即使错误,SQL仍会将数据插入数据库

时间:2017-08-10 03:53:00

标签: php android mysql

我想要做的是:我使用Android将数据插入数据库。但是在将数据插入另一个表之前,必须先对第一个表BUT中的这个板号进行 RETRIEVE / SEARCH ,它应首先检查此表中是否有此板号,如果为真,则INSERT将数据放入表中,如果错误则不要将数据插入表中。

我遇到的问题是:我在EditText中输入的数据仍然会 INSERT 进入数据库/表格,即使我键入的板号错误。

我认为我的SQL语句有问题吗?

我的PHP代码:

<?php
$host='localhost';
$user='root';
$password='';
$db='employee101';

$PLATE_NUM = $_POST["PLATE_NUM"];
$PUV_TYPE = $_POST["PUV_TYPE"];
$content = $_POST["content"];

$sql = "select * from employee_data where PLATE_NUM like '$PLATE_NUM';";//first table where you retrieve the plate number first
$sql_insert = "insert into employee_content (PLATE_NUM, PUV_TYPE, content) values('$PLATE_NUM', '$PUV_TYPE', '$content')";//insert the table

$con = mysqli_connect($host,$user,$password,$db);

$result = mysqli_query($con, $sql);
$result2 = mysqli_query($con, $sql_insert);
$response = array();

if (mysqli_num_rows($result)> 0 && ($result2)=== TRUE ){
        echo"Log-In Success!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
}else{
    echo "Log-In not success";
}

mysqli_close($con);

?>

我在Android Studio中的代码:

onButtonClick代码:

public void Button(View view) {

        String puv_plate = report_plate.getText().toString();
        String puv_type = report_type.getText().toString();
        String content = report_content.getText().toString();
        String type="report";
        BackgroundWorker backgroundWorker = new BackgroundWorker(this);
        backgroundWorker.execute(type, puv_plate,puv_type,content);
    }

后台工人类:

if(type.equals("report")){
                try {
                    String id_ret = params[1];
                    String puv_type = params[2];
                    String report = params[3];

                    URL url = new URL(retrieve_id);
                    HttpURLConnection httpURLConnection = (HttpURLConnection)url.openConnection();
                    httpURLConnection.setRequestMethod("POST");
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setDoInput(true);
                    OutputStream outputStream = httpURLConnection.getOutputStream();
                    BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, "UTF-8"));
                    String post_data = URLEncoder.encode("PLATE_NUM","UTF-8")+"="+URLEncoder.encode(id_ret,"UTF-8") + "&"
                            + URLEncoder.encode("PUV_TYPE", "UTF-8") + "=" + URLEncoder.encode(puv_type, "UTF-8") + "&"
                            + URLEncoder.encode("content", "UTF-8") + "=" + URLEncoder.encode(report, "UTF-8");;
                    bufferedWriter.write(post_data);
                    bufferedWriter.flush();
                    bufferedWriter.close();
                    outputStream.close();
                    InputStream inputStream = httpURLConnection.getInputStream();
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "iso-8859-1"));
                    String result = "";
                    String line = "";
                    while((line = bufferedReader.readLine())!= null){
                        result += line;
                    }
                    bufferedReader.close();
                    inputStream.close();
                    httpURLConnection.disconnect();
                    return result;
                } catch (MalformedURLException e) {
                    e.printStackTrace();
                } catch (IOException e) {
                    e.printStackTrace();
                }

3 个答案:

答案 0 :(得分:1)

你可以这两种方式做到这一点

  

1)使用一些php脚本在数据库中手动检查。然后你可以插入数据。   这个的逻辑是

编写onesql查询以检查计数where the PLATE_NUM='the value'

$query="SELECT COUNT(*) FROm table_name WHERE PLATE_NUM='the value';"

然后从结果中获取计数值。如果该值大于0.表示该值已存在于数据库中

if($count>0){
    echo "PLATE_NUM already exist";
    // if you want to update. Here you can update.
}else{
    // perform your actions like insert.
}
  

2)将PLATE_NUM字段作为数据库中的唯一键...这将自动检查重复

使用mysqli_bind参数概念

获取计数
$stmt = $mysqli->prepare($query) or trigger_error($mysqli->error."[$sql]");
$stmt->bind_param('d', $plate_no_value);// here d for number and s for string 
$stmt->bind_result($count);
$stmt->execute();

答案 1 :(得分:1)

你的php中的这个陈述看起来很粗略:

$ sql =“select * from employee_data,其中PLATE_NUM喜欢'$ PLATE_NUM';”

我认为like关键字找到了一个模式[1]。为什么不做=那里?如果两个条件都为真,则导致if语句= true,如果在PLATE_NUM列中找到模式,则它将始终为true。您希望特定的板号作为条件检查。

$ sql =“select * from employee_data,其中PLATE_NUM ='$ PLATE_NUM';”

[1] https://www.w3schools.com/sql/sql_like.asp

编辑,问题在这里,你甚至在if语句检查之前总是运行result2查询。只需在result1返回成功时运行result2。

将其更改为

$result = mysqli_query($con, $sql);

//注释掉$ result2 = mysqli_query($ con,$ sql_insert);     $ response = array();

if (mysqli_num_rows($result)> 0 ){
        $result2 = mysqli_query($con, $sql_insert);

答案 2 :(得分:1)

实际上,您编写了查询,但没有检查是否插入数据,您没有检查第一个查询是否可用,

相反,您只需使用一个UPDATE查询即可实现此目的,

$sql_insert = "UPDATE employee_content SET PLATE_NUM = '$PLATE_NUM', PUV_TYPE = '$PUV_TYPE', content = '$content' WHERE PLATE_NUM='$PLATE_NUM' )";