我正在一个网站上工作,并制作了一个可以添加车辆的表格。现在我创建了一个您应该能够编辑它们的表单,但是当我按下编辑车辆时它会显示我的默认错误消息
Beim Speichern ist leider ein Fehler aufgetreten
现在我需要你的帮助。我不知道问题可能在哪里,但我认为它必须对更新查询做些什么
myTextBox.Text = "ORD-082619/1020, ORD-082619/1021, ORD-082619/1022, ORD-082619/1023";
答案 0 :(得分:1)
Prepared语句具有不同的SQL语法参数。而不是[$EKNR]使用:EKNR。
然后在执行时传递数组中的参数:array(':EKNR' => $EKNR,...。
SQL语句可以包含零个或多个命名(:name)或问题 标记(?)参数标记,将替换实际值 当语句执行时。
http://php.net/manual/en/pdo.prepare.php
您的代码中有几处错误:
删除您传递的值周围的引号。这样:'$Modell'将保存文字值“$ Model1”,而不是存储在$Modell变量中的值。
参数名称必须与SQL中的名称匹配。例如,在SQL中你有:
`MotorNr` = :MotorNummer,
但你传递了一个参数:
':MotorNr' => $MotorNummer,
:MotorNr必须替换为:MotorNummer。有这样的几个错误。解决所有问题。
您的代码是vulnerable to SQL injection.最后,您将变量直接传递给SQL而不使用参数:
EKNR = $id
将其替换为:
EKNR = :id
并将一个额外的参数传递给execute:
':id' => $id
无需保存id值:
SET `EKNR`=:EKNR
据我所知EKNR是记录的ID。无需保存,它将保持不变。
答案 1 :(得分:0)
在您要传递的数组中,删除数组中值的单引号。
$result = $statement->execute(array(
':EKNR' => $EKNR ,
':EKDatum' => $EKDatum ,
':RGNummer' => $RGNummer ,
':Marke' => $Marke ,
':Modell' => $Modell ,
':EZ' => $EZ ,
':MotorNr' => $MotorNummer ,
':FIN' => $Fin ,
':KM' => $KM ,
':VK' => $VK ,
':EKBrutto' => $EKBrutto ,
':EKNetto' => $EKNetto ,
':Farbe' => $Lack ,
':VKDatum' => $VKDatum ,
));
答案 2 :(得分:0)
解决的代码:
<?php
function updater($value,$value2,$value3,$value4,$value5,$value6,$value7,$value8,$value9,$value10,$value11,$value12,$value13,$value14,$value15,$value16,$value17,$value18){
// Create connection
$conn = new mysqli( 'localhost' , 'user' , 'pass' ,'db_name' );
$value =mysqli_real_escape_string($conn,$value);
$value2 =mysqli_real_escape_string($conn,$value2);
$value3 =mysqli_real_escape_string($conn,$value3);
$value4 =mysqli_real_escape_string($conn,$value4);
$value5 =mysqli_real_escape_string($conn,$value5);
$value6 =mysqli_real_escape_string($conn,$value6);
$value7 =mysqli_real_escape_string($conn,$value7);
$value8 =mysqli_real_escape_string($conn,$value8);
$value9 =mysqli_real_escape_string($conn,$value9);
$value10 =mysqli_real_escape_string($conn,$value10);
$value11 =mysqli_real_escape_string($conn,$value11);
$value12 =mysqli_real_escape_string($conn,$value12);
$value13 =mysqli_real_escape_string($conn,$value13);
$value14 =mysqli_real_escape_string($conn,$value14);
$value15 =mysqli_real_escape_string($conn,$value15);
$value16 =mysqli_real_escape_string($conn,$value16);
$value17 =mysqli_real_escape_string($conn,$value17);
$value18 =mysqli_real_escape_string($conn,$value18);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE Fahrzeugverkauf SET EKNR='{$value}', EKDatum='{$value3}' , RGNummer='{$value4}' , Marke='{$value5}' , Modell='{$value6}' , Farbe='{$value7}', VKNummer='{$value8}', EZ='{$value9}', FIN='{$value10}', KM='{$value11}', VK='{$value12}', EKBrutto='{$value13}', EKNetto='{$value14}', VKDatum='{$value15}', MotorNr='{$value16}', Status='{$value17}', Anmerkung='{$value18}' WHERE EKNR='{$value2}'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
if($_SERVER['REQUEST_METHOD'] === 'POST') {
$value = $_POST['EKNR'];
$value2 = $_POST['EKNR2'];
$value3 = $_POST['EK-Datum'];
$value4 = $_POST['RG-Nummer'];
$value5 = $_POST['Marke'];
$value6 = $_POST['Modell'];
$value7 = $_POST['Farbe'];
$value8 = $_POST['VKnummer'];
$value9 = $_POST['EZ'];
$value10 = $_POST['FIN'];
$value11 = $_POST['KM'];
$value12 = $_POST['VK'];
$value13 = $_POST['EK-Brutto'];
$value14 = $_POST['EK-Netto'];
$value15 = $_POST['Verkaufsdatum'];
$value16 = $_POST['Motornummer'];
$value17 = $_POST['selektion'];
$value18 = $_POST['anmerkung'];
updater($value,$value2,$value3,$value4,$value5,$value6,$value7,$value8,$value9,$value10,$value11,$value12,$value13,$value14,$value15,$value16,$value17,$value18);
}
?>