此代码完美地用于更新一个OrderIn_ID或一个orderOut_id,它将付费列设置为是,然后转到显示这些结果的页面。但是如果我订购了多个orderIn_id或多个orderOut_id,它只会更新第一个,而且所有其他ID记录都保留为No.我应该使用案例开关还是while循环来获取包含在其中的所有订单ID订单发票。我知道这是受SQL注入的,这是第一学期的学校项目,我们此时还没有学过PDO。我没有收到任何错误,只是不会更新orderIn_id或orderOut_id的多条记录。这是按下此发票时调用的PHP代码。它是否可以一次更新多条记录,是否可以在发票表中插入多个orderIn_id或orderOut_id?
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if(isset($_SESSION['orderIn'])) {
$orderIn_id = $_SESSION['orderIn'];
$orderIn_paid = "Yes";
$changeVal="UPDATE order_instate
SET orderIn_paid = '$orderIn_paid'
WHERE orderIn_id = '$orderIn_id'; " ;
$changeCheck=mysqli_query($dbhandle, $changeVal)
or die(mysqli_error($dbhandle));
}
if(isset($_SESSION['orderOut'])) {
$orderOut_id = $_SESSION['orderOut'];
$orderOut_paid = "Yes";
$changeVal2="UPDATE order_outstate
SET orderOut_paid = '$orderOut_paid'
WHERE orderOut_id = '$orderOut_id'; " ;
$changeCheck2=mysqli_query($dbhandle, $changeVal2)
or die(mysqli_error($dbhandle));
}
$invoice_total = 0;
$invoice_total = $gtotal;
$invoice_shipped = "No";
$shipped_date = "0000-00-00";
$add ="INSERT INTO invoice(user_id, orderIn_id, orderOut_id, invoice_total, invoice_shipped, shipped_date)
VALUES ('$user_id', '$orderIn_id', '$orderOut_id', '$invoice_total', '$invoice_shipped', '$shipped_date')";
$addCheck=mysqli_query($dbhandle, $add)
or die(mysqli_error($dbhandle));
if($addCheck != NULL) {
header("location: userOrders.php");
mysqli_free_result ($displayResult);
}
}
?>
答案 0 :(得分:0)
if( isset($_SESSION['orderIn']) && is_array($_SESSION['orderIn']) ) {
foreach($_SESSION['orderIn'] as $key => $order){
$orderIn_id = $_SESSION['orderIn'][$key];
$orderIn_paid = "Yes";
$changeVal="UPDATE order_instate
SET orderIn_paid = '$orderIn_paid'
WHERE orderIn_id = '$orderIn_id'; " ;
$changeCheck=mysqli_query($dbhandle, $changeVal) ;
}
}
您可能会开始做一些简单的事情,然后您可以更聪明地构建单个插入查询,而不是多次点击数据库。看看这个答案:
Inserting multiple rows in mysql
你的任务是建立相应的顶部答案中给出的查询,你在循环中这样做,然后只将它发送到数据库一次。
但这应该是你的首发。