1. 首頁
  2. 問答
  3. 提交記錄時。確認頁面只顯示最後一個數組記錄

提交記錄時。確認頁面只顯示最後一個數組記錄

2017-08-30 150 views
0

我遇到了插入記錄的問題,它也插入了電子郵件部分,但當確認頁面顯示時,它只顯示數組中的最後一條記錄3次。我想把它放在循環中以顯示所有記錄。我不確定我做錯了什麼會繼續解決這個問題。提交記錄時。確認頁面只顯示最後一個數組記錄

process_insert.php

<html> 
    <head> 
    <title></title> 
    </head> 
    <body> 
    <?php 
     ini_set('display_errors', 1); 
    error_reporting(~0); 

    $serverName = "localhost"; 
    $userName = "root"; 
    $userPassword = ""; 
    $dbName = "blog_samples"; 

    $conn = mysqli_connect($serverName,$userName,$userPassword,$dbName); 

    $rows_count = count($_POST["name"]); 

    $message = ''; 

    for($i=0;$i<$rows_count;$i++){ 

     // PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

     $employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]); 
     $name = mysqli_real_escape_string($conn,$_POST["name"][$i]); 
     $code = mysqli_real_escape_string($conn,$_POST["code"][$i]); 
     $quantity = intval($_POST["quantity"][$i]); 
     $price = mysqli_real_escape_string($conn,$_POST["price"][$i]); 


     $sql = "INSERT INTO order_table (employee_name, name, code, quantity, price) 
      VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')"; 

     $query = mysqli_query($conn,$sql); 


     if(mysqli_affected_rows($conn)>0) { 


       $message .= 

       "employee_name: " . $employee_name . " 

       " ."name: ". $name ." 

       ". "code: " . $code . " 

       " ."quantity: ". $quantity . " 

       ". "price: " . $price . ""; 
     } 

    } 

    if (! empty($message)) { 
     $to = "[email protected]"; 
     $subject = "Supplies"; 
     $headers = "From: user[email protected]"; 

     mail($to,$subject,$message,$headers); 
    } 


    ?> 



    <h1 align="center">Supply Request Confirmation</h1> 
    <p align="center">Thank you, <?php echo $employee_name; ?><br><br> 
     Your request has been sent. 
     Please print this page out for your copy.</p> 

    <div align="center"> 
     <h2>Request Information</h2> 
    </div> 
    <table style="width: 45%" align="center"> 
     <tr> 
      <td class="style">Date Request: <?php $date = new DateTime(); 
    echo $date->format('m/d/Y H:i:s') . "\n"; ?></td> 
     </tr> 



     <?php for($i=0;$i<$rows_count;$i++){?> 


     <tr> 
      <td class="style">name: <?php echo $name; ?></td> 
     </tr> 
     <tr> 
      <td class="style"> code: <?php echo $code; ?></td> 
     </tr> 
     <tr> 
      <td class="style"> Quantity: <?php echo $quantity; ?></td> 
     </tr> 
     <tr> 
      <td class="style"> price: <?php echo $price; ?></td> 
     </tr> 

     <?php } ?> 
    </table> 


    <div align="center"><button onClick="window.print()">Print this page</button></div> 
    </body> 
    </html>

來源

2017-08-30 Donny

+0

** WARNING **:當使用'mysqli'你應該使用[參數化查詢(http://php.net/manual/en/mysqli.quickstart。 prepared-statements.php)和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢中。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。意外地未經轉義的數據是一個嚴重的風險。使用綁定參數不那麼冗長,並且更容易檢查以檢查您是否正確地進行了操作。 – tadman

+0

注意:'mysqli'的面向對象的接口明顯不那麼冗長,使得代碼更易於閱讀和審計,並且不容易與陳舊的'mysql_query'接口混淆。在你過於投入程序風格之前,它是值得轉換的。例如:'$ db = new mysqli(...)'和'$ db-> prepare(「...」)過程接口是PHP4時代的一個神器,當引入mysqli API時,不應該在新的代碼 – tadman

+0

已經知道我正在改變它,我認爲這部分我會在準備好的聲明中寫這個謝謝 – Donny

回答

1

這是因爲變量$名稱,$代碼,$金額和$價格有你的$ _ POST的最後的值。您可以使用上一個循環的$ _POST值或使用此值創建一個變量。

試試這個:

<html> 
<head> 
<title></title> 
</head> 
<body> 
<?php 
    ini_set('display_errors', 1); 
error_reporting(~0); 

$serverName = "localhost"; 
$userName = "root"; 
$userPassword = ""; 
$dbName = "blog_samples"; 

$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName); 

$rows_count = count($_POST["name"]); 

$message = ''; 
$data = array(); 

for($i=0;$i<$rows_count;$i++){ 

    // PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

    $employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]); 
    $name = mysqli_real_escape_string($conn,$_POST["name"][$i]); 
    $code = mysqli_real_escape_string($conn,$_POST["code"][$i]); 
    $quantity = intval($_POST["quantity"][$i]); 
    $price = mysqli_real_escape_string($conn,$_POST["price"][$i]); 

    array_push($data, array(
     'employee_name' => $employee_name, 
     'name' => $name, 
     'code' => $code, 
     'quantity' => $quantity, 
     'price' => $price, 

    )); 
    $sql = "INSERT INTO order_table (employee_name, name, code, quantity, price) 
     VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')"; 

    $query = mysqli_query($conn,$sql); 


    if(mysqli_affected_rows($conn)>0) { 


      $message .= 

      "employee_name: " . $employee_name . " 

      " ."name: ". $name ." 

      ". "code: " . $code . " 

      " ."quantity: ". $quantity . " 

      ". "price: " . $price . ""; 
    } 

} 

if (! empty($message)) { 
    $to = "[email protected]"; 
    $subject = "Supplies"; 
    $headers = "From: [email protected]"; 

    mail($to,$subject,$message,$headers); 
} 


?> 



<h1 align="center">Supply Request Confirmation</h1> 
<p align="center">Thank you, <?php echo $employee_name; ?><br><br> 
    Your request has been sent. 
    Please print this page out for your copy.</p> 

<div align="center"> 
    <h2>Request Information</h2> 
</div> 
<table style="width: 45%" align="center"> 
    <tr> 
     <td class="style">Date Request: <?php $date = new DateTime(); 
echo $date->format('m/d/Y H:i:s') . "\n"; ?></td> 
    </tr> 



    <?php foreach ($data as $value) {?> 


    <tr> 
     <td class="style">name: <?php echo $value['name']; ?></td> 
    </tr> 
    <tr> 
     <td class="style"> code: <?php echo $value['code']; ?></td> 
    </tr> 
    <tr> 
     <td class="style"> Quantity: <?php echo $value['quantity']; ?></td> 
    </tr> 
    <tr> 
     <td class="style"> price: <?php echo $value['price']; ?></td> 
    </tr> 

    <?php } ?> 
</table> 


<div align="center"><button onClick="window.print()">Print this page</button></div> 
</body> 
</html>

來源

2017-08-31 00:14:56

+0

謝謝你的工作。 – Donny

相關問題

 相關問題