1. 首頁
  2. 問答
  3. UPDATE float value not posting to database

UPDATE float value not posting to database

2017-09-29 128 views
0

我正在嘗試將表單中的float值更新到數據庫。我的形式正確地讀取數據並顯示,如果該值已經存儲,但是當我更新什麼也沒有發生:UPDATE float value not posting to database

if ($_POST['action'] == 'Update') { 
    foreach($_POST['game'] as $game) { 
     $spread = ((floatval($game['spread']) > 0) ? $game['spread'] : 'NULL'); 
     $sql = "update " . DB_PREFIX . "schedule "; 
     $sql .= "set spread = " . $spread . " "; 
     $sql .= "where gameID = " . $game['gameID'] && "CAST('spread' AS DECIMAL(5,1)) = " . $game['spread']; 
     $mysqli->query($sql) or die('Error updating score: ' . $mysqli->error); 
    } 
    header('Location: ./'); 
    exit; 
}

,這裏是我在哪裏讀取數據並顯示在表格:

<?php 
$sql = "select s.*, ht.city, ht.team, ht.displayName, vt.city, vt.team, vt.displayName "; 
$sql .= "from " . DB_PREFIX . "schedule s "; 
$sql .= "inner join " . DB_PREFIX . "teams ht on s.homeID = ht.teamID "; 
$sql .= "inner join " . DB_PREFIX . "teams vt on s.visitorID = vt.teamID "; 
$sql .= "where weekNum = " . $week . " "; 
$sql .= "order by gameTimeEastern"; 
$query = $mysqli->query($sql); 
if ($query->num_rows > 0) { 
    echo '<table class="table table-striped">' . "\n"; 
    echo ' <tr><th colspan="6" align="left">Week ' . $week . '</th></tr>' . "\n"; 
    $i = 0; 
    while ($row = $query->fetch_assoc()) { 
     $homeTeam = new team($row['homeID']); 
     $visitorTeam = new team($row['visitorID']); 
     $rowclass = (($i % 2 == 0) ? ' class="altrow"' : ''); 
     echo '  <tr' . $rowclass . '>' . "\n"; 
     echo '   <td><input type="hidden" name="game[' . $row['gameID'] . '][gameID]" value="' . $row['gameID'] . '" />' . date('D n/j g:i a', strtotime($row['gameTimeEastern'])) . ' ET</td>' . "\n"; 
     echo '   <td align="right"><input type="hidden" name="gameID[' . strtolower($visitorTeam->team) . ']" value="' . $row['gameID'] . '" />' . $visitorTeam->teamName . '</td>' . "\n"; 
     echo '   <td><input type="text" name="game[' . $row['gameID'] . '][spread]" id="game[' . $row['gameID'] . '][spread]" value="' . $row['spread'] . '" size="3" /></td>' . "\n"; 
     echo '   <td align="right"><input type="hidden" name="gameID[' . strtolower($homeTeam->team) . ']" value="' . $row['gameID'] . '" />at ' . $homeTeam->teamName . '</td>' . "\n"; 
     echo '  </tr>' . "\n"; 
     $i++; 
    } 
    echo '</table>' . "\n"; 
} 
$query->free; 
?>

關於如何獲取更新後的值的任何建議?

這裏是整個代碼的現在:

<?php 
require('includes/application_top.php'); 
require('includes/classes/team.php'); 

if (!$user->is_admin) { 
    header('Location: ./'); 
    exit; 
} 

if ($_POST['action'] == 'Update') { 
    foreach($_POST['game'] as $game) { 
     $spread = ((floatval($game['spread']) > 0) ? $game['spread'] : 'NULL'); 
     $sql = "update " . DB_PREFIX . "schedule "; 
     $sql .= "set spread = " . $spread . " "; 
     $sql .= "where gameID = " . $game['gameID'] . " && CAST('spread' AS DECIMAL(5,1)) = " . $game['spread']; 
     $mysqli->query($sql) or die('Error updating spread: ' . $mysqli->error); 
    } 
    header('Location: ./'); 
    exit; 
} 

$week = (int)$_GET['week']; 
if (empty($week)) { 
    //get current week 
    $week = (int)getCurrentWeek(); 
} 

include('includes/header.php'); 
?> 
    <h1>Enter Spreads - Week <?php echo $week; ?></h1> 
<?php 
//display week nav 
$sql = "select distinct weekNum from " . DB_PREFIX . "schedule order by weekNum;"; 
$query = $mysqli->query($sql); 
$weekNav = '<div class="navbar3"><b>Go to week:</b> '; 
$i = 0; 
while ($row = $query->fetch_assoc()) { 
    if ($i > 0) $weekNav .= ' | '; 
    if ($week !== (int)$row['weekNum']) { 
     $weekNav .= '<a href="spreads.php?week=' . $row['weekNum'] . '">' . $row['weekNum'] . '</a>'; 
    } else { 
     $weekNav .= $row['weekNum']; 
    } 
    $i++; 
} 
$query->free; 
$weekNav .= '</div>' . "\n"; 
echo $weekNav; 
?> 
<script type="text/javascript"> 
function getScores(weekNum) { 
    $.get("getHtmlScores.php", {week: weekNum}, function(data) { 
     for(var item in data) { 
      visitorScoreField = document.getElementById('game[' + data[item].gameID + '][visitorScore]'); 
      homeScoreField = document.getElementById('game[' + data[item].gameID + '][homeScore]'); 
      OTField = document.getElementById('game[' + data[item].gameID + '][OT]'); 
      if (visitorScoreField.value !== data[item].visitorScore) { 
       visitorScoreField.value = data[item].visitorScore; 
       visitorScoreField.className="fieldLoaded"; 
      } 
      if (homeScoreField.value !== data[item].homeScore) { 
       homeScoreField.value = data[item].homeScore; 
       homeScoreField.className="fieldLoaded"; 
      } 
      if (data[item].overtime == '1') { 
       OTField.checked = true; 
      } 
     } 
    },'json'); 
} 
</script> 
<p><input type="button" value="Load Scores" onclick="return getScores(<?php echo $week; ?>);" class="btn btn-info" /></p> 
<form id="spreadForm" name="spreadForm" action="spreads.php" method="post"> 
<input type="hidden" name="week" value="<?php echo $week; ?>" /> 
<div class="table-responsive"> 
<?php 
$sql = "select s.*, ht.city, ht.team, ht.displayName, vt.city, vt.team, vt.displayName "; 
$sql .= "from " . DB_PREFIX . "schedule s "; 
$sql .= "inner join " . DB_PREFIX . "teams ht on s.homeID = ht.teamID "; 
$sql .= "inner join " . DB_PREFIX . "teams vt on s.visitorID = vt.teamID "; 
$sql .= "where weekNum = " . $week . " "; 
$sql .= "order by gameTimeEastern"; 
$query = $mysqli->query($sql); 
if ($query->num_rows > 0) { 
    echo '<table class="table table-striped">' . "\n"; 
    echo ' <tr><th colspan="6" align="left">Week ' . $week . '</th></tr>' . "\n"; 
    $i = 0; 
    while ($row = $query->fetch_assoc()) { 
     $homeTeam = new team($row['homeID']); 
     $visitorTeam = new team($row['visitorID']); 
     $rowclass = (($i % 2 == 0) ? ' class="altrow"' : ''); 
     echo '  <tr' . $rowclass . '>' . "\n"; 
     echo '   <td><input type="hidden" name="game[' . $row['gameID'] . '][gameID]" value="' . $row['gameID'] . '" />' . date('D n/j g:i a', strtotime($row['gameTimeEastern'])) . ' ET</td>' . "\n"; 
     echo '   <td align="right"><input type="hidden" name="gameID[' . strtolower($visitorTeam->team) . ']" value="' . $row['gameID'] . '" />' . $visitorTeam->teamName . '</td>' . "\n"; 
     echo '   <td><input type="text" name="game[' . $row['gameID'] . '][spread]" id="game[' . $row['gameID'] . '][spread]" value="' . $row['spread'] . '" size="3" /></td>' . "\n"; 
     echo '   <td align="right"><input type="hidden" name="gameID[' . strtolower($homeTeam->team) . ']" value="' . $row['gameID'] . '" />at ' . $homeTeam->teamName . '</td>' . "\n"; 
     echo '  </tr>' . "\n"; 
     $i++; 
    } 
    echo '</table>' . "\n"; 
} 
$query->free; 
?> 
</div> 
<input type="submit" name="action" value="Update" class="btn btn-info" /> 
</form> 
<?php 
include('includes/footer.php');

來源

2017-09-29 JerryH

+0

首先,請閱讀http://bobby-tables.com關於SQL注入以及如何防止它們。現在你的代碼非常脆弱,你的數據庫可能會在幾秒鐘內被黑客入侵。使用預準備的語句 另外,你可以pelase向我們展示你的HTML格式嗎?我對'foreach($ _ POST ['game'] as $ game){'...有一個以上的name = game的字段有點困惑嗎? – Twinfriends

+0

更改'$ sql。=「其中gameID =」。 $ game ['gameID'] &&「CAST('to'$ sql。=」where gameID =「。$ game ['gameID']。」&& CAST(' –

回答

0

改變你的更新查詢,如下刪除&&和使用and把它放在引號

if ($_POST['action'] == 'Update') { 
    foreach($_POST['game'] as $game) { 
     $spread = ((floatval($game['spread']) > 0) ? $game['spread'] : 'NULL'); 
     $sql = "update " . DB_PREFIX . "schedule "; 
     $sql .= "set spread = " . $spread . " "; 
     $sql .= "where gameID = " . $game['gameID']." AND CAST('spread' AS DECIMAL(5,1)) = " . $game['spread']; 
     $mysqli->query($sql) or die('Error updating score: ' . $mysqli->error); 
     } 
     header('Location: ./'); 
     exit; 
    }

還可以使用準備好的聲明到防止SQL注入

來源

2017-09-29 10:03:34

+0

)嘗試了這個建議,仍然沒有發佈更新值 – JerryH

+0

' var_dump($ _ POST ['game'])'並且顯示你正在獲得的信息 –

+0

NULL當我在表單 – JerryH

0

好吧,經過多一點研究和測試,最終的溶膠工作正在進行此更改:

$sql .= "where gameID = " . $game['gameID']." AND CAST('spread' AS DECIMAL(5,1)) = CAST('spread' AS DECIMAL(5,1))";

來源

2017-09-29 10:44:58 JerryH

相關問題

 相關問題