PHP使用$ _POST在IF语句的错误条件下执行sql

时间:2018-10-01 21:33:12

标签: php mysql pdo

请帮助解决这个难以理解的错误:php总是在条件为$ _POST的情况下在IF内执行sql更新。

当条件为false时:代码i)不执行echo命令,但ii)仍执行sql命令

if ($_POST["scanned_set"] != "saved") {    
    try {
        $conn = new PDO("mysql:host=$servername;dbname=abc", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected successfully";    

        // Update

        $sql = "UPDATE `id_scan` SET `scan_count` = 10 WHERE `id_scan`.`id` = 1";

        // use exec() because no results are returned
        $conn->exec($sql);        
    } catch(PDOException $e) {
        echo "Connection failed: " . $e->getMessage();
    }

    $conn = null; 
}

奇怪的是,如果我使用“ IF(1 == 2)”尝试iF条件,则代码可以很好地工作。换句话说,它不会执行sql。

完整代码 

<html>
<body> 

<?php

$servername = "localhost";
$username = "reviinve_vchain";
$password = "";

var_dump($_POST["scanned_set"]);

try {
    $conn = new PDO("mysql:host=$servername;dbname=reviinve_vchain", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo "Connected successfully"; 

    // Retrieve data from db
    $sql = "SELECT *  FROM `id_scan` WHERE `id` = 1";

        foreach ($conn->query($sql) as $row) {
        echo "print scan number after retrieving statement ".$row['scan_count'] . "\t";
        // print $row['color'] . "\t";

        $count_update = $row['scan_count'] + 1;     
        }        
}
    catch(PDOException $e){
        echo "Connection failed: " . $e->getMessage();
    }

    $conn = null;

if ($_POST["scanned_set"] != "saved") {
    try {
        $conn = new PDO("mysql:host=$servername;dbname=reviinve_vchain", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected successfully"; 

        // Update count number to db

        echo 'new count number' . $count_update;     

        $sql = "UPDATE `id_scan` SET `scan_count` = $count_update WHERE `id_scan`.`id` = 1";

        // use exec() because no results are returned
        $conn->exec($sql);
    }
    catch(PDOException $e) {
        echo "Connection failed: " . $e->getMessage();
    }
    $conn = null; 
}

?> 
</body>
</html>

1 个答案:

答案 0 :(得分:0)

尝试先清理您的请求变量:

$do_update = !(trim(strtolower($_REQUEST["scanned_set"])) == "saved")

if ($do_update) {    
    try {
        $conn = new PDO("mysql:host=$servername;dbname=abc", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected successfully";    

        // Update

        $sql = "UPDATE `id_scan` SET `scan_count` = 10 WHERE `id_scan`.`id` = 1";

        // use exec() because no results are returned
        $conn->exec($sql);        
    } catch(PDOException $e) {
        echo "Connection failed: " . $e->getMessage();
    }

    $conn = null; 
}
相关问题
最新问题