Php 尝试在表中显示商店的每日销售数字_Php_Mysql

Php 尝试在表中显示商店的每日销售数字

php mysql

Php 尝试在表中显示商店的每日销售数字,php,mysql,Php,Mysql,我试图计算一家商店的每日销售额，并将其显示在web界面上的表格中。我一直在尝试更正while循环，以便将数据库中的信息显示在web界面上，但到目前为止我没有成功。我不确定是否应该将变量从控制器类传递到视图。如果有人能指出这不起作用的原因，我们将不胜感激错误消息 Notice: Undefined variable: sales in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFigure

我试图计算一家商店的每日销售额，并将其显示在web界面上的表格中。我一直在尝试更正while循环，以便将数据库中的信息显示在web界面上，但到目前为止我没有成功。我不确定是否应该将变量从控制器类传递到视图。如果有人能指出这不起作用的原因，我们将不胜感激

错误消息

Notice: Undefined variable: sales in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFiguresView.php on line 27

Fatal error: Call to a member function fetch_assoc() on null in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFiguresView.php on line 27

模型类

<?php
 require_once('DAO.php');

class SalesFiguresModel extends DAO{

protected $target = "frs_Payment";

public function __construct(){
  parent::__construct();
}

public function getShop($payid, $amount, $paydatetime, $employeeid, $customerid, $pstatusid, $ptid){
  $sql = "SELECT * FROM frs_Payment (payid, amount, paydatetime, empnin, custid, pstatusid, ptid) VALUES ($payid, $amount, '$paydatetime', '$employeeid', $customerid, $pstatusid, $ptid)";
  return parent::query($sql);
}
}
?>

<?php

session_start();
require_once("../models/SalesFiguresModel.php");
require_once("../views/SalesFiguresView.php");


if (isset($_POST["Submit"])) {
$payid=($_POST["payid"]);
$amount=($_POST["amount"]);
$paydatetime=($_POST["paydatetime"]);
$empnin=($_POST["empnin"]);
$custid=($_POST["custid"]);
$pstatusid=($_POST["pstatusid"]);
$ptid=($_POST["ptid"]);

if (empty($payid)) {
    //header('Location: ../views/LoanView.php?error=1');
    $error = "Payment ID is required";
} else {

 $sales = new SalesFiguresModel;
 $result = $sales->getShop($payid, $amount, $paydatetime, $empnin, $custid, $pstatusid, $ptid);
$row = $result->fetch_assoc();
$error = "";
$_SESSION['payid'] = $row["payid"];
$_SESSION['amount'] = $row["amount"];
$_SESSION['paydate'] = $row["paydatetime"];
$_SESSION['employeeid'] = $row["empnin"];
$_SESSION['customerid'] = $row["custid"];
$_SESSION['pstatus'] = $row["pstatusid"];
$_SESSION['ptype'] = $row["ptid"];

header('Location: ../views/MenuView.php');
}
echo "<hr>" . $error;
}

?>

您的代码易受SQL注入攻击。您应该使用或准备语句，如中所述。我在DAO中使用mysqli\u real\u escape\u字符串。我的模型类扩展了DAO。这不是防止SQL注入的正确过程吗？不是。你应该使用链接文章中描述的绑定参数。我现在就修改。你知道如何解决我面临的问题吗？
    <table border="1">
        <tr>
            <tr>
            <th>Payment ID</th>
            <th>Amount</th>
            <th>Date</th>
            <th>Employee ID</th>
            <th>Customer ID</th>
            <th>Payment Status</th>
            <th>Payment Type</th>


                 <?php

                  while($row = $sales->fetch_assoc()) {
                    echo
                    "<tr>
                      <td>{$row['payid']}</td>
                      <td>{$row['amount']}</td>
                      <td>{$row['paydatetime']}</td>
                      <td>{$row['empnin']}</td>
                      <td>{$row['custid']}</td>
                      <td>{$row['pstatusid']}</td>
                      <td>{$row['ptid']}</td>
                    </tr>\n";
                  }

                ?>

    </table>  
</form>
</body>
</html>