Php 更新代码以使用mysqli prepare/bind&;在删除、更新和多次创建时执行
有人建议我需要稍微更新一下我的函数,这样可以更安全地防止SQL注入,也就是说,使用mysqli prepare、bind_param和execute,我已经在一个函数上成功地完成了这项工作,该函数将客户创建到数据库中的一个表中 我有很多函数,但一旦我知道如何使用这些函数,我就可以完成所有这些:更新表查询、删除表查询和我的主查询,正如您从代码中看到的,它执行多个查询,将数据存储在3个不同的表中 我已完成并开始工作的查询:Php 更新代码以使用mysqli prepare/bind&;在删除、更新和多次创建时执行,php,mysql,mysqli,Php,Mysql,Mysqli,有人建议我需要稍微更新一下我的函数,这样可以更安全地防止SQL注入,也就是说,使用mysqli prepare、bind_param和execute,我已经在一个函数上成功地完成了这项工作,该函数将客户创建到数据库中的一个表中 我有很多函数,但一旦我知道如何使用这些函数,我就可以完成所有这些:更新表查询、删除表查询和我的主查询,正如您从代码中看到的,它执行多个查询,将数据存储在3个不同的表中 我已完成并开始工作的查询: // Create customer if ($action == 'cre
// Create customer
if ($action == 'create_customer'){
// invoice customer information
// billing
$customer_name = $_POST['customer_name']; // customer name
$customer_email = $_POST['customer_email']; // customer email
$customer_address_1 = $_POST['customer_address_1']; // customer address
$customer_address_2 = $_POST['customer_address_2']; // customer address
$customer_town = $_POST['customer_town']; // customer town
$customer_county = $_POST['customer_county']; // customer county
$customer_postcode = $_POST['customer_postcode']; // customer postcode
$customer_phone = $_POST['customer_phone']; // customer phone number
//shipping
$customer_name_ship = $_POST['customer_name_ship']; // customer name (shipping)
$customer_address_1_ship = $_POST['customer_address_1_ship']; // customer address (shipping)
$customer_address_2_ship = $_POST['customer_address_2_ship']; // customer address (shipping)
$customer_town_ship = $_POST['customer_town_ship']; // customer town (shipping)
$customer_county_ship = $_POST['customer_county_ship']; // customer county (shipping)
$customer_postcode_ship = $_POST['customer_postcode_ship']; // customer postcode (shipping)
$query = "INSERT INTO store_customers (
name,
email,
address_1,
address_2,
town,
county,
postcode,
phone,
name_ship,
address_1_ship,
address_2_ship,
town_ship,
county_ship,
postcode_ship
) VALUES (
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?
);
";
/* Prepare statement */
$stmt = $mysqli->prepare($query);
if($stmt === false) {
trigger_error('Wrong SQL: ' . $query . ' Error: ' . $mysqli->error, E_USER_ERROR);
}
/* Bind parameters. TYpes: s = string, i = integer, d = double, b = blob */
$stmt->bind_param(
'ssssssssssssss',
$customer_name,$customer_email,$customer_address_1,$customer_address_2,$customer_town,$customer_county,$customer_postcode,
$customer_phone,$customer_name_ship,$customer_address_1_ship,$customer_address_2_ship,$customer_town_ship,$customer_county_ship,$customer_postcode_ship);
if($stmt->execute()){
//if saving success
echo json_encode(array(
'status' => 'Success',
'message' => 'Customer has been created successfully!'
));
} else {
// if unable to create invoice
echo json_encode(array(
'status' => 'Error',
'message' => 'There has been an error, please try again.'
// debug
//'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
//close database connection
$mysqli->close();
}
//创建客户
如果($action==“创建客户”){
//发票客户信息
//账单
$customer\u name=$\u POST['customer\u name'];//客户名称
$customer\u email=$\u POST['customer\u email'];//客户电子邮件
$customer\u address\u 1=$\u POST['customer\u address\u 1'];//客户地址
$customer\u address\u 2=$\u POST['customer\u address\u 2'];//客户地址
$customer\u town=$\u POST['customer\u town'];//customer town
$customer\u county=$\u POST['customer\u county'];//客户县
$customer\u postcode=$\u POST['customer\u postcode'];//客户邮政编码
$customer\u phone=$\u POST['customer\u phone'];//客户电话号码
//船运
$customer\u name\u ship=$\u POST['customer\u name\u ship'];//客户名称(发货)
$customer\u address\u 1\u ship=$\u POST['customer\u address\u 1\u ship'];//客户地址(配送)
$customer\u address\u 2\u ship=$\u POST['customer\u address\u 2\u ship'];//客户地址(配送)
$customer\u town\u ship=$\u POST['customer\u town\u ship'];//customer town(shipping)
$customer\u county\u ship=$\u POST['customer\u county\u ship'];//customer county(shipping)
$customer_postcode_ship=$_POST['customer_postcode_ship'];//客户邮政编码(配送)
$query=“插入门店\u客户(
名称
电子邮件,
地址(一),
地址(二),
城镇,
县
邮政编码
电话,
船名,
地址:1号船,
地址:2号船,
城市之舟,
县船,
邮政编码
)价值观(
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?
);
";
/*准备报表*/
$stmt=$mysqli->prepare($query);
如果($stmt==false){
触发器_错误('error SQL:'.$query.'error:'.$mysqli->error,E_USER_error);
}
/*绑定参数。类型:s=string,i=integer,d=double,b=blob*/
$stmt->bind_参数(
“SSSSSSSS”,
$customer\u name、$customer\u email、$customer\u address\u 1、$customer\u address\u 2、$customer\u town、$customer\u county、$customer\u postcode、,
$customer\u phone、$customer\u name\u ship、$customer\u address\u 1\u ship、$customer\u address\u 2\u ship、$customer\u town\u ship、$customer\u country\u ship、$customer\u postcode\u ship);
如果($stmt->execute()){
//如果拯救成功
echo json_编码(数组(
“状态”=>“成功”,
'消息'=>'已成功创建客户!'
));
}否则{
//如果无法创建发票
echo json_编码(数组(
'状态'=>'错误',
'消息'=>'出现错误,请重试。'
// Create invoice
if ($action == 'create_invoice'){
// invoice customer information
// billing
$customer_name = $_POST['customer_name']; // customer name
$customer_email = $_POST['customer_email']; // customer email
$customer_address_1 = $_POST['customer_address_1']; // customer address
$customer_address_2 = $_POST['customer_address_2']; // customer address
$customer_town = $_POST['customer_town']; // customer town
$customer_county = $_POST['customer_county']; // customer county
$customer_postcode = $_POST['customer_postcode']; // customer postcode
$customer_phone = $_POST['customer_phone']; // customer phone number
//shipping
$customer_name_ship = $_POST['customer_name_ship']; // customer name (shipping)
$customer_address_1_ship = $_POST['customer_address_1_ship']; // customer address (shipping)
$customer_address_2_ship = $_POST['customer_address_2_ship']; // customer address (shipping)
$customer_town_ship = $_POST['customer_town_ship']; // customer town (shipping)
$customer_county_ship = $_POST['customer_county_ship']; // customer county (shipping)
$customer_postcode_ship = $_POST['customer_postcode_ship']; // customer postcode (shipping)
// invoice details
$invoice_number = $_POST['invoice_id']; // invoice number
$invoice_date = $_POST['invoice_date']; // invoice date
$invoice_due_date = $_POST['invoice_due_date']; // invoice due date
$invoice_subtotal = $_POST['invoice_subtotal']; // invoice sub-total
$invoice_shipping = $_POST['invoice_shipping']; // invoice shipping amount
$invoice_discount = $_POST['invoice_discount']; // invoice discount
$invoice_vat = $_POST['invoice_vat']; // invoice vat
$invoice_total = $_POST['invoice_total']; // invoice total
$invoice_notes = $_POST['invoice_notes']; // Invoice notes
$invoice_type = $_POST['invoice_type']; // Invoice type
$invoice_status = $_POST['invoice_status']; // Invoice status
// insert invoice into database
$query = "INSERT INTO invoices (
invoice,
invoice_date,
invoice_due_date,
subtotal,
shipping,
discount,
vat,
total,
notes,
invoice_type,
status
) VALUES (
'".$invoice_number."',
'".$invoice_date."',
'".$invoice_due_date."',
'".$invoice_subtotal."',
'".$invoice_shipping."',
'".$invoice_discount."',
'".$invoice_vat."',
'".$invoice_total."',
'".$invoice_notes."',
'".$invoice_type."',
'".$invoice_status."'
);
";
// insert customer details into database
$query .= "INSERT INTO customers (
invoice,
name,
email,
address_1,
address_2,
town,
county,
postcode,
phone,
name_ship,
address_1_ship,
address_2_ship,
town_ship,
county_ship,
postcode_ship
) VALUES (
'".$invoice_number."',
'".$customer_name."',
'".$customer_email."',
'".$customer_address_1."',
'".$customer_address_2."',
'".$customer_town."',
'".$customer_county."',
'".$customer_postcode."',
'".$customer_phone."',
'".$customer_name_ship."',
'".$customer_address_1_ship."',
'".$customer_address_2_ship."',
'".$customer_town_ship."',
'".$customer_county_ship."',
'".$customer_postcode_ship."'
);
";
// invoice product items
foreach($_POST['invoice_product'] as $key => $value) {
$item_product = $value;
// $item_description = $_POST['invoice_product_desc'][$key];
$item_qty = $_POST['invoice_product_qty'][$key];
$item_price = $_POST['invoice_product_price'][$key];
$item_discount = $_POST['invoice_product_discount'][$key];
$item_subtotal = $_POST['invoice_product_sub'][$key];
// insert invoice items into database
$query .= "INSERT INTO invoice_items (
invoice,
product,
qty,
price,
discount,
subtotal
) VALUES (
'".$invoice_number."',
'".$item_product."',
'".$item_qty."',
'".$item_price."',
'".$item_discount."',
'".$item_subtotal."'
);
";
}
header('Content-Type: application/json');
// execute the query
if($mysqli -> multi_query($query)){
//if saving success
echo json_encode(array(
'status' => 'Success',
'message' => 'Invoice has been created successfully!'
));
//Set default date timezone
date_default_timezone_set(TIMEZONE);
//Include Invoicr class
include('invoice.php');
//Create a new instance
$invoice = new invoicr("A4",CURRENCY,"en");
//Set number formatting
$invoice->setNumberFormat('.',',');
//Set your logo
$invoice->setLogo(COMPANY_LOGO,COMPANY_LOGO_WIDTH,COMPANY_LOGO_HEIGHT);
//Set theme color
$invoice->setColor(INVOICE_THEME);
//Set type
$invoice->setType($invoice_type);
//Set reference
$invoice->setReference($invoice_number);
//Set date
$invoice->setDate($invoice_date);
//Set due date
$invoice->setDue($invoice_due_date);
//Set from
$invoice->setFrom(array(COMPANY_NAME,COMPANY_ADDRESS_1,COMPANY_ADDRESS_2,COMPANY_COUNTY,COMPANY_POSTCODE,COMPANY_NUMBER,COMPANY_VAT));
//Set to
$invoice->setTo(array($customer_name,$customer_address_1,$customer_address_2,$customer_town,$customer_county,$customer_postcode,"Phone: ".$customer_phone));
//Ship to
$invoice->shipTo(array($customer_name_ship,$customer_address_1_ship,$customer_address_2_ship,$customer_town_ship,$customer_county_ship,$customer_postcode_ship,''));
//Add items
// invoice product items
foreach($_POST['invoice_product'] as $key => $value) {
$item_product = $value;
// $item_description = $_POST['invoice_product_desc'][$key];
$item_qty = $_POST['invoice_product_qty'][$key];
$item_price = $_POST['invoice_product_price'][$key];
$item_discount = $_POST['invoice_product_discount'][$key];
$item_subtotal = $_POST['invoice_product_sub'][$key];
if(ENABLE_VAT == true) {
$item_vat = (VAT_RATE / 100) * $item_subtotal;
}
$invoice->addItem($item_product,'',$item_qty,$item_vat,$item_price,$item_discount,$item_subtotal);
}
//Add totals
$invoice->addTotal("Total",$invoice_subtotal);
if(!empty($invoice_discount)) {
$invoice->addTotal("Discount",$invoice_discount);
}
if(!empty($invoice_shipping)) {
$invoice->addTotal("Delivery",$invoice_shipping);
}
if(ENABLE_VAT == true) {
$invoice->addTotal("TAX/VAT ".VAT_RATE."%",$invoice_vat);
}
$invoice->addTotal("Total Due",$invoice_total,true);
//Add Badge
$invoice->addBadge($invoice_status);
// Customer notes:
if(!empty($invoice_notes)) {
$invoice->addTitle("Cusatomer Notes");
$invoice->addParagraph($invoice_notes);
}
//Add Title
$invoice->addTitle("Payment information");
//Add Paragraph
$invoice->addParagraph(PAYMENT_DETAILS);
//Set footer note
$invoice->setFooternote(FOOTER_NOTE);
//Render the PDF
$invoice->render('invoices/'.$invoice_number.'.pdf','F');
} else {
// if unable to create invoice
echo json_encode(array(
'status' => 'Error',
'message' => 'There has been an error, please try again.'
// debug
//'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
//close database connection
$mysqli->close();
}
// Adding new product
if($action == 'delete_invoice') {
// Connect to the database
$mysqli = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
// output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
$id = $_POST["delete"];
// the query
$query = "DELETE FROM invoices WHERE invoice = ".$id.";";
$query .= "DELETE FROM customers WHERE invoice = ".$id.";";
$query .= "DELETE FROM invoice_items WHERE invoice = ".$id.";";
unlink('invoices/'.$id.'.pdf');
if($mysqli -> multi_query($query)) {
//if saving success
echo json_encode(array(
'status' => 'Success',
'message'=> 'Product has been deleted successfully!'
));
} else {
//if unable to create new record
echo json_encode(array(
'status' => 'Error',
//'message'=> 'There has been an error, please try again.'
'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
// close connection
$mysqli->close();
}
// Adding new product
if($action == 'update_customer') {
// Connect to the database
$mysqli = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
// output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
$getID = $_POST['id']; // id
// invoice customer information
// billing
$customer_name = $_POST['customer_name']; // customer name
$customer_email = $_POST['customer_email']; // customer email
$customer_address_1 = $_POST['customer_address_1']; // customer address
$customer_address_2 = $_POST['customer_address_2']; // customer address
$customer_town = $_POST['customer_town']; // customer town
$customer_county = $_POST['customer_county']; // customer county
$customer_postcode = $_POST['customer_postcode']; // customer postcode
$customer_phone = $_POST['customer_phone']; // customer phone number
//shipping
$customer_name_ship = $_POST['customer_name_ship']; // customer name (shipping)
$customer_address_1_ship = $_POST['customer_address_1_ship']; // customer address (shipping)
$customer_address_2_ship = $_POST['customer_address_2_ship']; // customer address (shipping)
$customer_town_ship = $_POST['customer_town_ship']; // customer town (shipping)
$customer_county_ship = $_POST['customer_county_ship']; // customer county (shipping)
$customer_postcode_ship = $_POST['customer_postcode_ship']; // customer postcode (shipping)
// the query
$query = "UPDATE store_customers SET
name = '".$customer_name."',
email = '".$customer_email."',
address_1 = '".$customer_address_1."',
address_2 = '".$customer_address_2."',
town = '".$customer_town."',
county = '".$customer_county."',
postcode = '".$customer_postcode."',
phone = '".$customer_phone."',
name_ship = '".$customer_name_ship."',
address_1_ship = '".$customer_address_1_ship."',
address_2_ship = '".$customer_address_2_ship."',
town_ship = '".$customer_town_ship."',
county_ship = '".$customer_county_ship."',
postcode_ship = '".$customer_postcode_ship."'
WHERE invoice = '".$getID. "'
";
//execute the query
if($mysqli -> query($query)) {
//if saving success
echo json_encode(array(
'status' => 'Success',
'message'=> 'Customer has been updated successfully!'
));
} else {
//if unable to create new record
echo json_encode(array(
'status' => 'Error',
//'message'=> 'There has been an error, please try again.'
'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
//close database connection
$mysqli->close();
}
$query1 = "INSERT INTO invoices (
invoice,
invoice_date
) VALUES (?, ?);
";
$stmt = $mysqli->prepare($query1);
$stmt->bind_param("ss", $invoice, $invoice_date);
$stmt->execute();
$stmt->close();
$invoice = $mysqli->insert_id;
// insert customer details into database
$query2 = "INSERT INTO customers (
invoice,
name
) VALUES (?,?)"
$stmt = $mysqli->prepare($query2);
$stmt->bind_param("ss", $invoice, $name);
$stmt->execute();
$stmt->close();
//调试
//'消息'=>'出现错误,请重试。'.$mysqli->错误。'.$query'。'
// Create invoice
if ($action == 'create_invoice'){
// invoice customer information
// billing
$customer_name = $_POST['customer_name']; // customer name
$customer_email = $_POST['customer_email']; // customer email
$customer_address_1 = $_POST['customer_address_1']; // customer address
$customer_address_2 = $_POST['customer_address_2']; // customer address
$customer_town = $_POST['customer_town']; // customer town
$customer_county = $_POST['customer_county']; // customer county
$customer_postcode = $_POST['customer_postcode']; // customer postcode
$customer_phone = $_POST['customer_phone']; // customer phone number
//shipping
$customer_name_ship = $_POST['customer_name_ship']; // customer name (shipping)
$customer_address_1_ship = $_POST['customer_address_1_ship']; // customer address (shipping)
$customer_address_2_ship = $_POST['customer_address_2_ship']; // customer address (shipping)
$customer_town_ship = $_POST['customer_town_ship']; // customer town (shipping)
$customer_county_ship = $_POST['customer_county_ship']; // customer county (shipping)
$customer_postcode_ship = $_POST['customer_postcode_ship']; // customer postcode (shipping)
// invoice details
$invoice_number = $_POST['invoice_id']; // invoice number
$invoice_date = $_POST['invoice_date']; // invoice date
$invoice_due_date = $_POST['invoice_due_date']; // invoice due date
$invoice_subtotal = $_POST['invoice_subtotal']; // invoice sub-total
$invoice_shipping = $_POST['invoice_shipping']; // invoice shipping amount
$invoice_discount = $_POST['invoice_discount']; // invoice discount
$invoice_vat = $_POST['invoice_vat']; // invoice vat
$invoice_total = $_POST['invoice_total']; // invoice total
$invoice_notes = $_POST['invoice_notes']; // Invoice notes
$invoice_type = $_POST['invoice_type']; // Invoice type
$invoice_status = $_POST['invoice_status']; // Invoice status
// insert invoice into database
$query = "INSERT INTO invoices (
invoice,
invoice_date,
invoice_due_date,
subtotal,
shipping,
discount,
vat,
total,
notes,
invoice_type,
status
) VALUES (
'".$invoice_number."',
'".$invoice_date."',
'".$invoice_due_date."',
'".$invoice_subtotal."',
'".$invoice_shipping."',
'".$invoice_discount."',
'".$invoice_vat."',
'".$invoice_total."',
'".$invoice_notes."',
'".$invoice_type."',
'".$invoice_status."'
);
";
// insert customer details into database
$query .= "INSERT INTO customers (
invoice,
name,
email,
address_1,
address_2,
town,
county,
postcode,
phone,
name_ship,
address_1_ship,
address_2_ship,
town_ship,
county_ship,
postcode_ship
) VALUES (
'".$invoice_number."',
'".$customer_name."',
'".$customer_email."',
'".$customer_address_1."',
'".$customer_address_2."',
'".$customer_town."',
'".$customer_county."',
'".$customer_postcode."',
'".$customer_phone."',
'".$customer_name_ship."',
'".$customer_address_1_ship."',
'".$customer_address_2_ship."',
'".$customer_town_ship."',
'".$customer_county_ship."',
'".$customer_postcode_ship."'
);
";
// invoice product items
foreach($_POST['invoice_product'] as $key => $value) {
$item_product = $value;
// $item_description = $_POST['invoice_product_desc'][$key];
$item_qty = $_POST['invoice_product_qty'][$key];
$item_price = $_POST['invoice_product_price'][$key];
$item_discount = $_POST['invoice_product_discount'][$key];
$item_subtotal = $_POST['invoice_product_sub'][$key];
// insert invoice items into database
$query .= "INSERT INTO invoice_items (
invoice,
product,
qty,
price,
discount,
subtotal
) VALUES (
'".$invoice_number."',
'".$item_product."',
'".$item_qty."',
'".$item_price."',
'".$item_discount."',
'".$item_subtotal."'
);
";
}
header('Content-Type: application/json');
// execute the query
if($mysqli -> multi_query($query)){
//if saving success
echo json_encode(array(
'status' => 'Success',
'message' => 'Invoice has been created successfully!'
));
//Set default date timezone
date_default_timezone_set(TIMEZONE);
//Include Invoicr class
include('invoice.php');
//Create a new instance
$invoice = new invoicr("A4",CURRENCY,"en");
//Set number formatting
$invoice->setNumberFormat('.',',');
//Set your logo
$invoice->setLogo(COMPANY_LOGO,COMPANY_LOGO_WIDTH,COMPANY_LOGO_HEIGHT);
//Set theme color
$invoice->setColor(INVOICE_THEME);
//Set type
$invoice->setType($invoice_type);
//Set reference
$invoice->setReference($invoice_number);
//Set date
$invoice->setDate($invoice_date);
//Set due date
$invoice->setDue($invoice_due_date);
//Set from
$invoice->setFrom(array(COMPANY_NAME,COMPANY_ADDRESS_1,COMPANY_ADDRESS_2,COMPANY_COUNTY,COMPANY_POSTCODE,COMPANY_NUMBER,COMPANY_VAT));
//Set to
$invoice->setTo(array($customer_name,$customer_address_1,$customer_address_2,$customer_town,$customer_county,$customer_postcode,"Phone: ".$customer_phone));
//Ship to
$invoice->shipTo(array($customer_name_ship,$customer_address_1_ship,$customer_address_2_ship,$customer_town_ship,$customer_county_ship,$customer_postcode_ship,''));
//Add items
// invoice product items
foreach($_POST['invoice_product'] as $key => $value) {
$item_product = $value;
// $item_description = $_POST['invoice_product_desc'][$key];
$item_qty = $_POST['invoice_product_qty'][$key];
$item_price = $_POST['invoice_product_price'][$key];
$item_discount = $_POST['invoice_product_discount'][$key];
$item_subtotal = $_POST['invoice_product_sub'][$key];
if(ENABLE_VAT == true) {
$item_vat = (VAT_RATE / 100) * $item_subtotal;
}
$invoice->addItem($item_product,'',$item_qty,$item_vat,$item_price,$item_discount,$item_subtotal);
}
//Add totals
$invoice->addTotal("Total",$invoice_subtotal);
if(!empty($invoice_discount)) {
$invoice->addTotal("Discount",$invoice_discount);
}
if(!empty($invoice_shipping)) {
$invoice->addTotal("Delivery",$invoice_shipping);
}
if(ENABLE_VAT == true) {
$invoice->addTotal("TAX/VAT ".VAT_RATE."%",$invoice_vat);
}
$invoice->addTotal("Total Due",$invoice_total,true);
//Add Badge
$invoice->addBadge($invoice_status);
// Customer notes:
if(!empty($invoice_notes)) {
$invoice->addTitle("Cusatomer Notes");
$invoice->addParagraph($invoice_notes);
}
//Add Title
$invoice->addTitle("Payment information");
//Add Paragraph
$invoice->addParagraph(PAYMENT_DETAILS);
//Set footer note
$invoice->setFooternote(FOOTER_NOTE);
//Render the PDF
$invoice->render('invoices/'.$invoice_number.'.pdf','F');
} else {
// if unable to create invoice
echo json_encode(array(
'status' => 'Error',
'message' => 'There has been an error, please try again.'
// debug
//'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
//close database connection
$mysqli->close();
}
// Adding new product
if($action == 'delete_invoice') {
// Connect to the database
$mysqli = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
// output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
$id = $_POST["delete"];
// the query
$query = "DELETE FROM invoices WHERE invoice = ".$id.";";
$query .= "DELETE FROM customers WHERE invoice = ".$id.";";
$query .= "DELETE FROM invoice_items WHERE invoice = ".$id.";";
unlink('invoices/'.$id.'.pdf');
if($mysqli -> multi_query($query)) {
//if saving success
echo json_encode(array(
'status' => 'Success',
'message'=> 'Product has been deleted successfully!'
));
} else {
//if unable to create new record
echo json_encode(array(
'status' => 'Error',
//'message'=> 'There has been an error, please try again.'
'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
// close connection
$mysqli->close();
}
// Adding new product
if($action == 'update_customer') {
// Connect to the database
$mysqli = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
// output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
$getID = $_POST['id']; // id
// invoice customer information
// billing
$customer_name = $_POST['customer_name']; // customer name
$customer_email = $_POST['customer_email']; // customer email
$customer_address_1 = $_POST['customer_address_1']; // customer address
$customer_address_2 = $_POST['customer_address_2']; // customer address
$customer_town = $_POST['customer_town']; // customer town
$customer_county = $_POST['customer_county']; // customer county
$customer_postcode = $_POST['customer_postcode']; // customer postcode
$customer_phone = $_POST['customer_phone']; // customer phone number
//shipping
$customer_name_ship = $_POST['customer_name_ship']; // customer name (shipping)
$customer_address_1_ship = $_POST['customer_address_1_ship']; // customer address (shipping)
$customer_address_2_ship = $_POST['customer_address_2_ship']; // customer address (shipping)
$customer_town_ship = $_POST['customer_town_ship']; // customer town (shipping)
$customer_county_ship = $_POST['customer_county_ship']; // customer county (shipping)
$customer_postcode_ship = $_POST['customer_postcode_ship']; // customer postcode (shipping)
// the query
$query = "UPDATE store_customers SET
name = '".$customer_name."',
email = '".$customer_email."',
address_1 = '".$customer_address_1."',
address_2 = '".$customer_address_2."',
town = '".$customer_town."',
county = '".$customer_county."',
postcode = '".$customer_postcode."',
phone = '".$customer_phone."',
name_ship = '".$customer_name_ship."',
address_1_ship = '".$customer_address_1_ship."',
address_2_ship = '".$customer_address_2_ship."',
town_ship = '".$customer_town_ship."',
county_ship = '".$customer_county_ship."',
postcode_ship = '".$customer_postcode_ship."'
WHERE invoice = '".$getID. "'
";
//execute the query
if($mysqli -> query($query)) {
//if saving success
echo json_encode(array(
'status' => 'Success',
'message'=> 'Customer has been updated successfully!'
));
} else {
//if unable to create new record
echo json_encode(array(
'status' => 'Error',
//'message'=> 'There has been an error, please try again.'
'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
));
}
//close database connection
$mysqli->close();
}
$query1 = "INSERT INTO invoices (
invoice,
invoice_date
) VALUES (?, ?);
";
$stmt = $mysqli->prepare($query1);
$stmt->bind_param("ss", $invoice, $invoice_date);
$stmt->execute();
$stmt->close();
$invoice = $mysqli->insert_id;
// insert customer details into database
$query2 = "INSERT INTO customers (
invoice,
name
) VALUES (?,?)"
$stmt = $mysqli->prepare($query2);
$stmt->bind_param("ss", $invoice, $name);
$stmt->execute();
$stmt->close();
));
}
//关闭数据库连接
$mysqli->close();
}
我需要帮助的例子有:
$stmt = $conn->prepare("update tablename set var1= ? var2 = ? where var3 = ?");
$stmt->bind_param("ssi", $var1, $var2, $var3);
$stmt->execute();
$stmt->close();
//创建发票
如果($action==“创建发票”){
//发票客户信息
//账单
$customer\u name=$\u POST['customer\u name'];//客户名称
$customer\u email=$\u POST['customer\u email'];//客户电子邮件
$customer\u address\u 1=$\u POST['customer\u address\u 1'];//客户地址
$customer\u address\u 2=$\u POST['customer\u address\u 2'];//客户地址
$customer\u town=$\u POST['customer\u town'];//customer town
$customer\u county=$\u POST['customer\u county'];//客户县
$customer\u postcode=$\u POST['customer\u postcode'];//客户邮政编码
$customer\u phone=$\u POST['customer\u phone'];//客户电话号码
//船运
$customer\u name\u ship=$\u POST['customer\u name\u ship'];//客户名称(发货)
$customer\u address\u 1\u ship=$\u POST['customer\u address\u 1\u ship'];//客户地址(配送)
$customer\u address\u 2\u ship=$\u POST['customer\u address\u 2\u ship'];//客户地址(配送)
$customer\u town\u ship=$\u POST['customer\u town\u ship'];//customer town(shipping)
$customer\u county\u ship=$\u POST['customer\u county\u ship'];//customer county(shipping)
$customer_postcode_ship=$_POST['customer_postcode_ship'];//客户邮政编码(配送)
//发票明细
$invoice\u number=$\u POST['invoice\u id'];//发票号
$invoice\u date=$\u POST['invoice\u date'];//发票日期
$invoice_due_date=$_POST['invoice_due_date'];//发票到期日
$invoice\u subtotal=$\u POST['invoice\u subtotal'];//发票小计
$invoice\u shipping=$\u POST['invoice\u shipping'];//发票发货金额
$invoice\u折扣=$\u POST['invoice\u折扣];//发票折扣
$invoice\u vat=$\u POST['invoice\u vat'];//发票vat
$invoice\u total=$\u POST['invoice\u total'];//发票总额
$invoice\u notes=$\u POST['invoice\u notes'];//发票备注
$invoice\u type=$\u POST['invoice\u type'];//发票类型
$invoice\u status=$\u POST['invoice\u status'];//发票状态
//将发票插入数据库