2017-08-21 62 views
-1

我想麻煩拍下面,使更新SQL工作,但它似乎$ edit_id變量輸出爲空。我有一個類似於這個工作正常的形式,雖然下面是更復雜,但我找不到什麼是失蹤,使其工作。PHP SQL ---編輯窗體不工作的一部分

任何關於哪裏是傢伙的錯誤的建議?

<?php 
    require_once $_SERVER['DOCUMENT_ROOT'].'/ares/aresStore/core/init.php'; 
    include 'includes/head.php'; 
    include 'includes/navigation.php'; 
    $errors = array(); 


    $parent=0; 
    $getURL=''; 
    if(isset($_GET['producttype']) && !empty($_GET['producttype'])){ 
     $getURL= htmlspecialchars((int)$_GET['producttype']); //gets prodcttype from URL and makes sure its an int 
     $getURL=sanitize($getURL); 


     $sql2 = "SELECT * FROM producttype WHERE ProductTypeID ='$getURL'"; 
     $results = $db->query($sql2); 
     $parent2 = mysqli_fetch_assoc($results); 
     $parent2=$parent2['ProductType']; 
     if($parent2==null)//elimantes possibilty of user from inputting non existing ProductTypeIDs and if he/she does he will be redirected 
     { 
      header('Location: childProdTypes.php'); 
     }else { 
      $sql = "SELECT * FROM producttype WHERE ProductTypeID = '$getURL'"; 
      $url_query = $db->query($sql); 
      $prod_type = mysqli_fetch_array($url_query); 
      $buffer=$prod_type['ProductType']; 
      $buffer2=$buffer; 
      $subtable2= $buffer.'type'; 
      $subtable3=$subtable2; 
      $buffer=$buffer.'Type'; 
      $subtable=strtolower($subtable3); 
      echo $subtable.'ras'; 
      echo 'Dollar Buffer:'.$buffer.'</br>'; 
      echo $buffer2; 
      echo $subtable2; 
      echo $subtable3; 
      $specProdID=$buffer.'ID'; 
      echo 'Dollar $specProdID=='.$specProdID.'<br>';// Example == BookTypeID 
      echo 'Dollar buffer:'.$buffer.'</br>';//Example == BookType 
      echo 'Dollar subtable:'.$subtable.'</br>';//Example == booktype 
      $editProdType=null;//to declare above and than delete 

      $sqlsub="SELECT * FROM $subtable ORDER BY $buffer"; 
      $sub_query = $db->query($sqlsub); 
      //var_dump($subtable).'______________'; 


      //edit product sub-category  
if(isset($_GET['edit']) && !empty($_GET['edit'])){ 
    $edit_id = (int)$_GET['edit']; 
    $edit_id = sanitize($edit_id); 
    $sql3 = "SELECT * FROM $subtable WHERE $specProdID = '$edit_id'"; 
    $edit_result=$db->query($sql3); 
    $editProdType = mysqli_fetch_array($edit_result); 

} 

//delete product sub-category   
if(isset($_GET['delete']) && !empty($_GET['delete'])){ 
    $delete_id = (int)$_GET['delete']; 
    $delete_id = sanitize($delete_id); 
    $sql = "DELETE FROM $subtable WHERE $specProdID = '$delete_id'"; 
    $db->query($sql); 
    header('Location: childProdTypes.php?producttype='.$prod_type['ProductTypeID']); //refresh page to clear delete from URL in address bar 
} 




//add product sub-category  
if(isset($_POST['add_submit']) && !empty($_POST['add_submit'])){ 
     $prodType = sanitize($_POST['ProductType']); 
     echo '+++'; 
     echo $subtable; 
     echo '+++'; 
     echo $buffer; 
     echo '+++'; 
     echo $prodType; 
     echo '+++'; 
     echo $specProdID; 
     echo '+++'; 

     //check if brand is blank 
     if($_POST['ProductType']==''){ 
      $errors[] .='Cannot add an <b>empty input</b>!!!'; 
     } 
     //check if ProductType exists in DB 
     $sql = "SELECT * FROM $subtable WHERE $buffer = '$prodType'"; 
     if(isset($_GET['edit'])){ 
      $sql="SELECT * $subtable WHERE $buffer = '$prodType' AND $specProdID != '$edit_id'" ; 
     } 
     var_dump($edit_id); 
     $result=$db->query($sql); 

     //how many rows in DB == true 
     **$count=mysqli_num_rows($result); 
     if($count > 0){ 
      $errors[].= '<b>'.$prodType.'</b> already exists. Please enter e new Product Type!!!'; 
      var_dump($edit_id);** 
     } 
     //output errors 
     if(!empty($errors)){ 
      echo display_errors($errors); 
     }else{ 
      //Add ProductType to DB 
      $sql = "INSERT INTO $subtable ($buffer) VALUES ('$prodType')"; 
      if(isset($_GET['edit'])){ 
       $sql = "UPDATE $subtable SET $buffer = '$prodType' WHERE $specProdID = '$edit_id'"; 
      } 
      $db->query($sql); 
      header('Location: childProdTypes.php?producttype='.$prod_type['ProductTypeID']); //refresh page 
     } 
    } 


$listdbtables = array_column(mysqli_fetch_all($db->query('SHOW TABLES')),0); //array containing all DB table names 
//var_dump($listdbtables); 

//if statement to check if $subtable/current selected ProductType has its own sub category table) 
if (in_array($subtable, $listdbtables)) { 
    echo "FOUND!!"; 
} else { 
    //If table not found, user will be directed to another page and prompted if a new table needs to be created 
    //echo'Product Type: '.$buffer.' does not have its own sub-category table yet. Kindly contact Head-Administrator to create table name: '.$subtable.'!!!'; 
    //sleep(3); 
    header('Location: table.php?check=1&producttypetable='.$buffer.'&productSubCat='.$buffer2.'&tableName='.$subtable.''); 

} 


    ?> 





    <h2 class='text-center'>Product Sub-Categories: <?= $prod_type['ProductType'] ;?>s</h2><hr> 

    <div class="text-center"> 
    <form class="form-inline" action="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?><?=((isset($_GET['edit']))?'?edit='.$edit_id:'');?>" method="post"> 
     <div class="form-group"> 
      <?php 
       $prodTypeValue=''; 
       if(isset($_GET['edit'])){ 
        $prodTypeValue = $editProdType[$buffer]; 

       }else{ 
        if(isset($_POST['ProductType'])){ 
         $prodTypeValue = sanitize($_POST[$buffer]); 
        } 
       } 
      ?> 
      <label for="ProductType"><?=((isset($_GET['edit']))?'Edit':'Add'); ?> a Sub-Product Type:</label> 
      <input type="text" name="ProductType" id="ProductType" class="form-control" value="<?= $prodTypeValue;?>"> 
      <?php if(isset($_GET['edit'])): ?> 
      <a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&edit=<?= $sub_type[$specProdID] ;?>" class="btn btn-default">Cancel</a> 
      <?php endif; ?> 
      <input type="submit" name="add_submit" value="<?=((isset($_GET['edit']))?'Edit':'Add') ;?> Product Type" class="btn btn-dark"> 
     </div> 
    </form> 
    </div><hr> 



     <div class="row"> 
      <div class"col-md-6"></div> 
      <div class"col-md-6"> 
       <table class="table table-bordered table-striped table-auto table-condensed" > 
        <thead id="tableDarkTheme"> 
         <th>Product Type</th> 
         <th>Sub-Category</th> 
         <th>Options</th> 
        </thead> 
       <tbody> 


       <tr> 
        <?php while($sub_type = mysqli_fetch_array($sub_query)): ?> 
        <td> 
         <?= $prod_type['ProductType'] ;?>s 
        </td> 
        <td> 
         <?= $sub_type[$buffer] ; ?> 
        </td> 
        <td> 
         <a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&edit=<?= $sub_type[$specProdID] ;?>" class="btn btn-xs btn-success"><span class="glyphicon glyphicon-pencil"></span></a> 
         <a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&delete=<?= $sub_type[$specProdID] ;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-remove-sign"></span></a> 
        </td> 

       </tr> 
       <?php endwhile; }?> 
       </tbody> 
       </table> 
      </div> 
     </div> 
     <?php 
     } 
    else { 
     //displayed when ?productid is non existant Example of cause user entered manually in address bar 
     $prod_get = "SELECT * FROM producttype"; 
     $prodType = $db->query($prod_get); 



     //$sqlcd="SELECT * FROM cdtype"; 
     //$sqlbk="SELECT * FROM booktype"; 
     //$sqlbr="SELECT * FROM bluraytype"; 
     //$result = $db->query($sql); 

     ?> 
     <h2 class="text-center">Product Subtypes</h2> 
     <div class="text-center"> 
     <table class="table table-bordered table-striped table-auto table-condensed"> 
      <thead> 
       <th>Select Product Subtype</th><hr> 
      </thead> 
     <tbody> 
      <?php while($parent = mysqli_fetch_assoc($prodType)) : ?> 
      <tr> 
       <td> 
        <a href="childProdTypes.php?producttype=<?= $parent ['ProductTypeID'];?>" class="btn btn-default"><?php echo $parent ['ProductType']; ?></a> 
       </td> 
      </tr> 
      <?php endwhile; ?> 
     </tbody> 
     </table> 
    </div> 



<?php 
    } 
    ?> 



<?php include 'includes/footer.php'; ?> 
+1

你是敞開的SQL注入。由於您使用的是mysqli,請利用[prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和[bind_param](http://php.net/手動/ EN/mysqli的-stmt.bind-param.php)。 **這將處理可能發生的任何討厭的引用問題。**同時檢查[mysqli_errors](http://php.net/manual/en/mysqli.error.php),因爲mysql不會拋出相同的PHP所做的一些錯誤,並可能以失敗告終。 – aynber

+1

這就是您希望我們爲您調試的許多*代碼。你能更具體地說明問題出現在哪裏嗎?你聲稱「$ edit_id變量正在輸出空值」,你是什麼意思?在那個變量的所有用途中,它首先有一個'null'值? – David

+0

雖然問題是編輯部分不工作。從我的業餘知識,我認識到,也許它是從$ edit_id varibale返回null,但我不確定。任何幫助? –

回答

0

這裏的問題是關於您的形式你的行動是錯誤地輸入

childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?><?=((isset($_GET['edit']))?'?edit='.$edit_id:'');?>" 

這裏的URL看起來像這樣

domain.com/childProdTypes.php?producttype=22?edit=1 

,而他應該是這樣的

domain.com/childProdTypes.php?producttype=22&edit=1 

所以你不能交流塞斯到$ _GET [「編輯」]

你應該改變?由行動&在形式

+0

這就是它的MacBooc。我正在檢查3個小時,沒有看到它=]。猜猜我需要休息一下。我現在編碼將近12個小時。謝謝 –

+0

請查看關於sql injesction以及如何在此網站上提出問題:)很難解決問題 – MacBooc

+0

我需要查看帖子的格式,其實有點令人困惑。將爲SQL注入做,因爲它將包括一些安全功能是很好的。除了SQL注入安全方面的任何其他建議? –