name only contains letters and whitespace
                 if (!preg_match("/^[a-zA-Z ]*$/",$brand_drug_name)) {
                   $errors['brand_drug_nameErr'] = "Only letters and white space allowed";
                 }
               }
            if (empty($_POST["manufacturer_name"])) {
               $errors['manufacturer_nameErr'] = "Name is required";

            }else{
               $manufacturer_name = test_input($_POST["manufacturer_name"]);
                 // check if name only contains letters and whitespace
                 if (!preg_match("/^[a-zA-Z ]*$/",$manufacturer_name)) {
                   $errors['manufacturer_nameErr'] = "Only letters and white space allowed";
                 }
               }
            if (empty($_POST["type"])) {
                 $errors['typeErr'] = "Type is required";
               } else {
                 $type = test_input($_POST["type"]);
                 // check if e-mail address is well-formed
                 if (!preg_match("/^[a-zA-Z ]*$/",$type)) {
                   $errors['typeErr'] = "Only letters and white space allowed";
                 }
               }
            if (empty($_POST["price"])) {
                 $errors['priceErr'] = "";
               } else {
                 $price = test_input($_POST["price"]);
                 // check if e-mail address is well-formed
                 if (!preg_match("/^[0-9\_]{1,4}/",$price)) {
                   $errors['priceErr'] = "Invalid price format";
                 }
               }                        
        }
?>
<center><h1>Add a new brand drug</h1></center><br>
<label>Generic Drug Name</label><span class="error">* </span><span class="text"><?php echo $errors['generic_drug_nameErr'];?></span>
<input type="text" name="generic_drug_name" placeholder="Enter Generic drug Names" value="<?php echo htmlspecialchars($generic_drug_name); ?>" width="100px;"/>
<label>Brand Drug Name</label><span class="error">* </span><span class="text"><?php echo $errors['brand_drug_nameErr'];?></span>
<input type="text" name="brand_drug_name" placeholder="Amlokind" autofocus="autofocus" value="<?php echo htmlspecialchars($brand_drug_name); ?>" width="100px;">
<label>Manufacturer</label><span class="error">* </span><span class="text"><?php echo $errors['manufacturer_nameErr'];?></span>
<input type="text" name="manufacturer_name" placeholder="Glaxo Smithkline Pharmaceuticals Pvt. Ltd." autofocus="autofocus" value="<?php echo htmlspecialchars($manufacturer_name); ?>">
<label>Type</label><span class="error">* </span><span class="text"><?php echo $errors['typeErr'];?></span>
<input type="text" name="type" placeholder="Tablet" autofocus="autofocus" value="<?php echo htmlspecialchars($type); ?>">       
<label>Price</label><span class="error">* </span><span class="text"><?php echo $errors['priceErr'];?></span>
<input type="text" name="price" placeholder="10.45" autofocus="autofocus" value="<?php echo htmlspecialchars($price); ?>" >
<input type="submit" name = "submit" value="Add" id="submit"/>

</form>
</div>
<?php  
if(isset($_POST['submit'])){
     /*$generic_drug_name = $_POST['generic_drug_name'];
     $brand_drug_name = $_POST['brand_drug_name'];
     $manufacturer_name = $_POST['manufacturer_name'];
     $type = $_POST['type'];
     $price = $_POST['price'];*/
        if(empty($errors)){
            $safe_generic_drug_name = strtoupper($generic_drug_name);               
            $safe_brand_drug_name = strtoupper($brand_drug_name);
            $safe_manufacturer_name = ucwords($manufacturer_name);
            $safe_type = ucfirst($type);
            $safe_price = $price;

            $query = "INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price)   
                        SELECT id, '{$safe_brand_drug_name}','{$safe_manufacturer_name}', '{$safe_type}', {$safe_price}
                        FROM brand_generic.generic_drug 
                        WHERE generic_drug_name = '{$safe_generic_drug_name}';";
                    //INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price) VALUES ((SELECT id FROM brand_generic.generic_drug WHERE generic_drug_name = 'AMLODIPINE'), 'ZODIPINE', 'Zorex Pharma Pvt  Ltd', 'Tablet', 10);
            if(!$query){ 
                die(mysqli_error());
            }
            $result = mysqli_query($connection, $query);
            var_dump($result);

            if($result){
            $_SESSION["message"] = "Successfully subject created";
                //redirect_to("manage_content.php");
            echo $_SESSION["message"];
            }else{
            $_SESSION["message"] = "Sorry, subject couldn't be created";
                //redirect_to("new_subject.php");
            echo $_SESSION["message"];
            }
        }
    }

?>

对不起伙计们,但是从早上开始我就试图找错误但我一无所获......请帮助我,如果有一个小小的错误就不要生气......谢谢大家...... .. :))

3 个答案:

答案 0 :(得分:1)

INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price)   
SELECT id, '{$safe_brand_drug_name}','{$safe_manufacturer_name}', '{$safe_type}', {$safe_price}
FROM brand_generic.generic_drug 
WHERE generic_drug_name = '{$safe_generic_drug_name}'

答案 1 :(得分:0)

尝试这一个:

INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price)  SELECT ((SELECT id FROM brand_generic.generic_drug WHERE generic_drug_name = '{$safe_generic_drug_name}'), '{$safe_brand_drug_name}', '{$safe_manufacturer_name}', '{$safe_type}', {$safe_price});

答案 2 :(得分:0)

你不能运行那样的选择。这是一个专门的

INSERT INTO ...
SELECT ... FROM

syntax就此而言,你可能更容易受到sql injection attacks的攻击。<​​/ p>

相关问题
最新问题