Php <;tr onclick="&引用&燃气轮机;更新数据库ajax
我有一个选择客户页面,当您单击表行时,它应该设置当前正在生成的订单的客户id 这是我已经拥有的,但它没有获取客户的id,而是将客户设置为0Php <;tr onclick="&引用&燃气轮机;更新数据库ajax,php,mysql,ajax,Php,Mysql,Ajax,我有一个选择客户页面,当您单击表行时,它应该设置当前正在生成的订单的客户id 这是我已经拥有的,但它没有获取客户的id,而是将客户设置为0 function selectcust(str) { if (str=="") { document.getElementByid("description").innerHTML=""; return; } if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome,
function selectcust(str)
{
if (str=="")
{
document.getElementByid("description").innerHTML="";
return;
}
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("description").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","php/insertcust.php?order=<?php echo $order; ?>&id="+str,true);
xmlhttp.send();
}
表行是
echo"
<tr value='" . $row[id] . "' onclick='selectcust(this.value)'><td>" . $row['surname'] . "</td><td>" . $row['firstname'] . "</td><td>" . $row['Postcode'] . "</td><td>" . $row['Houseno'] . "</td><td>" . $row['org'] . "</td><td>" . $row[id] . "</td></tr>"
;
echo”
" . $第[‘姓’]行。"" . $行['firstname']。"" . $第[‘邮政编码’]行。"" . $第['Houseno'行]。"" . $第['org'行]。"" . $行[id]。""
;
表行不应具有值或值属性。尝试使用唯一的ID属性:
echo "<tr id='" . $row[id] . "' onclick='selectcust(this.id)'><td> <input type='text' src='images/btn_delete.png' value='" . $row[id] . "' onfocus='selectcust(this.value)' height='30'/>" . $row['surname'] . "</td><td>" . $row['firstname'] . "</td><td>" . $row['Postcode'] . "</td><td>" . $row['Houseno'] . "</td><td>" . $row['org'] . "</td><td>" . $row[id] . "</td></tr>";
echo”“$第[‘姓’]行。"" . $行['firstname']。"" . $第[‘邮政编码’]行。"" . $第['Houseno'行]。"" . $第['org'行]。"" . $行[id]。"";
现在,请使用一些技巧使其可读
$tr = <<<HTML
<tr id="{$row["id"]}" onclick="selectcust(this.id)">
<td>
<input type="text" src="images/btn_delete.png" value="{$row[id]}" onfocus="selectcust(this.value)" height="30"/>
{$row["surname"]}
</td>
<td>
{$row["firstname"]}
</td>
<td>
{$row["Postcode"]}
</td>
<td>
{$row["Houseno"]}
</td>
<td>
{$row["org"]}
</td>
<td>
{$row["id"]}
</td>
</tr>
HTML;
$tr=而不是使用this.value传递值
试一试
这里有很多危险信号,但没有什么我们不能处理的
$mysqli = new mysqli(URL, DATABASE_USERNAME, DATABASE_PASSWORD, DATABASE_NAME);
$id = $_GET['id'];
$order = $_GET['order'];
include('config.php');
//The old mysql_query is now depreciated. Users now are to switch to mysqli or PDO
//The below is in mysqli and uses a prepared statement to protect against SQL injection
//attacks
$stmt = $mysqli->prepare("UPDATE `sales` SET customernumber=? WHERE invoice=?") or die("Error: " . $mysqli->error); //Set-up query, die and return error if it fails
$stmt->bind_param('ii', $id, $order); //Bind the paramaters to the query
$stmt->execute() or die("Error: " . $mysqli->error); //Execute the query or die and return the error if it fails
echo $id;
下一节:
$stmt = $mysqli->prepare("SELECT id, surname, firstname, Postcode, Houseno, org FROM sales") or die("Error: " . $mysqli->error);
$stmt->execute() or die("Error: " . $mysqli->error);
$stmt->bind_result($custid, $surname, $firstname, $Postcode, $Houseno, $org); //Bind the results from the query to variables
$stmt->store_result(); //Store the result so you can do other queries without triggering errors
while($stmt->fetch()) {?>
//Instead of echoing you can write the following OUTSIDE of the `<?php` tags and then
//use the `<?= ?>` shortcut tags to output it where you need it.
<tr value="<?=$custid?>" onclick="selectcust(<?=$custid?>)">
<td>
<input type='button' src='images/btn_delete.png' value="<?=$row[id]?>" onfocus="selectcust(<?=$custid?>)" height='30'/>
<?=$surname?>
</td>
<td><?=$firstname?></td>
<td><?=$Postcode?></td>
<td><?=$Houseno?></td>
<td><?=$org?></td>
<td><?=$custid?></td>
</tr>
$stmt=$mysqli->prepare(“从销售中选择id、姓氏、名字、邮政编码、门牌号、组织”)或die(“错误:”..$mysqli->Error);
$stmt->execute()或die(“错误:”.$mysqli->Error);
$stmt->bind_result($custid、$姓氏、$firstname、$Postcode、$Houseno、$org)//将查询结果绑定到变量
$stmt->store_result()//存储结果,以便在不触发错误的情况下执行其他查询
而($stmt->fetch()){?>
//您可以在``快捷方式标记之外编写以下内容,将其输出到您需要的地方,而不是回显。
您是否打算使用您是否考虑过使用jQuery简化您的代码?代码中的可爱漏洞。享受您的服务器pwn3d。
$mysqli = new mysqli(URL, DATABASE_USERNAME, DATABASE_PASSWORD, DATABASE_NAME);
$id = $_GET['id'];
$order = $_GET['order'];
include('config.php');
//The old mysql_query is now depreciated. Users now are to switch to mysqli or PDO
//The below is in mysqli and uses a prepared statement to protect against SQL injection
//attacks
$stmt = $mysqli->prepare("UPDATE `sales` SET customernumber=? WHERE invoice=?") or die("Error: " . $mysqli->error); //Set-up query, die and return error if it fails
$stmt->bind_param('ii', $id, $order); //Bind the paramaters to the query
$stmt->execute() or die("Error: " . $mysqli->error); //Execute the query or die and return the error if it fails
echo $id;
$stmt = $mysqli->prepare("SELECT id, surname, firstname, Postcode, Houseno, org FROM sales") or die("Error: " . $mysqli->error);
$stmt->execute() or die("Error: " . $mysqli->error);
$stmt->bind_result($custid, $surname, $firstname, $Postcode, $Houseno, $org); //Bind the results from the query to variables
$stmt->store_result(); //Store the result so you can do other queries without triggering errors
while($stmt->fetch()) {?>
//Instead of echoing you can write the following OUTSIDE of the `<?php` tags and then
//use the `<?= ?>` shortcut tags to output it where you need it.
<tr value="<?=$custid?>" onclick="selectcust(<?=$custid?>)">
<td>
<input type='button' src='images/btn_delete.png' value="<?=$row[id]?>" onfocus="selectcust(<?=$custid?>)" height='30'/>
<?=$surname?>
</td>
<td><?=$firstname?></td>
<td><?=$Postcode?></td>
<td><?=$Houseno?></td>
<td><?=$org?></td>
<td><?=$custid?></td>
</tr>