1. 首頁
  2. 問答
  3. SQL仍然插入數據到數據庫中,即使它是錯誤的

SQL仍然插入數據到數據庫中,即使它是錯誤的

2017-08-10 50 views
1

我想要做的是:我正在使用Android將數據插入到數據庫中。但是它必須RETRIEVE/SEARCH爲第一個表中的這個板號,但是在將數據插入到另一個表之前,它應該首先檢查這個表中是否存在這個板號,如果是true,那麼將數據插入到表中如果錯誤,則不要將數據插入表中。SQL仍然插入數據到數據庫中,即使它是錯誤的

我遇到的問題是:即使我輸入的板號是錯誤的,我在我的EditText中輸入的數據仍將INSERT插入到數據庫/表中。

我認爲我的SQL語句有問題嗎?

我在PHP代碼:

<?php 
$host='localhost'; 
$user='root'; 
$password=''; 
$db='employee101'; 

$PLATE_NUM = $_POST["PLATE_NUM"]; 
$PUV_TYPE = $_POST["PUV_TYPE"]; 
$content = $_POST["content"]; 

$sql = "select * from employee_data where PLATE_NUM like '$PLATE_NUM';";//first table where you retrieve the plate number first 
$sql_insert = "insert into employee_content (PLATE_NUM, PUV_TYPE, content) values('$PLATE_NUM', '$PUV_TYPE', '$content')";//insert the table 

$con = mysqli_connect($host,$user,$password,$db); 

$result = mysqli_query($con, $sql); 
$result2 = mysqli_query($con, $sql_insert); 
$response = array(); 

if (mysqli_num_rows($result)> 0 && ($result2)=== TRUE){ 
     echo"Log-In Success!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; 
}else{ 
    echo "Log-In not success"; 
} 

mysqli_close($con); 

?>

我的Android Studio中的代碼:

onButtonClick代碼:

public void Button(View view) { 

     String puv_plate = report_plate.getText().toString(); 
     String puv_type = report_type.getText().toString(); 
     String content = report_content.getText().toString(); 
     String type="report"; 
     BackgroundWorker backgroundWorker = new BackgroundWorker(this); 
     backgroundWorker.execute(type, puv_plate,puv_type,content); 
    }

後臺輔助類:

if(type.equals("report")){ 
       try { 
        String id_ret = params[1]; 
        String puv_type = params[2]; 
        String report = params[3]; 

        URL url = new URL(retrieve_id); 
        HttpURLConnection httpURLConnection = (HttpURLConnection)url.openConnection(); 
        httpURLConnection.setRequestMethod("POST"); 
        httpURLConnection.setDoOutput(true); 
        httpURLConnection.setDoInput(true); 
        OutputStream outputStream = httpURLConnection.getOutputStream(); 
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, "UTF-8")); 
        String post_data = URLEncoder.encode("PLATE_NUM","UTF-8")+"="+URLEncoder.encode(id_ret,"UTF-8") + "&" 
          + URLEncoder.encode("PUV_TYPE", "UTF-8") + "=" + URLEncoder.encode(puv_type, "UTF-8") + "&" 
          + URLEncoder.encode("content", "UTF-8") + "=" + URLEncoder.encode(report, "UTF-8");; 
        bufferedWriter.write(post_data); 
        bufferedWriter.flush(); 
        bufferedWriter.close(); 
        outputStream.close(); 
        InputStream inputStream = httpURLConnection.getInputStream(); 
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "iso-8859-1")); 
        String result = ""; 
        String line = ""; 
        while((line = bufferedReader.readLine())!= null){ 
         result += line; 
        } 
        bufferedReader.close(); 
        inputStream.close(); 
        httpURLConnection.disconnect(); 
        return result; 
       } catch (MalformedURLException e) { 
        e.printStackTrace(); 
       } catch (IOException e) { 
        e.printStackTrace(); 
       }

來源

2017-08-10 YaZao RuZakiaga

+0

檢查我更新的答案,很確​​定這是真正的問題 – Bqin1

回答

1

這一說法在你的PHP抓取數看起來粗略:

$ sql =「select * from employee_data where PLATE_NUM like'$ PLATE_NUM';」

我以爲like關鍵字找到一個模式[1]。爲什麼不做=在那裏?只有在兩個條件都爲真的情況下,纔會導致if語句= true,並且如果在PLATE_NUM列中找到了某個模式,它將始終爲真。你想要一個特定的車牌號碼作爲條件檢查。

$ sql =「select * from employee_data where PLATE_NUM ='$ PLATE_NUM';」

[1] https://www.w3schools.com/sql/sql_like.asp

編輯,問題是在這裏,你總是甚至在if語句檢查運行結果2查詢。當result1返回成功時,您只需運行result2。

將其更改爲

$result = mysqli_query($con, $sql);

//註釋掉它$結果2 = mysqli_query($ CON,$ sql_insert); $ response = array();

if (mysqli_num_rows($result)> 0){ 
     $result2 = mysqli_query($con, $sql_insert);

來源

2017-08-10 04:12:45 Bqin1

+0

我將它改爲'=',但它仍然插入到數據庫中。 –

+0

啊我現在看到你的問題了,你總是會運行result2。我正在更新我的答案,現在已更新 – Bqin1

2

你可以做這兩個way

1)使用一些php腳本在數據庫中手動檢查。然後你可以插入數據。 這樣做的邏輯是

寫onesql查詢以檢查計數where the PLATE_NUM='the value'

$query="SELECT COUNT(*) FROm table_name WHERE PLATE_NUM='the value';"

然後得到的結果thecount值。如果該值大於0表示值已存在於數據庫

if($count>0){ 
    echo "PLATE_NUM already exist"; 
    // if you want to update. Here you can update. 
}else{ 
    // perform your actions like insert. 
}

2)請在databadse的PLATE_NUM字段作爲唯一鍵。該這將爲重複自動檢查

使用mysqli_bind參數概念

$stmt = $mysqli->prepare($query) or trigger_error($mysqli->error."[$sql]"); 
$stmt->bind_param('d', $plate_no_value);// here d for number and s for string 
$stmt->bind_result($count); 
$stmt->execute();

來源

2017-08-10 04:10:27

+0

上午我做對了嗎? $ count = mysqli_query($ con,$ query);? –

+0

爲了更好的實踐,我已經使用MySQLi_bind參數編輯了答案。請看看 –

1

其實,你寫的查詢,但你沒有檢查第一個查詢它是否是可用與否,不檢查你插入的數據,

相反,你可以簡單地用一個UPDATE查詢來實現這,

$sql_insert = "UPDATE employee_content SET PLATE_NUM = '$PLATE_NUM', PUV_TYPE = '$PUV_TYPE', content = '$content' WHERE PLATE_NUM='$PLATE_NUM')";

來源

2017-08-10 04:16:25

相關問題

 相關問題