使用php ajax在数据库中插入和更新不同的表
我正在尝试将数据插入tbl_股票,同时更新tbl_产品。到目前为止,我已经编写了以下ajax代码:使用php ajax在数据库中插入和更新不同的表,php,sql,ajax,Php,Sql,Ajax,我正在尝试将数据插入tbl_股票,同时更新tbl_产品。到目前为止,我已经编写了以下ajax代码: <script> $(document).ready(function() { $('#btn_stockin').click(function() { event.preventDefault(); /*Reading value from modal*/ var newS
<script>
$(document).ready(function() {
$('#btn_stockin').click(function() {
event.preventDefault();
/*Reading value from modal*/
var newStock = $('#txt_addstock').val();
var newPrice = $('#txt_addprice').val();
if(newStock == '' && newPrice == ''){
alert("Oops!, fill Text fields and try again.");
}else{
$.ajax({
method: 'POST',
url: 'stock-in.php',
data:{stock_up: newStock, cost: newPrice,
<?php
echo 'id: "'.$row->pid.'", oldstock: "'.$row->pstock.'", productcategory: "'.$row->pcategory.'", productname: "'.$row->pname.'", currentDate : "'.$savedate.'" '
?>
},
success:function(data){
$('#add_stock_modal').modal('hide');
return data;
}
});
}
});
});
</script>
$(文档).ready(函数(){
$('#btn_stockin')。单击(函数(){
event.preventDefault();
/*从模态函数读取值*/
var newStock=$('#txt_addstock').val();
var newPrice=$('#txt_addprice').val();
如果(newStock=''&&newPrice=''){
警报(“哦,请填写文本字段,然后重试。”);
}否则{
$.ajax({
方法:“POST”,
url:'stock in.php',
数据:{库存:newStock,成本:newPrice,
},
成功:功能(数据){
$('#add_stock_modal').modal('hide');
返回数据;
}
});
}
});
});
它调用stock in.php,并包含以下SQL代码
<?php
include_once'connectdb.php';
if($_SESSION['useremail']=="" OR $_SESSION['role']=="Admin"){
header('location:index.php');
}
if(isset($_POST['stock_up'])){
$product_category = $_POST['productcategory'];
$product_name = $_POST['productname'];
$current_date = $_POST['currentDate'];
$stockup = (int)$_POST['stock_up'];
$newPrice = (int)$_POST['cost'];
$id = $_POST['id'];
$oldstock = (int)$_POST['oldstock'];
$new_stock = $oldstock + $stockup;
$amount_owed = $newPrice * $stockup;
try {
//your stuff
$query="insert into tbl_stock(category_name,product_name,stock_in,stock_price,total_cost,stocked_date)
values('$product_category','$product_name','$stockup','$newPrice','$amount_owed','$current_date')");
$insert=$pdo->prepare($query);
$stmt = $insert->execute();
if($stmt){
$sql="UPDATE `tbl_product` SET `pstock` = ?, `purchaseprice` = ? WHERE pid= ? ";
$update=$pdo->prepare($sql);
$update->execute([$new_stock, $newPrice, $id]);
}else{
echo'Error in updating stock';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
}
?>
您开始使用PDO并创建准备好的语句,但随后直接在SQL命令中嵌入变量,从而破坏了良好的工作。我无法测试以下任何一项,但我希望它能有所帮助
<script>
<?php
$data=array(
'id' => $row->pid,
'oldstock' => $row->pstock,
'productcategory' => $row->pcategory,
'productname' => $row->pname,
'currentDate' => $savedate
);
printf('var json=%s;',json_encode($data));
?>
$(document).ready(function() {
$('#btn_stockin').click(function(event) {
event.preventDefault();
/*Reading value from modal*/
var newStock = $('#txt_addstock').val();
var newPrice = $('#txt_addprice').val();
if( newStock == '' && newPrice == '' ){
alert("Oops!, fill Text fields and try again.");
}else{
let args={
stock_up:newStock,
cost: newPrice
};
let payload=Object.assign(args,json);
$.ajax({
method:'POST',
url:'stock-in.php',
data:payload,
success:function(data){
$('#add_stock_modal').modal('hide');
window.location.reload();
}
});
}
});
});
</script>
<?php
#stock-in.php
/*
If you are using sessions you need to start a session!
*/
error_reporting( E_ALL );
session_start();
if( empty( $_SESSION['useremail'] ) OR empty( $_SESSION['role'] ) OR $_SESSION['role']=="Admin" ){
exit( header('Location: index.php') );
}
/*
Check that all fields that are required in the sql have been submitted
*/
if( isset(
$_POST['stock_up'],
$_POST['productcategory'],
$_POST['productname'],
$_POST['currentDate'],
$_POST['cost'],
$_POST['id'],
$_POST['oldstock']
) ){
try{
include_once 'connectdb.php';
/*
When inserting, updating multiple tables there is some sense in using a transaction
so that if one part fails the db is not littered with orphan records
*/
$pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$pdo->beginTransaction();
$product_category = $_POST['productcategory'];
$product_name = $_POST['productname'];
$current_date = $_POST['currentDate'];
$stockup = (int)$_POST['stock_up'];
$newPrice = (int)$_POST['cost'];
$id = $_POST['id'];
$oldstock = (int)$_POST['oldstock'];
$new_stock = $oldstock + $stockup;
$amount_owed = $newPrice * $stockup;
/*
The sql command should use placeholders rather than embedded fariables - the names are arbitrary
*/
$sql='insert into `tbl_stock` ( `category_name`, `product_name`, `stock_in`, `stock_price`, `total_cost`, `stocked_date` )
values
( :cat, :prod, :in, :price, :cost, :date )';
$stmt=$pdo->prepare( $sql );
$args=array(
':cat' => $product_category,
':prod' => $product_name,
':in' => $stockup,
':price' => $newPrice,
':cost' => $amount_owed,
':date' => $current_date
);
if( !$stmt->execute( $args ) )echo 'stmt#1 failed';
$sql='update `tbl_product` set `pstock` =:stock, `purchaseprice`=:price where `pid`=:pid';
$stmt=$pdo->prepare( $sql );
$args=array(
':stock' => $new_stock,
':price' => $newPrice,
':pid' => $id
);
if( !$stmt->execute( $args ) )echo 'stmt#2 failed';
/*
If it all went well, commit these statements to the db
*/
if( !$pdo->commit() )echo 'commit failed';
}catch( PDOException $e ){
/*
Any problems, rollback the transaction and report issues -
not necessarily with the full `getMessage()` ~ perhaps just
'Error!' etc
*/
$pdo->rollBack();
echo $e->getMessage();
}
}
?>
$(文档).ready(函数(){
$('#btn_stockin')。单击(函数(事件){
event.preventDefault();
/*从模态函数读取值*/
var newStock=$('#txt_addstock').val();
var newPrice=$('#txt_addprice').val();
如果(newStock=''&&newPrice=''){
警报(“哦,请填写文本字段,然后重试。”);
}否则{
让args={
库存:newStock,
费用:新价格
};
让payload=Object.assign(args,json);
$.ajax({
方法:'POST',
url:'stock-in.php',
数据:有效载荷,
成功:功能(数据){
$('#add_stock_modal').modal('hide');
window.location.reload();
}
});
}
});
});
请注意,插入查询容易受到SQL注入的攻击。考虑使用准备好的语句,与更新查询<代码> $INSER-> ExcUTEE()相同;这是错误的,方法execute()
返回一个布尔值,你需要得到它的返回值:$stmt=$insert->execute();
if($stmt){
if($\u SESSION['useremail']==”或$\u SESSION['role']=“Admin”){
你调用了SESSION u启动();
某处?顺便问一下,如果调用window.location.reload();
?“在重新加载后刷新页面,那么使用AJAX有什么意义?”…但是发明Ajax的全部原因是为了避免刷新整个页面…相反,您应该只刷新部分页面,使用JavaScript根据Ajax调用的响应更新内容。如果您只想在Ajax完成后刷新所有内容,那么您最好不要麻烦…只需在只需一次回发请求,就可以为您和您的用户节省一个额外的毫无意义的HTTP请求。非常感谢您。复制了您的代码,它工作得非常完美!!!!您确实是一位教授。确实是一位无所畏惧的吸血鬼狩猎教授-很高兴它有所帮助