我只能在php会话期间插入一张表吗?

时间:2018-06-22 08:50:40

标签: php mysql

Worker<MyDTO> q = new Worker<MyDTO>();

我所有的条件都得到满足。我什至在回显中获取了所有正确的值,但只有第一个插入查询(即if (isset($_POST["AddErrorCode"])) { $AddErrorCodeDB = $_POST["AddErrorCode"]; $AddErrorDescriptionDB = $_POST["AddErrorDescription"]; $AddQuantityDB = $_POST["AddQuantity"]; $AddStartDateDB = $_POST["AddStartDate"]; $AddCompletionDateDB = $_POST["AddCompletionDate"]; $AddReviewTypeDB = $_POST["AddReviewType"]; session_start(); $WO_ID = $_SESSION['SELECTED_WO_ID']; if ($AddReviewTypeDB === 'PR') { $AddReviewerType = 'Peer Review'; $insert = "INSERT INTO `wo_errorinfo` ( `Error_Code` , `Error_Description` , `Error_Quantity` , `Review_Type` , `WO_NO`) VALUES ( '$AddErrorCodeDB' , '$AddErrorDescriptionDB' , '$AddQuantityDB' , '$AddReviewerType' , '$WO_ID')"; if ($AddCompletionDateDB === '') { //echo 'ritwik'; $status = 'Peer RWK'; $update = "UPDATE `associated_wos` SET `WO Status` = '$status' WHERE `ID` = '$WO_ID'"; } else { //echo 'ritwik1'; $status = 'Peer Review Complete'; $update = "UPDATE `associated_wos` SET `WO Status` = '$status' WHERE `ID` = '$WO_ID'"; } $sql = "SELECT * FROM `wo_reviewerqa` WHERE `WO_ID` = '$WO_ID' AND `reviewType` = '$AddReviewerType'"; $result = mysqli_query($conn, $sql); $num_rows = mysqli_num_rows($result); //echo $num_rows; if ($num_rows === 0) { //echo 'ritwik'; $insertreview = "INSERT INTO `wo_reviewerqa` ( `reviewType`, `reviewStartDate`, `reviewCompleteDate`, `WO_ID`) VALUES ( '$AddReviewerType', '$AddStartDateDB', '$AddCompletionDateDB' , '$WO_ID')"; //echo $insertreview; } else { if ($AddStartDateDB !== '') { echo "<script type='text/javascript'>alert('Review Already Started, Start Date cant be changed');</script>"; } } if($conn->query($insertreview) === True) { echo "<script type='text/javascript'>alert('Start date updated successfully');</script>"; } if ($conn->query($insert) === True) { echo "<script type='text/javascript'>alert('Error Code Submitted successfully');</script>"; } } 在工作),而所有其他查询都对表没有影响。我们不能在一个会话期间插入多个表中。是由于insert into 'wo_errorinfo'吗?我现在已经尝试解决这一问题超过1天,但无法解决。

1 个答案:

答案 0 :(得分:2)

您需要执行语句,当前仅执行$sql

您还应该避免通过连接字符串来构建查询,因为这会使您容易受到SQL注入攻击的影响,在这种情况下,用户可以通过在输入中传递特殊字符来修改查询。您应该使用mysqli::prepare,例如:

if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {

    /* bind parameters for markers */
    $stmt->bind_param("s", $city);

    /* execute query */
    $stmt->execute();
}