无法使用php更新MySQL中的数据。有什么建议吗?
我正在构建基于php mysql的简单库存管理系统。 此外,我对数组、函数等事物或指定名称没有正式的知识,但我能理解 这就是我现在面临的问题,需要您的指导/帮助: 就我所知,我的代码必须工作 我想更新我的产品行,但无法更新 使用这些查询影响0行:无法使用php更新MySQL中的数据。有什么建议吗?,php,mysql,Php,Mysql,我正在构建基于php mysql的简单库存管理系统。 此外,我对数组、函数等事物或指定名称没有正式的知识,但我能理解 这就是我现在面临的问题,需要您的指导/帮助: 就我所知,我的代码必须工作 我想更新我的产品行,但无法更新 使用这些查询影响0行: if (isset( $_POST['prod_edit'] )) { $prodId = $_POST['prodId']; $pUpdate = $con->prepare("UPDATE products SE
if (isset( $_POST['prod_edit'] )) {
$prodId = $_POST['prodId'];
$pUpdate = $con->prepare("UPDATE products SET prodTeng = ? , prodTurd = ? , prodSKU = ? , prodBC = ? , prodPUPP = ? , prodPUSP = ? , prodCate = ? , prodQuan = ? WHERE prodId = ? ");
$pUpdate->bind_param("ssssssssi", $_POST['prodTeng'], $_POST['prodTurd'], $_POST['prodSKU'], $_POST['prodBC'], $_POST['prodPUPP'], $_POST['prodPUSP'], $_POST['prodCate'], $_POST['prodQuan'], $prodId);
$pUpdate->execute();
if ($pUpdate->affected_rows === 0) {
echo'<script> window.location.replace("home.php?p=inventory&alert=0"); </script>';
}
if ($pUpdate->affected_rows === 1) {
echo'<script> window.location.replace("home.php?p=inventory&alert=3"); </script>';
}
$pUpdate->close();
}
<?php
$products_list = $con->query("SELECT * FROM products WHERE cid = '$cid' ");
while($row = $products_list->fetch_assoc()) {
$prodCate = $row['prodCate'];
$category_list = $con->query("SELECT * FROM categories WHERE cateId = '$prodCate' ");
while($cate = $category_list->fetch_assoc()) {
?>
<div class="modal fade modal-right" id="editProductRight<?=$row['prodId']; ?>" tabindex="-1" role="dialog" aria-labelledby="editProductRight<?=$row['prodId']; ?>" style="display: none;" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Edit Product Details</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<form action="home.php?p=inventory" method="post">
<div class="modal-body">
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodTeng" placeholder="Name in English" required value="<?=$row['prodTeng']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodTurd" placeholder="اردو میں نام" dir="rtl" value="<?=$row['prodTurd']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodSKU" placeholder="SKU" required value="<?=$row['prodSKU']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodBC" placeholder="Bar Code" value="<?=$row['prodBC']; ?>">
</div>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text">PKR</div>
</div>
<input type="number" class="form-control" name="prodPUPP" id="inlineFormInputGroupUsername2" placeholder="Per Unit Purchase Price" value="<?=$row['prodPUPP']; ?>">
</div>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text">PKR</div>
</div>
<input type="number" class="form-control" name="prodPUSP" id="inlineFormInputGroupUsername2" placeholder="Per Unit Sell Price" value="<?=$row['prodPUSP']; ?>">
</div>
<div class="form-group mb-2">
<input type="number" class="form-control" name="prodQuan" placeholder="On-Hand Quantity" value="<?=$row['prodQuan']; ?>">
</div>
<div class="form-group">
<select class="form-control" name="prodCate" required>
<option value="<?=$cate['cateId']; ?>"><?=$cate['cateTeng']; ?> | <?=$cate['cateTurd']; ?></option>
<?php
$stmt = $con->query("SELECT * FROM categories WHERE cid = '$cid' ");
while($row = $stmt->fetch_assoc()) {
?>
<option value="<?=$row['cateId']; ?>"><?=$row['cateTeng']; ?> | <?=$row['cateTurd']; ?></option>
<?php
}
$stmt->close();
?>
</select>
</div>
</div>
<hidden style="visibility:hidden;"><input type="text" value="<?=$row['prodId']?>" name="prodId" ></hidden>
<div class="modal-footer">
<button type="button" class="btn btn-outline-primary" data-dismiss="modal">Cancel</button>
<button type="submit" name="prod_edit" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
</div>
<?php
}
$category_list->close();
}
$products_list->close();
?>
if(isset($\u POST['prod\u edit'])){
$prodId=$_POST['prodId'];
$pUpdate=$con->prepare(“更新产品集prodTeng=?,prodTurd=?,prodSKU=?,prodBC=?,prodpulp=?,prodPUSP=?,prodCate=?,prodQuan=?其中prodId=?”;
$pUpdate->bind_参数(“SSSSSSSS I”、$POST['prodTeng']、$POST['PRODURT']、$POST['prodSKU']、$POST['prodBC']、$POST['PRODPUPUP']、$POST['prodPUSP']、$POST['prodCate']、$POST['prodQuan']、$prodId);
$pUpdate->execute();
如果($pUpdate->受影响的_行===0){
echo'window.location.replace(“home.php?p=inventory&alert=0”);
}
如果($pUpdate->受影响的_行===1){
echo'window.location.replace(“home.php?p=inventory&alert=3”);
}
$pUpdate->close();
}
if (isset( $_POST['prod_edit'] )) {
$prodId = $_POST['prodId'];
$pUpdate = $con->prepare("UPDATE products SET prodTeng = ? , prodTurd = ? , prodSKU = ? , prodBC = ? , prodPUPP = ? , prodPUSP = ? , prodCate = ? , prodQuan = ? WHERE prodId = ? ");
$pUpdate->bind_param("ssssssssi", $_POST['prodTeng'], $_POST['prodTurd'], $_POST['prodSKU'], $_POST['prodBC'], $_POST['prodPUPP'], $_POST['prodPUSP'], $_POST['prodCate'], $_POST['prodQuan'], $prodId);
$pUpdate->execute();
if ($pUpdate->affected_rows === 0) {
echo'<script> window.location.replace("home.php?p=inventory&alert=0"); </script>';
}
if ($pUpdate->affected_rows === 1) {
echo'<script> window.location.replace("home.php?p=inventory&alert=3"); </script>';
}
$pUpdate->close();
}
<?php
$products_list = $con->query("SELECT * FROM products WHERE cid = '$cid' ");
while($row = $products_list->fetch_assoc()) {
$prodCate = $row['prodCate'];
$category_list = $con->query("SELECT * FROM categories WHERE cateId = '$prodCate' ");
while($cate = $category_list->fetch_assoc()) {
?>
<div class="modal fade modal-right" id="editProductRight<?=$row['prodId']; ?>" tabindex="-1" role="dialog" aria-labelledby="editProductRight<?=$row['prodId']; ?>" style="display: none;" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Edit Product Details</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<form action="home.php?p=inventory" method="post">
<div class="modal-body">
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodTeng" placeholder="Name in English" required value="<?=$row['prodTeng']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodTurd" placeholder="اردو میں نام" dir="rtl" value="<?=$row['prodTurd']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodSKU" placeholder="SKU" required value="<?=$row['prodSKU']; ?>">
</div>
<div class="form-group mb-2">
<input type="text" class="form-control" name="prodBC" placeholder="Bar Code" value="<?=$row['prodBC']; ?>">
</div>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text">PKR</div>
</div>
<input type="number" class="form-control" name="prodPUPP" id="inlineFormInputGroupUsername2" placeholder="Per Unit Purchase Price" value="<?=$row['prodPUPP']; ?>">
</div>
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text">PKR</div>
</div>
<input type="number" class="form-control" name="prodPUSP" id="inlineFormInputGroupUsername2" placeholder="Per Unit Sell Price" value="<?=$row['prodPUSP']; ?>">
</div>
<div class="form-group mb-2">
<input type="number" class="form-control" name="prodQuan" placeholder="On-Hand Quantity" value="<?=$row['prodQuan']; ?>">
</div>
<div class="form-group">
<select class="form-control" name="prodCate" required>
<option value="<?=$cate['cateId']; ?>"><?=$cate['cateTeng']; ?> | <?=$cate['cateTurd']; ?></option>
<?php
$stmt = $con->query("SELECT * FROM categories WHERE cid = '$cid' ");
while($row = $stmt->fetch_assoc()) {
?>
<option value="<?=$row['cateId']; ?>"><?=$row['cateTeng']; ?> | <?=$row['cateTurd']; ?></option>
<?php
}
$stmt->close();
?>
</select>
</div>
</div>
<hidden style="visibility:hidden;"><input type="text" value="<?=$row['prodId']?>" name="prodId" ></hidden>
<div class="modal-footer">
<button type="button" class="btn btn-outline-primary" data-dismiss="modal">Cancel</button>
<button type="submit" name="prod_edit" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
</div>
<?php
}
$category_list->close();
}
$products_list->close();
?>
我确实使用了打印($\u POST)
并发现prodId
最终如问题所示。
然后我只是更改了顶部的prodId
标记的位置&它可以工作(--)
最后,prodId
标签的结果是:
Array ( [prodTeng] => asdasd [prodTurd] => Aasd [prodSKU] => asd [prodBC] => [prodPUPP] => 3 [prodPUSP] => 3 [prodQuan] => 2 [prodCate] => 1 [prodId] => 3 [prod_edit] => )
最终影响0行
顶部prodId标签的结果为:
Array ( [prodId] => 3 [prodTeng] => asdasd [prodTurd] => Aasd [prodSKU] => asd [prodBC] => [prodPUPP] => 3 [prodPUSP] => 3 [prodQuan] => 2 [prodCate] => 1 [prodId] => 3 [prod_edit] => )
它成功地影响了行。我确实使用了print\r($\u POST)
并发现prodId
最终如问题所示。
然后我只是更改了顶部的prodId
标记的位置&它可以工作(--)
最后,prodId
标签的结果是:
Array ( [prodTeng] => asdasd [prodTurd] => Aasd [prodSKU] => asd [prodBC] => [prodPUPP] => 3 [prodPUSP] => 3 [prodQuan] => 2 [prodCate] => 1 [prodId] => 3 [prod_edit] => )
最终影响0行
顶部prodId标签的结果为:
Array ( [prodId] => 3 [prodTeng] => asdasd [prodTurd] => Aasd [prodSKU] => asd [prodBC] => [prodPUPP] => 3 [prodPUSP] => 3 [prodQuan] => 2 [prodCate] => 1 [prodId] => 3 [prod_edit] => )
它成功地影响了行。
不是有效的HTML标记。试试你可以通过添加print\r($\u POST)进行一些调试到php脚本的顶部,并使用以下命令启用错误显示:ini\u set('display\u startup\u errors',true);ini设置(“显示错误”,真);错误报告(E_全部)
并查看bind_param
我假设您使用的是mysqli
对象,而不是PDO
,所以也把它扔到那里:mysqli_报告(mysqli_报告错误| mysqli_报告严格)
。不确定$cid
来自何处,但您可以通过$con->query(“SELECT*from products,其中cid='$cid')轻松打开一个sql注入点。。。您应该始终准备具有任何变量输入的语句。@不可信任$cid是全局添加到db连接文件中的。请对所有数据使用占位符值。不要妄想,否则你会有麻烦的。您在第一段代码中有一个准备好的语句,但随后您显然变得马虎,开始向SQL中注入。这就是巨大问题发生的原因。
不是有效的HTML标记。试试你可以通过添加print\r($\u POST)进行一些调试到php脚本的顶部,并使用以下命令启用错误显示:ini\u set('display\u startup\u errors',true);ini设置(“显示错误”,真);错误报告(E_全部)
并查看bind_param
我假设您使用的是mysqli
对象,而不是PDO
,所以也把它扔到那里:mysqli_报告(mysqli_报告错误| mysqli_报告严格)
。不确定$cid
来自何处,但您可以通过$con->query(“SELECT*from products,其中cid='$cid')轻松打开一个sql注入点。。。您应该始终准备具有任何变量输入的语句。@不可信任$cid是全局添加到db连接文件中的。请对所有数据使用占位符值。不要妄想,否则你会有麻烦的。您在第一段代码中有一个准备好的语句,但随后您显然变得马虎,开始向SQL中注入。巨大的问题就是这样发生的。