Php 尝试在表中显示商店的每日销售数字
我试图计算一家商店的每日销售额,并将其显示在web界面上的表格中。我一直在尝试更正while循环,以便将数据库中的信息显示在web界面上,但到目前为止我没有成功。我不确定是否应该将变量从控制器类传递到视图。如果有人能指出这不起作用的原因,我们将不胜感激 错误消息Php 尝试在表中显示商店的每日销售数字,php,mysql,Php,Mysql,我试图计算一家商店的每日销售额,并将其显示在web界面上的表格中。我一直在尝试更正while循环,以便将数据库中的信息显示在web界面上,但到目前为止我没有成功。我不确定是否应该将变量从控制器类传递到视图。如果有人能指出这不起作用的原因,我们将不胜感激 错误消息 Notice: Undefined variable: sales in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFigure
Notice: Undefined variable: sales in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFiguresView.php on line 27
Fatal error: Call to a member function fetch_assoc() on null in E:\xampp\htdocs\CIT2318\Relational database and web integration\views\SalesFiguresView.php on line 27
模型类
<?php
require_once('DAO.php');
class SalesFiguresModel extends DAO{
protected $target = "frs_Payment";
public function __construct(){
parent::__construct();
}
public function getShop($payid, $amount, $paydatetime, $employeeid, $customerid, $pstatusid, $ptid){
$sql = "SELECT * FROM frs_Payment (payid, amount, paydatetime, empnin, custid, pstatusid, ptid) VALUES ($payid, $amount, '$paydatetime', '$employeeid', $customerid, $pstatusid, $ptid)";
return parent::query($sql);
}
}
?>
<?php
session_start();
require_once("../models/SalesFiguresModel.php");
require_once("../views/SalesFiguresView.php");
if (isset($_POST["Submit"])) {
$payid=($_POST["payid"]);
$amount=($_POST["amount"]);
$paydatetime=($_POST["paydatetime"]);
$empnin=($_POST["empnin"]);
$custid=($_POST["custid"]);
$pstatusid=($_POST["pstatusid"]);
$ptid=($_POST["ptid"]);
if (empty($payid)) {
//header('Location: ../views/LoanView.php?error=1');
$error = "Payment ID is required";
} else {
$sales = new SalesFiguresModel;
$result = $sales->getShop($payid, $amount, $paydatetime, $empnin, $custid, $pstatusid, $ptid);
$row = $result->fetch_assoc();
$error = "";
$_SESSION['payid'] = $row["payid"];
$_SESSION['amount'] = $row["amount"];
$_SESSION['paydate'] = $row["paydatetime"];
$_SESSION['employeeid'] = $row["empnin"];
$_SESSION['customerid'] = $row["custid"];
$_SESSION['pstatus'] = $row["pstatusid"];
$_SESSION['ptype'] = $row["ptid"];
header('Location: ../views/MenuView.php');
}
echo "<hr>" . $error;
}
?>
您的代码易受SQL注入攻击。您应该使用或准备语句,如中所述。我在DAO中使用mysqli\u real\u escape\u字符串。我的模型类扩展了DAO。这不是防止SQL注入的正确过程吗?不是。你应该使用链接文章中描述的绑定参数。我现在就修改。你知道如何解决我面临的问题吗?
<table border="1">
<tr>
<tr>
<th>Payment ID</th>
<th>Amount</th>
<th>Date</th>
<th>Employee ID</th>
<th>Customer ID</th>
<th>Payment Status</th>
<th>Payment Type</th>
<?php
while($row = $sales->fetch_assoc()) {
echo
"<tr>
<td>{$row['payid']}</td>
<td>{$row['amount']}</td>
<td>{$row['paydatetime']}</td>
<td>{$row['empnin']}</td>
<td>{$row['custid']}</td>
<td>{$row['pstatusid']}</td>
<td>{$row['ptid']}</td>
</tr>\n";
}
?>
</table>
</form>
</body>
</html>