我想麻煩拍下面,使更新SQL工作,但它似乎$ edit_id變量輸出爲空。我有一個類似於這個工作正常的形式,雖然下面是更復雜,但我找不到什麼是失蹤,使其工作。PHP SQL ---編輯窗體不工作的一部分
任何關於哪裏是傢伙的錯誤的建議?
<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/ares/aresStore/core/init.php';
include 'includes/head.php';
include 'includes/navigation.php';
$errors = array();
$parent=0;
$getURL='';
if(isset($_GET['producttype']) && !empty($_GET['producttype'])){
$getURL= htmlspecialchars((int)$_GET['producttype']); //gets prodcttype from URL and makes sure its an int
$getURL=sanitize($getURL);
$sql2 = "SELECT * FROM producttype WHERE ProductTypeID ='$getURL'";
$results = $db->query($sql2);
$parent2 = mysqli_fetch_assoc($results);
$parent2=$parent2['ProductType'];
if($parent2==null)//elimantes possibilty of user from inputting non existing ProductTypeIDs and if he/she does he will be redirected
{
header('Location: childProdTypes.php');
}else {
$sql = "SELECT * FROM producttype WHERE ProductTypeID = '$getURL'";
$url_query = $db->query($sql);
$prod_type = mysqli_fetch_array($url_query);
$buffer=$prod_type['ProductType'];
$buffer2=$buffer;
$subtable2= $buffer.'type';
$subtable3=$subtable2;
$buffer=$buffer.'Type';
$subtable=strtolower($subtable3);
echo $subtable.'ras';
echo 'Dollar Buffer:'.$buffer.'</br>';
echo $buffer2;
echo $subtable2;
echo $subtable3;
$specProdID=$buffer.'ID';
echo 'Dollar $specProdID=='.$specProdID.'<br>';// Example == BookTypeID
echo 'Dollar buffer:'.$buffer.'</br>';//Example == BookType
echo 'Dollar subtable:'.$subtable.'</br>';//Example == booktype
$editProdType=null;//to declare above and than delete
$sqlsub="SELECT * FROM $subtable ORDER BY $buffer";
$sub_query = $db->query($sqlsub);
//var_dump($subtable).'______________';
//edit product sub-category
if(isset($_GET['edit']) && !empty($_GET['edit'])){
$edit_id = (int)$_GET['edit'];
$edit_id = sanitize($edit_id);
$sql3 = "SELECT * FROM $subtable WHERE $specProdID = '$edit_id'";
$edit_result=$db->query($sql3);
$editProdType = mysqli_fetch_array($edit_result);
}
//delete product sub-category
if(isset($_GET['delete']) && !empty($_GET['delete'])){
$delete_id = (int)$_GET['delete'];
$delete_id = sanitize($delete_id);
$sql = "DELETE FROM $subtable WHERE $specProdID = '$delete_id'";
$db->query($sql);
header('Location: childProdTypes.php?producttype='.$prod_type['ProductTypeID']); //refresh page to clear delete from URL in address bar
}
//add product sub-category
if(isset($_POST['add_submit']) && !empty($_POST['add_submit'])){
$prodType = sanitize($_POST['ProductType']);
echo '+++';
echo $subtable;
echo '+++';
echo $buffer;
echo '+++';
echo $prodType;
echo '+++';
echo $specProdID;
echo '+++';
//check if brand is blank
if($_POST['ProductType']==''){
$errors[] .='Cannot add an <b>empty input</b>!!!';
}
//check if ProductType exists in DB
$sql = "SELECT * FROM $subtable WHERE $buffer = '$prodType'";
if(isset($_GET['edit'])){
$sql="SELECT * $subtable WHERE $buffer = '$prodType' AND $specProdID != '$edit_id'" ;
}
var_dump($edit_id);
$result=$db->query($sql);
//how many rows in DB == true
**$count=mysqli_num_rows($result);
if($count > 0){
$errors[].= '<b>'.$prodType.'</b> already exists. Please enter e new Product Type!!!';
var_dump($edit_id);**
}
//output errors
if(!empty($errors)){
echo display_errors($errors);
}else{
//Add ProductType to DB
$sql = "INSERT INTO $subtable ($buffer) VALUES ('$prodType')";
if(isset($_GET['edit'])){
$sql = "UPDATE $subtable SET $buffer = '$prodType' WHERE $specProdID = '$edit_id'";
}
$db->query($sql);
header('Location: childProdTypes.php?producttype='.$prod_type['ProductTypeID']); //refresh page
}
}
$listdbtables = array_column(mysqli_fetch_all($db->query('SHOW TABLES')),0); //array containing all DB table names
//var_dump($listdbtables);
//if statement to check if $subtable/current selected ProductType has its own sub category table)
if (in_array($subtable, $listdbtables)) {
echo "FOUND!!";
} else {
//If table not found, user will be directed to another page and prompted if a new table needs to be created
//echo'Product Type: '.$buffer.' does not have its own sub-category table yet. Kindly contact Head-Administrator to create table name: '.$subtable.'!!!';
//sleep(3);
header('Location: table.php?check=1&producttypetable='.$buffer.'&productSubCat='.$buffer2.'&tableName='.$subtable.'');
}
?>
<h2 class='text-center'>Product Sub-Categories: <?= $prod_type['ProductType'] ;?>s</h2><hr>
<div class="text-center">
<form class="form-inline" action="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?><?=((isset($_GET['edit']))?'?edit='.$edit_id:'');?>" method="post">
<div class="form-group">
<?php
$prodTypeValue='';
if(isset($_GET['edit'])){
$prodTypeValue = $editProdType[$buffer];
}else{
if(isset($_POST['ProductType'])){
$prodTypeValue = sanitize($_POST[$buffer]);
}
}
?>
<label for="ProductType"><?=((isset($_GET['edit']))?'Edit':'Add'); ?> a Sub-Product Type:</label>
<input type="text" name="ProductType" id="ProductType" class="form-control" value="<?= $prodTypeValue;?>">
<?php if(isset($_GET['edit'])): ?>
<a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&edit=<?= $sub_type[$specProdID] ;?>" class="btn btn-default">Cancel</a>
<?php endif; ?>
<input type="submit" name="add_submit" value="<?=((isset($_GET['edit']))?'Edit':'Add') ;?> Product Type" class="btn btn-dark">
</div>
</form>
</div><hr>
<div class="row">
<div class"col-md-6"></div>
<div class"col-md-6">
<table class="table table-bordered table-striped table-auto table-condensed" >
<thead id="tableDarkTheme">
<th>Product Type</th>
<th>Sub-Category</th>
<th>Options</th>
</thead>
<tbody>
<tr>
<?php while($sub_type = mysqli_fetch_array($sub_query)): ?>
<td>
<?= $prod_type['ProductType'] ;?>s
</td>
<td>
<?= $sub_type[$buffer] ; ?>
</td>
<td>
<a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&edit=<?= $sub_type[$specProdID] ;?>" class="btn btn-xs btn-success"><span class="glyphicon glyphicon-pencil"></span></a>
<a href="childProdTypes.php?producttype=<?= $prod_type['ProductTypeID'] ;?>&delete=<?= $sub_type[$specProdID] ;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-remove-sign"></span></a>
</td>
</tr>
<?php endwhile; }?>
</tbody>
</table>
</div>
</div>
<?php
}
else {
//displayed when ?productid is non existant Example of cause user entered manually in address bar
$prod_get = "SELECT * FROM producttype";
$prodType = $db->query($prod_get);
//$sqlcd="SELECT * FROM cdtype";
//$sqlbk="SELECT * FROM booktype";
//$sqlbr="SELECT * FROM bluraytype";
//$result = $db->query($sql);
?>
<h2 class="text-center">Product Subtypes</h2>
<div class="text-center">
<table class="table table-bordered table-striped table-auto table-condensed">
<thead>
<th>Select Product Subtype</th><hr>
</thead>
<tbody>
<?php while($parent = mysqli_fetch_assoc($prodType)) : ?>
<tr>
<td>
<a href="childProdTypes.php?producttype=<?= $parent ['ProductTypeID'];?>" class="btn btn-default"><?php echo $parent ['ProductType']; ?></a>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
</div>
<?php
}
?>
<?php include 'includes/footer.php'; ?>
你是敞開的SQL注入。由於您使用的是mysqli,請利用[prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和[bind_param](http://php.net/手動/ EN/mysqli的-stmt.bind-param.php)。 **這將處理可能發生的任何討厭的引用問題。**同時檢查[mysqli_errors](http://php.net/manual/en/mysqli.error.php),因爲mysql不會拋出相同的PHP所做的一些錯誤,並可能以失敗告終。 – aynber
這就是您希望我們爲您調試的許多*代碼。你能更具體地說明問題出現在哪裏嗎?你聲稱「$ edit_id變量正在輸出空值」,你是什麼意思?在那個變量的所有用途中,它首先有一個'null'值? – David
雖然問題是編輯部分不工作。從我的業餘知識,我認識到,也許它是從$ edit_id varibale返回null,但我不確定。任何幫助? –