我正在尝试使用POST方法尝试将文本添加到我的数据库字段中。我特别谈到的数据库字段叫做ProductVariantHTML。有些原因,它没有将数据发布到我的数据库中。
这是我表格中的textarea
<tr>
<td><label for="product-variant-html-description">Variant HTML Description:</label></td>
<td><textarea id="product-variant-html-description" name="ProductVariantHTML" maxlength=""><?=htmlspecialchars($productVariantHTML)?></textarea></td>
<td><span class="input-help"></span></td>
</tr>
这是ProductVariant类
<?php
class ProductVariant
{
// Attributes
private $_Con;
private $_productVariantID;
private $_productID;
private $_SKU;
private $_MPN;
private $_barcode;
private $_price;
private $_salePrice;
private $_finalPrice;
private $_stock;
private $_length;
private $_height;
private $_width;
private $_weight;
private $_leadTimeFrom;
private $_leadTimeTo;
private $_soldCount;
private $_createdDate;
//Nathan Added 2017
private $_productVariantHTML;
//Nathan Added 2017
public function __construct(MySQLi $Con = NULL, $productVariantID = NULL, $productID = NULL, $SKU = NULL, $MPN = NULL, $barcode = NULL, $price = NULL, $salePrice = NULL, $finalPrice = NULL, $stock = NULL, $length = NULL, $height = NULL, $width = NULL, $weight = NULL, $leadTimeFrom = NULL, $leadTimeTo = NULL, $soldCount = NULL, $createdDate = NULL, $productVariantHTML = NULL)
{
$this->_Con = $Con;
$this->_productVariantID = $productVariantID;
$this->_productID = $productID;
$this->_SKU = $SKU;
$this->_MPN = $MPN;
$this->_barcode = $barcode;
$this->_price = $price;
$this->_salePrice = $salePrice;
$this->_finalPrice = $finalPrice;
$this->_stock = $stock;
$this->_length = $length;
$this->_height = $height;
$this->_width = $width;
$this->_weight = $weight;
$this->_leadTimeFrom = $leadTimeFrom;
$this->_leadTimeTo = $leadTimeTo;
$this->_soldCount = $soldCount;
$this->_createdDate = $createdDate;
//Nathan Added 2017
$this->_productVariantHTML = $productVariantHTML;
}
// Properties Get
public function GetProductVariantID() { return $this->_productVariantID; }
public function GetProductID() { return $this->_productID; }
public function GetSKU() { return $this->_SKU; }
public function GetMPN() { return $this->_MPN; }
public function GetBarcode() { return $this->_barcode; }
public function GetPrice() { return $this->_price; }
public function GetSalePrice() { return $this->_salePrice; }
public function GetFinalPrice() { return $this->_finalPrice; }
public function GetStock() { return $this->_stock; }
public function GetLength() { return $this->_length; }
public function GetHeight() { return $this->_height; }
public function GetWidth() { return $this->_width; }
public function GetWeight() { return $this->_weight; }
public function GetLeadTimeFrom() { return $this->_leadTimeFrom; }
public function GetLeadTimeTo() { return $this->_leadTimeTo; }
public function GetSoldCount() { return $this->_soldCount; }
public function GetCreatedDate() { return $this->_createdDate; }
//Nathan Added 2017
public function GetProductVariantHTML() { return $this->_productVariantHTML; }
// Properties Set
public function SetProductVariantID($v) { $this->_productVariantID = $v; }
public function SetProductID($v) { $this->_productID = $v; }
public function SetSKU($v) { $this->_SKU = $v; }
public function SetMPN($v) { $this->_MPN = $v; }
public function SetBarcode($v) { $this->_barcode = $v; }
public function SetPrice($v) { $this->_price = $v; }
public function SetSalePrice($v) { $this->_salePrice = $v; }
public function SetFinalPrice($v) { $this->_finalPrice = $v; }
public function SetStock($v) { $this->_stock = $v; }
public function SetLength($v) { $this->_length = $v; }
public function SetHeight($v) { $this->_height = $v; }
public function SetWidth($v) { $this->_width = $v; }
public function SetWeight($v) { $this->_weight = $v; }
public function SetLeadTimeFrom($v) { $this->_leadTimeFrom = $v; }
public function SetLeadTimeTo($v) { $this->_leadTimeTo = $v; }
public function SetSoldCount($v) { $this->_soldCount = $v; }
public function SetCreatedDate($v) { $this->_createdDate = $v; }
//Nathan Added 2017
public function SetProductVariantHTML($v) { $this->_productVariantHTML = $v; }
public function FillProductVariantFromDBByProductID($productID)
{
$productID = $this->_Con->real_escape_string($productID);
$variantSQL = $this->_Con->query("SELECT ProductVariantID, ProductID, SKU FROM product_variant WHERE ProductID = $productID");
if ($variantSQL == TRUE && $variantSQL->num_rows > 0) {
while ($variantRow = $variantSQL->fetch_assoc()) {
$ProductVariants[] = new self(NULL, (int)$variantRow['ProductVariantID'], (int)$variantRow['ProductID'], $variantRow['SKU']);
}
return $ProductVariants;
}
else {
return FALSE;
}
}
public function FillProductVariantFromDBByProductVariantID($productVariantID)
{
$productVariantID = $this->_Con->real_escape_string($productVariantID);
$variantSQL = $this->_Con->query("SELECT * FROM product_variant WHERE ProductVariantID = $productVariantID");
if ($variantSQL == TRUE && $variantSQL->num_rows > 0) {
$variantRow = $variantSQL->fetch_assoc();
$this->_productVariantID = (int)$variantRow['ProductVariantID'];
$this->_productID = (int)$variantRow['ProductID'];
$this->_SKU = $variantRow['SKU'];
$this->_MPN = $variantRow['MPN'];
$this->_barcode = $variantRow['Barcode'];
$this->_price = (float)$variantRow['Price'];
$this->_salePrice = ($variantRow['SalePrice'] == NULL) ? NULL : (float)$variantRow['SalePrice'];
$this->_finalPrice = (float)$variantRow['FinalPrice'];
$this->_stock = (int)$variantRow['Stock'];
$this->_length = ($variantRow['Length'] == NULL) ? NULL : (float)$variantRow['Length'];
$this->_height = ($variantRow['Height'] == NULL) ? NULL : (float)$variantRow['Height'];
$this->_width = ($variantRow['Width'] == NULL) ? NULL : (float)$variantRow['Width'];
$this->_weight = ($variantRow['Weight'] == NULL) ? NULL : (float)$variantRow['Weight'];
$this->_leadTimeFrom = (int)$variantRow['LeadTimeFrom'];
$this->_leadTimeTo = (int)$variantRow['LeadTimeTo'];
//Nathan Added 2017
$this->_productVariantHTML = $variantRow['ProductVariantHTML'];
return TRUE;
}
else {
return FALSE;
}
}
// Create variant
public function CreateVariant($productID, $SKU, $MPN, $barcode, $price, $stock)
{
// Assign variables
$Con = $this->_Con;
$productID = $Con->real_escape_string($productID);
$SKU = $Con->real_escape_string(trim($SKU));
if (empty($MPN)) {
$MPN = 'NULL';
} else {
$MPN = "'" . $Con->real_escape_string(trim($MPN)) . "'";
}
if (empty($barcode)) {
$barcode = 'NULL';
} else {
$barcode = "'" . $Con->real_escape_string(trim($barcode)) . "'";
}
$price = $Con->real_escape_string($price);
$finalPrice = $price;
$stock = $Con->real_escape_string($stock);
// Turn off autocommit
$Con->autocommit(FALSE);
$Con->query('BEGIN');
$variantSQL = $Con->query("INSERT INTO product_variant (ProductID, SKU, MPN, Barcode, Price, FinalPrice, Stock, LeadTimeFrom, LeadTimeTo)
VALUES ($productID, '$SKU', $MPN, $barcode, $price, $finalPrice, $stock, 1, 2)");
// Update productVariantID
$productVariantID = $Con->insert_id;
$this->_productVariantID = $productVariantID;
$detailSQL = $Con->query("INSERT INTO product_detail (ProductVariantID)
VALUES ($productVariantID)");
if ($variantSQL == TRUE && $detailSQL == TRUE) {
// Commit the data, turn autocommit on
$Con->commit();
$Con->autocommit(TRUE);
return TRUE;
}
else {
// If error inputting ANY data, rollback
$Con->rollback();
$Con->autocommit(TRUE);
return FALSE;
}
}
// Create multi variant
public function CreateMultiVariant($variant, $productID, $SKU, $MPN, $barcode, $price, $stock, $variantStr)
{
// Assign variables
$Con = $this->_Con;
$productID = $Con->real_escape_string($productID);
$success = TRUE;
// Turn off autocommit
$Con->autocommit(FALSE);
$Con->query('BEGIN');
// Loop through variant types and values
foreach ($variant as $key => $val)
{
// Get variant type and insert into database
$dbVariant = $Con->real_escape_string($key);
$variantSQL = $Con->query("INSERT INTO variant (Variant)
VALUES ('$dbVariant')");
if ($success == TRUE && $variantSQL == TRUE)
{
$variantID = $Con->insert_id;
// Loop through each variant type values
foreach ($val as $v)
{
$dbVariantValue = $Con->real_escape_string($v);
$variantValueSQL = $Con->query("INSERT INTO variant_value (VariantID, VariantValue)
VALUES ($variantID, '$dbVariantValue')");
if ($variantValueSQL == TRUE) {
$variantIDLink[$v] = $Con->insert_id;
}
else {
$success = FALSE;
break;
}
}
}
else
{
$success = FALSE;
break;
}
}
if ($success == TRUE)
{
for ($i = 0; isset($SKU[$i]); $i++)
{
$dbSKU = $Con->real_escape_string(trim($SKU[$i]));
if (empty($MPN[$i])) {
$dbMPN = 'NULL';
} else {
$dbMPN = "'" . $Con->real_escape_string(trim($MPN[$i])) . "'";
}
if (empty($barcode[$i])) {
$dbBarcode = 'NULL';
} else {
$dbBarcode = "'" . $Con->real_escape_string(trim($barcode[$i])) . "'";
}
$dbPrice = $Con->real_escape_string($price[$i]);
$dbFinalPrice = $dbPrice;
$dbStock = $Con->real_escape_string($stock[$i]);
// SQL INSERT for Product Variant
$pVariantSQL = $Con->query("INSERT INTO product_variant (ProductID, SKU, MPN, Barcode, Price, FinalPrice, Stock, LeadTimeFrom, LeadTimeTo)
VALUES ($productID, '$dbSKU', $dbMPN, $dbBarcode, $dbPrice, $dbFinalPrice, $dbStock, 1, 2)");
$productVariantID = $Con->insert_id;
$this->_productVariantID = $productVariantID;
$dbVariantStrArray = explode('|', $variantStr[$i]);
foreach ($dbVariantStrArray as $dbVariantStr)
{
// Get ID of variant type
$dbVariantID = $variantIDLink[$dbVariantStr];
// SQL INSERT for Product Detail
$pDetailSQL = $Con->query("INSERT INTO product_detail (ProductVariantID, VariantValueID)
VALUES ($productVariantID, $dbVariantID)");
if ($pDetailSQL != TRUE) {
$success = FALSE;
break;
}
}
if ($success == FALSE || $pVariantSQL == FALSE || $variantSQL == FALSE || $variantValueSQL == FALSE || $pDetailSQL == FALSE) {
$success = FALSE;
break;
}
}
}
if ($success == TRUE) {
// Commit the data, turn autocommit on
$Con->commit();
$Con->autocommit(TRUE);
return TRUE;
}
else {
// If error inputting ANY data, rollback
$Con->rollback();
$Con->autocommit(TRUE);
return FALSE;
}
}
public function UpdatedProductVariant($productVariantID, $SKU, $MPN, $barcode, $price, $salePrice, $stock, $length, $height, $width, $weight, $leadTimeFrom, $leadTimeTo, $productVariantHTML)
{
$productVariantID = $this->_Con->real_escape_string($productVariantID);
$SKU = $this->_Con->real_escape_string($SKU);
$MPN = $this->_Con->real_escape_string($MPN);
if (empty($barcode)) {
$barcode = 'NULL';
} else {
$barcode = "'" . $this->_Con->real_escape_string($barcode) . "'";
}
$price = $this->_Con->real_escape_string($price);
if (empty($salePrice)) {
$salePrice = 'NULL';
$finalPrice = $price;
} else {
$salePrice = $this->_Con->real_escape_string($salePrice);
$finalPrice = $salePrice;
}
$stock = $this->_Con->real_escape_string($stock);
if (empty($length)) {
$length = 'NULL';
} else {
$length = $this->_Con->real_escape_string($length);
}
if (empty($height)) {
$height = 'NULL';
} else {
$height = $this->_Con->real_escape_string($height);
}
if (empty($width)) {
$width = 'NULL';
} else {
$width = $this->_Con->real_escape_string($width);
}
if (empty($weight)) {
$weight = 'NULL';
} else {
$weight = $this->_Con->real_escape_string($weight);
}
if (empty($productVariantHTML)) {
$productVariantHTML = 'NULL';
} else {
$productVariantHTML = $this->_Con->real_escape_string($productVariantHTML);
}
$leadTimeFrom = $this->_Con->real_escape_string($leadTimeFrom);
$leadTimeTo = $this->_Con->real_escape_string($leadTimeTo);
$variantSQL = $this->_Con->query("UPDATE product_variant SET SKU = '$SKU', MPN = '$MPN', Barcode = $barcode, Price = $price, SalePrice = $salePrice, FinalPrice = $finalPrice, Stock = $stock, Length = $length, Height = $height, Width = $width, Weight = $weight, LeadTimeFrom = $leadTimeFrom, LeadTimeTo = $leadTimeTo, ProductVariantHTML = $productVariantHTML WHERE ProductVariantID = $productVariantID");
if ($variantSQL == TRUE) {
return TRUE;
}
else {
return FALSE;
}
}
// Delete variant
public function DeleteVariant()
{
// Assign variables
$Con = $this->_Con;
$productVariantID = $this->_productVariantID;
$deleteSQL = $Con->query("DELETE FROM product_variant WHERE ProductVariantID = $productVariantID");
if ($deleteSQL == TRUE) {
return TRUE;
}
else {
return FALSE;
}
}
// Destructor
public function __destruct()
{
}
}
?>
这是edit-product-variants.php
<?php
include ('includes/site-define.php');
include ('includes/connection-open.php');
include ('includes/checks.php');
$metaTitle = 'Edit Product Variant';
$ConsoleMessage = new ConsoleMessage();
$productVariantID = (isset($_GET['product_variant_id'])) ? $_GET['product_variant_id'] : NULL;
$productID = NULL;
$SKU = NULL;
$MPN = NULL;
$barcode = NULL;
$price = NULL;
$salePrice = NULL;
$finalPrice = NULL;
$stock = NULL;
$length = NULL;
$height = NULL;
$width = NULL;
$weight = NULL;
$leadTimeFrom = NULL;
$leadTimeTo = NULL;
$soldCount = NULL;
$createdDate = NULL;
//Nathan 2017
$productVariantHTML = NULL;
$ProductVariant = new ProductVariant($Con);
$ProductVariant->FillProductVariantFromDBByProductVariantID($productVariantID);
$productVariantID = $ProductVariant->GetProductVariantID();
$productID = $ProductVariant->GetProductID();
$SKU = $ProductVariant->GetSKU();
$MPN = $ProductVariant->GetMPN();
$barcode = $ProductVariant->GetBarcode();
$price = $ProductVariant->GetPrice();
$salePrice = $ProductVariant->GetSalePrice();
$stock = $ProductVariant->GetStock();
$length = $ProductVariant->GetLength();
$height = $ProductVariant->GetHeight();
$width = $ProductVariant->GetWidth();
$weight = $ProductVariant->GetWeight();
$leadTimeFrom = $ProductVariant->GetLeadTimeFrom();
$leadTimeTo = $ProductVariant->GetLeadTimeTo();
//Nathan 2017
$productVariantHTML = $ProductVariant->GetProductVariantHTML();
if (isset($_POST['Save']))
{
$SKU = $_POST['SKU'];
$MPN = $_POST['MPN'];
$barcode = $_POST['Barcode'];
$price = $_POST['Price'];
$salePrice = $_POST['SalePrice'];
$stock = (isset($_POST['Stock'])) ? 1 : 0;
$length = $_POST['Length'];
$height = $_POST['Height'];
$width = $_POST['Width'];
$weight = $_POST['Weight'];
$leadTimeFrom = $_POST['LeadTimeFrom'];
$leadTimeTo = $_POST['LeadTimeTo'];
//Nathan 2017
$productVariantHTML = $_POST['ProductVariantHTML'];
if (empty($SKU) || strlen($SKU) > 100) {
$ConsoleMessage->AddError('SKU', NULL);
}
if (empty($MPN) || strlen($MPN) > 100) {
$ConsoleMessage->AddError('MPN', NULL);
}
if (strlen($barcode) > 100) {
$ConsoleMessage->AddError('Barcode', NULL);
}
if (empty($price) || !is_numeric($price)) {
$ConsoleMessage->AddError('Price', NULL);
}
if (!empty($salePrice)) {
if (!is_numeric($salePrice)) {
$ConsoleMessage->AddError('Sale Price', NULL);
}
}
if (!empty($length)) {
if (!is_numeric($length)) {
$ConsoleMessage->AddError('Length', NULL);
}
}
if (!empty($height)) {
if (!is_numeric($height)) {
$ConsoleMessage->AddError('Height', NULL);
}
}
if (!empty($width)) {
if (!is_numeric($width)) {
$ConsoleMessage->AddError('Width', NULL);
}
}
if (!empty($weight)) {
if (!is_numeric($weight)) {
$ConsoleMessage->AddError('Weight', NULL);
}
}
if (empty($leadTimeFrom) || !is_numeric($leadTimeFrom)) {
$ConsoleMessage->AddError('Lead Time From', NULL);
}
if (empty($leadTimeTo) || !is_numeric($leadTimeTo)) {
$ConsoleMessage->AddError('Lead Time To', NULL);
}
if ($ConsoleMessage->GetErrorCount() === 0) {
$UpdatedProductVariant = new ProductVariant($Con);
$updatedProductVariant = $UpdatedProductVariant->UpdatedProductVariant($productVariantID, $SKU, $MPN, $barcode, $price, $salePrice, $stock, $length, $height, $width, $weight, $leadTimeFrom, $leadTimeTo, $productVariantHTML);
if ($updatedProductVariant == TRUE) {
header("Location: product-variants.php?product_id=$productID");
exit();
}
else {
$ConsoleMessage->AddError('Updating Product Variant', NULL);
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?=$metaTitle . ' | ' . SITE_NAME?></title>
<?php include ('includes/header-tags.php'); ?>
</head>
<body>
<div id="wrapper">
<?php
// Print header
$HeaderMenu = new HeaderMenu();
$HeaderMenu->PrintHeader();
?>
<div id="main">
<div class="h-wrapper">
<h1>Edit Product Variant</h1>
<div class="menu-bar">
</div>
</div>
<?php $ConsoleMessage->PrintMessages(); ?>
<form id="form" method="post" action="">
<table class="input-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th colspan="3">Product Variant Details</th>
</tr>
<tr>
<td><label for="sku">SKU:</label></td>
<td><input type="text" id="sku" size="10" name="SKU" value="<?=htmlspecialchars($SKU)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="mpn">MPN:</label></td>
<td><input type="text" id="mpn" size="10" name="MPN" value="<?=htmlspecialchars($MPN)?>" maxlength="" /></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="barcode">Barcode:</label></td>
<td><input type="text" id="barcode" size="10" name="Barcode" value="<?=htmlspecialchars($barcode)?>" maxlength="" /></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="price">Price:</label></td>
<td><input type="text" id="price" size="10" name="Price" value="<?=htmlspecialchars($price)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="sale-price">Sale Price:</label></td>
<td><input type="text" id="sale-price" size="10" name="SalePrice" value="<?=htmlspecialchars($salePrice)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="stock">Stock:</label></td>
<td>
<input type="checkbox" id="stock" name="Stock" <?php if ($stock == 1) { echo 'checked="checked"'; } ?> />
</td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="length">Length:</label></td>
<td><input type="text" id="length" size="10" name="Length" value="<?=htmlspecialchars($length)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="height">Height:</label></td>
<td><input type="text" id="height" size="10" name="Height" value="<?=htmlspecialchars($height)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="width">Width:</label></td>
<td><input type="text" id="width" size="10" name="Width" value="<?=htmlspecialchars($width)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="weight">Weight:</label></td>
<td><input type="text" id="weight" size="10" name="Weight" value="<?=htmlspecialchars($weight)?>" maxlength=""></td>
<td><span class="input-help"></span></td>
</tr>
<!--Nathan 2017-->
<tr>
<td><label for="product-variant-html-description">Variant HTML Description:</label></td>
<td><textarea id="product-variant-html-description" name="ProductVariantHTML" maxlength=""><?=htmlspecialchars($productVariantHTML)?></textarea></td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td><label for="lead-time-from">Lead Time:</label></td>
<td>
<input type="text" id="lead-time-from" size="5" name="LeadTimeFrom" value="<?=htmlspecialchars($leadTimeFrom)?>" maxlength=""> to
<input type="text" id="lead-time-to" size="5" name="LeadTimeTo" value="<?=htmlspecialchars($leadTimeTo)?>" maxlength="">
</td>
<td><span class="input-help"></span></td>
</tr>
<tr>
<td colspan="3">
<button id="proceed-btn" type="submit" name="Save">Save</button>
<img class="btn-load-left" src="images/btn-load.gif">
</td>
</tr>
</table>
</form>
</div>
<div style="clear:both;"></div>
</div>
<?php include('includes/footer.php') ?>
</body>
</html>
<?php include ('includes/connection-close.php'); ?>
错误消息
答案 0 :(得分:1)
在以&#34开头的SQL语句中;&#34; UPDATE product_variant SET SKU ...&#34;:
ProductVariantHTML = $productVariantHTML
应该是
ProductVariantHTML = '$productVariantHTML'
我猜想$ productVariantHTML不是数值,也不是要表示表中的另一列。因此它需要它周围的报价。否则,由于您创建了该变量&#34; nathan&#34;,它将尝试将ProductVariantHTML列的值设置为名为nathan的列的值,因为SQL解释器按字面意思处理它,而不是作为数据字符串处理它
NB。正如其他人在评论中所说,你可以通过首先使用适当的参数化查询来避免这种语法错误,而不是脆弱的字符串连接。这样做还可以更好地保护您免受SQL注入攻击的真正危险。您的数据可能会被破坏,删除或泄露给任何拥有操纵它所需的相对平凡技能的人。