我正在将旧文件转换为mysqli,并且一直很顺利,直到我点击mysql_real_escape_string。 我收到关于没有传递2个参数的错误消息,并且明白我只给它一个但是无法弄清楚在哪里添加第二个(我相信它正在寻找Db连接,但此时我'我尝试过很多我不确定的事情。 我认为我很好把Db连接放在$ _POST命令前但是没有用,并且给了我2个参数错误,所以如果有人能给我一个正确方向的推动我会很感激。
我
nclude "../connections/connect_mysqli.php";
$conn = dbConnect('read');
$sql = "SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"; // query the person
$result = $conn->query($sql) or die(mysqli_error());
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysqli_num_rows($result); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<?php
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<?php
// Delete Item Question to Admin, and Delete Product if they choose
if (isset($_GET['deleteid'])) {
echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
exit();
}
if (isset($_GET['yesdelete'])) {
// remove item from system and delete its picture
// delete from database
$id_to_delete = $_GET['yesdelete'];
$sql = "DELETE FROM products WHERE id='$id_to_delete' LIMIT 1" or die (mysqli_error());
// unlink the image from server
// Remove The Pic -------------------------------------------
$pictodelete = ("../images/$id_to_delete.jpg");
if (file_exists($pictodelete)) {
unlink($pictodelete);
}
header("location: inventory_list.php");
exit();
}
?>
<?php
// Parse the form data and add inventory item to the system
if (isset($_POST['product_name'])) {
$product_name = mysqli_real_escape_string($conn, $_POST['product_name']);
$price = mysqli_real_escape_string($_POST['price']);
$details = mysqli_real_escape_string($_POST['details']);
$details2 = mysqli_real_escape_string($_POST['details2']);
$details3 = mysqli_real_escape_string($_POST['details3']);
// See if that product name is an identical match to another product in the system
$sql = "SELECT id FROM products WHERE product_name='$product_name' LIMIT 1";
$productMatch = mysqli_num_rows($result); // count the output amount
if ($productMatch > 0) {
echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
exit();
}
// Add this product into the database now
$sql = ("INSERT INTO products (product_name, price, details, details2, details3, date_added)
VALUES('$product_name','$price','$details','$details2','$details3',now())") or die (mysqli_error());
$pid = mysqli_insert_id();
// Place image in the folder
$newname = "$pid.jpg";
move_uploaded_file( $_FILES['fileField']['tmp_name'], "../images/$newname");
header("location: inventory_list.php");
exit();
}
?>
答案 0 :(得分:0)
您的示例代码中没有使用real_escape_string方法,但您在$ conn对象上调用查询方法,我认为这是mysqli连接。所以你可以使用
$string = $conn->real_escape_string($string);
而不是mysql_real_escape_string。实际上,您可以使用对象方法和属性而不是mysqli函数。例如,您可以使用
$result->num_rows
而不是mysqli_num_rows。
希望这有帮助。
答案 1 :(得分:0)
有很多问题。
首先,
mysqli_real_escape_string()需要一个数据库连接,并作为第一个参数,然后是POST数组(或变量),您只在其中使用它作为代码中的一个。
$product_name = mysqli_real_escape_string($conn, $_POST['product_name']);
^^^^^
你需要为它下面的所有其余部分做这件事。
您也没有执行此查询:
$sql = "DELETE FROM products ....
也不是这个:
$sql = ("INSERT INTO products ....
也不是这个:
$sql = "SELECT id FROM products ...
我还注意到您可能将密码存储为纯文本,这在现场环境中使用并不安全。
你应该使用password_hash(),准备好的陈述也是一件好事。
另外,mysqli_error()还需要数据库连接:
mysqli_error($conn)
并确保所有POST数组都包含值。
答案 2 :(得分:0)
我喜欢在未来的初学者发布完成的代码,如果他们和我一样坐在同一条船上。
<Style TargetType="ComboBox">
<Setter Property="Template">
<Setter.Value>
<ControlTemplate TargetType="ComboBox" >
<Grid Background="{DynamicResource ComboDropdownNormal}" Height="50" Width="326" >
<ContentPresenter Content="{TemplateBinding SelectionBoxItem}" >
<ContentPresenter.ContentTemplate>
<DataTemplate>
<Grid>
<TextBlock Text="{Binding}" />
<Image x:Name="imgArrow"
Source="{DynamicResource ComboBoxArrowNormalImage}"
RenderOptions.BitmapScalingMode="HighQuality" />
</Grid>
</DataTemplate>
</ContentPresenter.ContentTemplate>
</ContentPresenter>
<ToggleButton ClickMode="Press" Focusable="false"
IsChecked="{Binding IsDropDownOpen, Mode=TwoWay, RelativeSource={RelativeSource TemplatedParent}}"
Template="{StaticResource ComboBoxToggleButtonTmp}" />
<Popup IsOpen="{TemplateBinding IsDropDownOpen}" Placement="Bottom" >
<ContentControl>
<Border x:Name="DropDownBorder"
Background="{DynamicResource ComboDropdownNormal}"
MaxHeight="540" MinWidth="{TemplateBinding ActualWidth}" >
</Border>
</ContentControl>
</Popup>
</Grid>
<ControlTemplate.Triggers>
<Trigger Property="HasItems" Value="false">
<Setter TargetName="DropDownBorder" Property="MinHeight" Value="95" />
</Trigger>
<!-- FAILS -->
<Trigger Property="IsDropDownOpen" Value="True">
<Setter TargetName="imgArrow" Property="Image.Source" Value="{DynamicResource ComboBoxArrowHoverImage}" />
</Trigger>
<Trigger Property="IsDropDownOpen" Value="False">
<Setter TargetName="imgArrow" Property="Image.Source" Value="{DynamicResource ComboBoxArrowNormalImage}" />
</Trigger>
<!-- FAILS -->
</ControlTemplate.Triggers>
</ControlTemplate>
</Setter.Value>
</Setter>
</Style>