在一个process.php文件中提交第二个查询之前,如何查询SQL数据库?

时间:2018-06-12 17:20:06

标签: php mysql

我有一个流程预订脚本,它从HTML预订表单中获取信息并将其发送到mySQL关系数据库。

它工作正常,但是我修改了代码,以便第一个查询检查他们所选择的房间是否在他们指定的日期范围内的任何时间被预订。这可以在第一个查询$ q

中看到

如果已经在用户提交给该房间的任何日期预订了该脚本,则脚本应该回显错误,否则它应该触发mysqli_multiquery并提交数据。

这两个查询都直接在sql中工作,但是我无法弄清楚为什么初始if语句不起作用 - 'if(mysqli_num_rows($ result)== 0)'。

这是PHP文件:

********编辑**********

当我为已经预订了所请求日期范围的房间提交预订时,会提交该预订,而不是在else语句中回显内容。

以下是错误消息:

Error messages displayed

********编辑两个**********

固定!问题是查询错误。

<html>



<body>

    <?php

        $page_title = 'Process Booking Form';

        require 'login-db.php';   //  require once means that it well generate a fatal error if the file is not found and means that the file will only be read in when it has not previously been inclued which prevents wastefule duplicate disk accesses.

         $dbc = new mysqli($hn, $un, $pw, $db);



        if($dbc->connect_error) {

           die ($dbc->connect_error);

        }



        if(isset($_POST['firstname']) &&

           isset($_POST['lastname']) &&

           isset($_POST['datefrom']) &&

           isset($_POST['dateto']) &&

           isset($_POST['specialevent']) &&

           isset($_POST['roomnumber']))

        {

            $firstname     = secure_post($dbc, 'firstname');

            $lastname      = secure_post($dbc, 'lastname');   //security

            $datefrom      = secure_post($dbc, 'datefrom');

            $dateto        = secure_post($dbc, 'dateto');

            $specialevent  = clean_string($dbc, 'specialevent');

            $roomno        = secure_post($dbc, 'roomnumber');



                //validation



                $error_message = "";



                if(strlen($firstname) < 2 || strlen($firstname) > 20) {

                    $error_message .= 'Your first name does not appear to be valid.<br>';

                }



                if(strlen($lastname) < 2 || strlen($lastname) > 30) {

                    $error_message .= 'Your last name does not appear to be valid.<br>';

                }



                if(strlen($error_message) > 0) {

                    die($error_message);

                }


                //Query to find out if user selected dates are already booked for their chosen room
                $q = "SELECT customerinfo.firstname, customerinfo.lastname, roominfo.roomnumber, roominfo.roomsize, roominfo.roomprice, bookings.datefrom, bookings.dateto, bookings.daterange

                FROM customerinfo

                LEFT JOIN bookings ON bookings.customer_id = customerinfo.customer_id

                LEFT JOIN transactions ON customerinfo.customer_id = transactions.customer_id

                LEFT JOIN transactionsdetails ON transactionsdetails.transactions_id = transactions.transactions_id

                LEFT JOIN roominfo ON transactionsdetails.room_id = roominfo.room_id

                WHERE roomnumber = $roomno

                AND (bookings.datefrom BETWEEN $datefrom AND $dateto)

                OR (roomnumber = $roomno

                AND (bookings.dateto BETWEEN $datefrom AND $dateto))";

                $result = mysqli_query($dbc, $q);

                // $checkdates = mysqli_query($dbc, $checkdatessql);

                if(mysqli_num_rows($result) == 0) {

                        //echo confirmation message to user
                        echo "Hello $firstname, your booking has been requested for room: $roomno. Your check-in date and time is $datefrom at 11:00am and your scheduled checkout date and time is $dateto at 15:00pm. Thank you for choosing to stay at Westworld.";

                        //submit customer information to the database
                        mysqli_multi_query($dbc,

                         "INSERT INTO customerinfo(firstname, lastname, specialevent) VALUES ('$firstname','$lastname','$specialevent');

                        SET @cusID := LAST_INSERT_ID();

                        INSERT INTO bookings(dateto, datefrom, daterange, customer_id) VALUES ('$dateto','$datefrom',DATEDIFF(dateto,datefrom), @cusID);

                        INSERT INTO transactions (customer_id, datebooked) VALUES (@cusID, CURDATE());

                         SET @roomID := (SELECT room_id FROM roominfo WHERE roomnumber = '$roomno');

                        INSERT INTO transactionsdetails (transactions_id, room_id) VALUES (LAST_INSERT_ID(), @roomID);");
                } else {
                  //echo room error message
                  echo "The room you have selected is unavailable in that date range.";
                }


            $r->close();

            $dbc->close();


        };



        function secure_post($dbc, $string) {

            return htmlentities($dbc->real_escape_string($_POST[$string]));

        } 



        function clean_string($dbc, $string) {

            if (get_magic_quotes_gpc())  $string = stripslashes($string);

            return htmlentities($dbc->real_escape_string($_POST[$string]));

        }


    ?>



</body>

1 个答案:

答案 0 :(得分:0)

好吧,添加&#34; print_r(mysqli_num_rows($ result));&#34;看看会发生什么。它可能会返回一个字符串,如文档中所述。我不知道你在$ datefrom和其他变量中使用了什么,你在你的查询中使用而没有任何转义(great idea),但是当它是一个有效的日期时(&#39; YYYY-MM) -DD&#39;),然后你需要逃脱它。

无论是什么,你都应该真正切换到PDO。在那里你可以使用预备语句,让PDO为你映射变量(你仍然写相同的SQL命令,而不是&#34; $ test&#34;你写&#34;:test&#34;然后说& #34;:测试应该用$ test替换,它是一个字符串&#34;)。更安全,公司不会当场解雇你;)

下次尝试保持代码简单,就像一个简单的select-query,然后是mysqli_num_rows,然后一个返回,没有别的。不要发布超过你需要的人来理解你的问题。

相关问题
最新问题