编辑按钮以打开新的 window 以允许使用 PHP 代码编辑和更新 Sql 服务器
Edit Button to open new window to allow edits and update Sql Server with PHP code
仍在学习 PHP 所以这可能与其他人一样,但有问题。
我想单击上一个屏幕上的编辑,它会打开更新记录 window(下图),当 window 打开时,它将具有先前的条件 selected,但允许用户更改记录。我在更新屏幕中有多个下拉列表,因为部门和事物是从其他 SQL 服务器表中提取的。它不允许我将它们全部放在下拉列表中以便 select 新标准(如果需要更新记录)。
我只是不确定我可能需要使用的代码,因为在 php 代码中设置了从 sql 服务器拉取的下拉菜单,并且它可以工作。不确定为什么在编辑 select 时不会从视图屏幕中提取信息以提取已选择的交易和条件。
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_REQUEST['transaction_id'];
$sql = "SELECT * FROM [Transaction]where
transaction_id='" . $transaction_id . "'";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
$row = sqlsrv_fetch_array($query);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if (isset($_POST['new']) && $_POST['new'] == 1) {
$transaction_id = $_REQUEST['transaction_id'];
$fund = $_REQUEST['fund'];
$department = $_REQUEST['department'];
$code_name = $_REQUEST['code_name'];
$budget_year = $_REQUEST['budget_year'];
$entry_date = $_REQUEST['entry_date'];
$project_name = $_REQUEST['project_name'];
$item_desc = $_REQUEST['item_desc'];
$amount = $_REQUEST['amount'];
$detail = $_REQUEST['detail'];
$PO = $_REQUEST['PO'];
$modified = $_REQUEST['modified'];
$update = "update [Transaction] set
fund='" . $fund . "',
department='" . $department . "',
code_name='" . $code_name . "',
budget_year='" . $budget_year . "',
entry_date='" . $entry_date . "',
project_name='" . $project_name . "',
item_desc='" . $item_desc . "',
amount='" . $amount . "',
detail='" . $detail . "',
PO='" . $PO . "'
where transaction_id='" . $transaction_id . "'";
sqlsrv_query($conn, $sql);
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="new" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $row['transaction_id']; ?>" />
<p>Fund:
<?php
echo "<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Funding";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
if ($row['fund'] == "Operational") {
$selected = ' selected="selected"';
} else {
$selected = "";
}
echo '<option value=" ' . $row['fund'] . '"' . (($row['fund'] == "Operational") ? ' selected="selected"' : "") . '>' . $row['fund'] . '</option>';
echo '<option value= " ' . $row['fund'] . ' ">' . $row['fund'] . '</option>';
continue;
}
?>
</p>
<p>Department:
<?php
echo "<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Department";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo "<option selected='selected' value='" . $row['department'] . "'>" . $row['department'] . '</option>';
continue;
}
echo "<option value='" . $row['department'] . "'>" . $row['department'] . '</option>';
?>
</p>
<p>Object Code:
<?php
echo "<select name= 'code_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
echo '<option value="$code_name">' . '--Select Object Code' . '</option>';
$sql = "SELECT code_name FROM Object_Code";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo "<option selected='selected' value='" . $row['code_name'] . "'>" . $row['code_name'] . '</option>';
continue;
}
echo "<option value='" . $row['code_name'] . "'>" . $row['code_name'] . '</option>';
?>
</p>
<p>Budget Year:
<select name= 'budget_year' class='form-control selectpicker' onChange='getState(this.value)' Required>
<option selected="selected" value="2018-2019">2018-2019</option>
<option value="2017-2018">2017-2018</option>
<option value="2019-2020">2019-2020</option>
<option value="2020-2021">2020-2021</option>
<option value="2021-2022">2021-2022</option>
<option value="2022-2023">2022-2023</option>
<option value="2023-2024">2023-2024</option>
<option value="2024-2025">2024-2025</option>
<option value="2025-2026">2025-2026</option>
<option value="2026-2027">2026-2027</option>
<option value="2027-2028">2027-2028</option>
<option value="2028-2029">2028-2029</option>
<option value="2029-2030">2029-2030</option>
</select>
</p>
<p>Transaction Entry Date:
<input type="date" name="entry_date" />
</p>
<p>Project:
<?php
echo "<select name= 'project_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT project_name FROM Project";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo '<option value=" ' . $row['project_name'] . ' ">' . $row['project_name'] . '</option>';
continue;
}
?>
</p>
<p>Description:
<input type="text" name="item_desc">
</p>
<p>Amount:
<input type="number" name="amount" min="0" max="9999999" step="0.01" size ="7" />
</p>
<p>Detail:
<td><textarea name="detail"></textarea>
</p>
<p>PO:
<input type="text" name="PO" />
</p>
<p>
<input name="submit" type="submit" value="Update" />
</p>
</form>
<?php } ?>
</div>
</div>
</body>
</html>
Original Entry
Edit Button
一旦编辑按钮打开,我希望它打开一个 window 有点像原来的入口页面,这样我就可以选择另一个部门。或另一个下拉菜单并更新编辑按钮所在的事务 table。
我会按照这些思路尝试一些东西,我没有提供完整的示例,因为我真的没有时间,但你应该有足够的想法来完成其余的代码。
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_GET['transaction_id'];
$stm = $pdo->prepare("SELECT * FROM [Transaction] WHERE transaction_id = ?");
$stm->execute(array($transaction_id));
$transaction = $stmt->fetch(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if (isset($_POST['update']) && $_POST['update'] == 1) {
$transaction_id = $_POST['transaction_id'];
$fund = $_POST['fund'];
$department = $_POST['department'];
$code_name = $_POST['code_name'];
$budget_year = $_POST['budget_year'];
$entry_date = $_POST['entry_date'];
$project_name = $_POST['project_name'];
$item_desc = $_POST['item_desc'];
$amount = $_POST['amount'];
$detail = $_POST['detail'];
$PO = $_POST['PO'];
$modified = $_POST['modified'];
$stm = $pdo->prepare("UPDATE [Transaction] SET fund = ? , department = ? , code_name = ? , budget_year = ? , entry_date = ? , project_name = ? , item_desc = ? , amount = ? , detail = ? , PO = ?");
$res = $stm->execute(array($fund,$department,$code_name,$budget_year,$entry_date,$project_name,$item_desc,$amount,$detail,$PO));
if($res){
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
}else{
$status = "Record Update Failed.";
}
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="update" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $transaction['transaction_id']; ?>" />
<p>Fund:
<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>
<?php
$stm = $pdo->prepare("SELECT * FROM Funding");
$stm->execute();
$funding = $stmt->fetchAll();
foreach($funding as $row)) {
$fund = $row['fund'];
if ($transaction['fund'] == $fund) {
$selected = 'selected="selected"';
} else {
$selected = "";
}
echo "<option value=\"$fund\" $selected>$fund</option>";
}
?>
</select>
</p>
<p>Department:
<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>
<?php
$stm = $pdo->prepare("SELECT * FROM Department");
$stm->execute();
$department = $stmt->fetchAll();
foreach($department as $row) {
$department = $row['department'];
if ($transaction['department'] == $department) {
$selected = 'selected="selected"';
} else {
$selected = "";
}
echo "<option value=\"$department\" $selected>$department</option>";
}
?>
</select>
</p>
所以,首先使用准备好的语句,在你的旧代码中你有这个:
$transaction_id = $_REQUEST['transaction_id'];
$sql = "SELECT * FROM [Transaction]where
transaction_id='" . $transaction_id . "'";
如果 $transaction_id 的值为 1; DROP TABLE Transactions; 怎么办?然后发送到服务器的 SQL 查询字符串将如下所示:
SELECT * FROM [Transaction] WHERE transaction_id = 1; DROP TABLE Transactions;
然后您将丢失所有数据,我从 bobby-tables.com
中获取了这个基本示例
我建议使用 PDO 到 prepare 和 execute 您在 PHP 中的查询,我已经在上面的代码示例中简要介绍了语法.
现在,从这里开始,您的旧代码中有一些东西没有多大意义,我会尽可能多地列举;
您将更新查询存储在名为 $update 的变量中,然后使用名为 $sql
的变量执行查询
$update = "update [Transaction] set
fund='" . $fund . "',
department='" . $department . "',
code_name='" . $code_name . "',
budget_year='" . $budget_year . "',
entry_date='" . $entry_date . "',
project_name='" . $project_name . "',
item_desc='" . $item_desc . "',
amount='" . $amount . "',
detail='" . $detail . "',
PO='" . $PO . "'
where transaction_id='" . $transaction_id . "'";
sqlsrv_query($conn, $sql);
您最初在脚本开始时从数据库中获取事务并将该行存储在名为 $row 的变量中,然后稍后在脚本中执行许多查询以获取信息例如 'Funding' 都将他们的结果存储到一个名为 $row 的变量中,覆盖交易信息。只是在命名变量时更加准确,这将使代码更易于阅读并防止出现此类错误。
在select循环中,你使用了两次echo?并测试是否 $row['fund'] == 'Operational' 两次?
最后我将简要解释一下我的代码,这样您就可以完成剩下的部分了。
首先我们从 $_GET 请求中获取事务 ID,我们使用它从数据库中获取正确的行并将结果存储在关联数组名称 $transaction 中,因此稍后在代码,每当我们需要有关现有交易的信息时,我们都会使用此变量。
update语句我只是改成了prepared statement,在查询失败时加了else显示
我添加了结束 select 标签,因为你的标签不见了。对于资金和部门,我们做同样的事情,准备一个语句,将所有结果作为一个数组(适当命名)获取,然后 foreach 通过它们。在 foreach 的每次迭代中,我们将 $row 的值与相应的 $transaction 值(例如 $transaction['fund']==$row['fund'])进行比较,如果它们匹配,则选择它!如果它们不匹配,则 $selected 变量设置为空,因此对 option.
没有影响
好吧,这个答案比我预期的要长,可能漏掉了很多东西,但如果您有任何问题,请在下面留下!
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_GET['edit'];
$conn = sqlsrv_connect( $dbServer, $connectionInfo);
$sql = ("SELECT * FROM [Transaction] WHERE transaction_id = ?");
$parameters = array($transaction_id);
$MainQuery = sqlsrv_query($conn,$sql,$parameters);
/*if (!sqlsrv_query($conn, $sql)) {
die('An error has occurred. '.print_r(sqlsrv_errors()));
} else {
echo print_r MainQuery[0];
}*/
print_r($MainQuery[0]);
while($budget2=sqlsrv_fetch_array($MainQuery,SQLSRV_FETCH_ASSOC))
{
$ID =$budget2['transaction_id'];
$FUND =$budget2['fund'];
$DEPT =$budget2['department'];
$CODE =$budget2['code_name'];
$YEAR =$budget2['budget_year'];
$DATE =$budget2['entry_date'];
$PROJECT =$budget2['project_name'];
$DESC =$budget2['item_desc'];
$AMT =$budget2['amount'];
$DETAIL =$budget2['detail'];
$PO_NUM =$budget2['PO'];
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if(isset($_POST['update']) && $_POST['update']==1)
{
$transaction_id = $_POST['transaction_id'];
$fund = $_POST['fund'];
$department = $_POST['department'];
$code_name = $_POST['code_name'];
$budget_year = $_POST['budget_year'];
$entry_date = $_POST['entry_date'];
$project_name = $_POST['project_name'];
$item_desc = $_POST['item_desc'];
$amount = $_POST['amount'];
$detail = $_POST['detail'];
$PO = $_POST['PO'];
$stm = $pdo->prepare("UPDATE [Transaction] SET fund = ? , department = ? , code_name = ? , budget_year = ? , entry_date = ? , project_name = ? , item_desc = ? , amount = ? , detail = ? , PO = ?");
$res = $stm->execute(array($fund,$department,$code_name,$budget_year,$entry_date,$project_name,$item_desc,$amount,$detail,$PO));
if($res){
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
}else{
$status = "Record Update Failed.";
}
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="update" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $transaction_id;?>" />
<p>Fund:
<?php
echo "<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Funding";
$query_fund = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_fund,SQLSRV_FETCH_ASSOC))
{
echo $row['fund'].'=='.$FUND;
echo '<option value=" ' . $row['fund']. '"' . ((trim($row['fund']) == trim($FUND)) ? ' selected="selected"' : "").'>'.$row['fund']. '</option>';
//continue;
}
?>
</select>
</p>
<p>Department:
<?php
echo "<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT department FROM Department";
$query_dept = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_dept,SQLSRV_FETCH_ASSOC))
{
echo '<option value="' . $row['department']. '"';
if (trim($row['department']) == trim($DEPT)) {
echo " selected";
}
echo '>'.$row['department'] . '</option>' . "\n";
}
?>
</select>
</p>
<p>Object Code:
<?php
echo "<select name= 'code_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
echo '<option value="$code_name">'.'--Select Object Code'.'</option>';
$sql = "SELECT code_name FROM Object_Code";
$query_code = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_code,SQLSRV_FETCH_ASSOC))
{
echo '<option value=" ' . $row['code_name']. '"' . ((trim($row['code_name']) == trim($CODE)) ? ' selected="selected"' : "").'>'.$row['code_name']. '</option>';
}
?>
</select>
</p>
仍在学习 PHP 所以这可能与其他人一样,但有问题。 我想单击上一个屏幕上的编辑,它会打开更新记录 window(下图),当 window 打开时,它将具有先前的条件 selected,但允许用户更改记录。我在更新屏幕中有多个下拉列表,因为部门和事物是从其他 SQL 服务器表中提取的。它不允许我将它们全部放在下拉列表中以便 select 新标准(如果需要更新记录)。
我只是不确定我可能需要使用的代码,因为在 php 代码中设置了从 sql 服务器拉取的下拉菜单,并且它可以工作。不确定为什么在编辑 select 时不会从视图屏幕中提取信息以提取已选择的交易和条件。
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_REQUEST['transaction_id'];
$sql = "SELECT * FROM [Transaction]where
transaction_id='" . $transaction_id . "'";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
$row = sqlsrv_fetch_array($query);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if (isset($_POST['new']) && $_POST['new'] == 1) {
$transaction_id = $_REQUEST['transaction_id'];
$fund = $_REQUEST['fund'];
$department = $_REQUEST['department'];
$code_name = $_REQUEST['code_name'];
$budget_year = $_REQUEST['budget_year'];
$entry_date = $_REQUEST['entry_date'];
$project_name = $_REQUEST['project_name'];
$item_desc = $_REQUEST['item_desc'];
$amount = $_REQUEST['amount'];
$detail = $_REQUEST['detail'];
$PO = $_REQUEST['PO'];
$modified = $_REQUEST['modified'];
$update = "update [Transaction] set
fund='" . $fund . "',
department='" . $department . "',
code_name='" . $code_name . "',
budget_year='" . $budget_year . "',
entry_date='" . $entry_date . "',
project_name='" . $project_name . "',
item_desc='" . $item_desc . "',
amount='" . $amount . "',
detail='" . $detail . "',
PO='" . $PO . "'
where transaction_id='" . $transaction_id . "'";
sqlsrv_query($conn, $sql);
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="new" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $row['transaction_id']; ?>" />
<p>Fund:
<?php
echo "<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Funding";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
if ($row['fund'] == "Operational") {
$selected = ' selected="selected"';
} else {
$selected = "";
}
echo '<option value=" ' . $row['fund'] . '"' . (($row['fund'] == "Operational") ? ' selected="selected"' : "") . '>' . $row['fund'] . '</option>';
echo '<option value= " ' . $row['fund'] . ' ">' . $row['fund'] . '</option>';
continue;
}
?>
</p>
<p>Department:
<?php
echo "<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Department";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo "<option selected='selected' value='" . $row['department'] . "'>" . $row['department'] . '</option>';
continue;
}
echo "<option value='" . $row['department'] . "'>" . $row['department'] . '</option>';
?>
</p>
<p>Object Code:
<?php
echo "<select name= 'code_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
echo '<option value="$code_name">' . '--Select Object Code' . '</option>';
$sql = "SELECT code_name FROM Object_Code";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo "<option selected='selected' value='" . $row['code_name'] . "'>" . $row['code_name'] . '</option>';
continue;
}
echo "<option value='" . $row['code_name'] . "'>" . $row['code_name'] . '</option>';
?>
</p>
<p>Budget Year:
<select name= 'budget_year' class='form-control selectpicker' onChange='getState(this.value)' Required>
<option selected="selected" value="2018-2019">2018-2019</option>
<option value="2017-2018">2017-2018</option>
<option value="2019-2020">2019-2020</option>
<option value="2020-2021">2020-2021</option>
<option value="2021-2022">2021-2022</option>
<option value="2022-2023">2022-2023</option>
<option value="2023-2024">2023-2024</option>
<option value="2024-2025">2024-2025</option>
<option value="2025-2026">2025-2026</option>
<option value="2026-2027">2026-2027</option>
<option value="2027-2028">2027-2028</option>
<option value="2028-2029">2028-2029</option>
<option value="2029-2030">2029-2030</option>
</select>
</p>
<p>Transaction Entry Date:
<input type="date" name="entry_date" />
</p>
<p>Project:
<?php
echo "<select name= 'project_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT project_name FROM Project";
$query = sqlsrv_query($conn, $sql);
$query_display = sqlsrv_query($conn, $sql);
while ($row = sqlsrv_fetch_array($query_display, SQLSRV_FETCH_ASSOC)) {
echo '<option value=" ' . $row['project_name'] . ' ">' . $row['project_name'] . '</option>';
continue;
}
?>
</p>
<p>Description:
<input type="text" name="item_desc">
</p>
<p>Amount:
<input type="number" name="amount" min="0" max="9999999" step="0.01" size ="7" />
</p>
<p>Detail:
<td><textarea name="detail"></textarea>
</p>
<p>PO:
<input type="text" name="PO" />
</p>
<p>
<input name="submit" type="submit" value="Update" />
</p>
</form>
<?php } ?>
</div>
</div>
</body>
</html>
Original Entry Edit Button 一旦编辑按钮打开,我希望它打开一个 window 有点像原来的入口页面,这样我就可以选择另一个部门。或另一个下拉菜单并更新编辑按钮所在的事务 table。
我会按照这些思路尝试一些东西,我没有提供完整的示例,因为我真的没有时间,但你应该有足够的想法来完成其余的代码。
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_GET['transaction_id'];
$stm = $pdo->prepare("SELECT * FROM [Transaction] WHERE transaction_id = ?");
$stm->execute(array($transaction_id));
$transaction = $stmt->fetch(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if (isset($_POST['update']) && $_POST['update'] == 1) {
$transaction_id = $_POST['transaction_id'];
$fund = $_POST['fund'];
$department = $_POST['department'];
$code_name = $_POST['code_name'];
$budget_year = $_POST['budget_year'];
$entry_date = $_POST['entry_date'];
$project_name = $_POST['project_name'];
$item_desc = $_POST['item_desc'];
$amount = $_POST['amount'];
$detail = $_POST['detail'];
$PO = $_POST['PO'];
$modified = $_POST['modified'];
$stm = $pdo->prepare("UPDATE [Transaction] SET fund = ? , department = ? , code_name = ? , budget_year = ? , entry_date = ? , project_name = ? , item_desc = ? , amount = ? , detail = ? , PO = ?");
$res = $stm->execute(array($fund,$department,$code_name,$budget_year,$entry_date,$project_name,$item_desc,$amount,$detail,$PO));
if($res){
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
}else{
$status = "Record Update Failed.";
}
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="update" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $transaction['transaction_id']; ?>" />
<p>Fund:
<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>
<?php
$stm = $pdo->prepare("SELECT * FROM Funding");
$stm->execute();
$funding = $stmt->fetchAll();
foreach($funding as $row)) {
$fund = $row['fund'];
if ($transaction['fund'] == $fund) {
$selected = 'selected="selected"';
} else {
$selected = "";
}
echo "<option value=\"$fund\" $selected>$fund</option>";
}
?>
</select>
</p>
<p>Department:
<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>
<?php
$stm = $pdo->prepare("SELECT * FROM Department");
$stm->execute();
$department = $stmt->fetchAll();
foreach($department as $row) {
$department = $row['department'];
if ($transaction['department'] == $department) {
$selected = 'selected="selected"';
} else {
$selected = "";
}
echo "<option value=\"$department\" $selected>$department</option>";
}
?>
</select>
</p>
所以,首先使用准备好的语句,在你的旧代码中你有这个:
$transaction_id = $_REQUEST['transaction_id'];
$sql = "SELECT * FROM [Transaction]where
transaction_id='" . $transaction_id . "'";
如果 $transaction_id 的值为 1; DROP TABLE Transactions; 怎么办?然后发送到服务器的 SQL 查询字符串将如下所示:
SELECT * FROM [Transaction] WHERE transaction_id = 1; DROP TABLE Transactions;
然后您将丢失所有数据,我从 bobby-tables.com
中获取了这个基本示例我建议使用 PDO 到 prepare 和 execute 您在 PHP 中的查询,我已经在上面的代码示例中简要介绍了语法.
现在,从这里开始,您的旧代码中有一些东西没有多大意义,我会尽可能多地列举;
您将更新查询存储在名为
的变量执行查询$update的变量中,然后使用名为$sql$update = "update [Transaction] set fund='" . $fund . "', department='" . $department . "', code_name='" . $code_name . "', budget_year='" . $budget_year . "', entry_date='" . $entry_date . "', project_name='" . $project_name . "', item_desc='" . $item_desc . "', amount='" . $amount . "', detail='" . $detail . "', PO='" . $PO . "' where transaction_id='" . $transaction_id . "'"; sqlsrv_query($conn, $sql);您最初在脚本开始时从数据库中获取事务并将该行存储在名为
$row的变量中,然后稍后在脚本中执行许多查询以获取信息例如 'Funding' 都将他们的结果存储到一个名为$row的变量中,覆盖交易信息。只是在命名变量时更加准确,这将使代码更易于阅读并防止出现此类错误。在
select循环中,你使用了两次echo?并测试是否$row['fund'] == 'Operational'两次?
最后我将简要解释一下我的代码,这样您就可以完成剩下的部分了。
首先我们从 $_GET 请求中获取事务 ID,我们使用它从数据库中获取正确的行并将结果存储在关联数组名称 $transaction 中,因此稍后在代码,每当我们需要有关现有交易的信息时,我们都会使用此变量。
update语句我只是改成了prepared statement,在查询失败时加了else显示
我添加了结束 select 标签,因为你的标签不见了。对于资金和部门,我们做同样的事情,准备一个语句,将所有结果作为一个数组(适当命名)获取,然后 foreach 通过它们。在 foreach 的每次迭代中,我们将 $row 的值与相应的 $transaction 值(例如 $transaction['fund']==$row['fund'])进行比较,如果它们匹配,则选择它!如果它们不匹配,则 $selected 变量设置为空,因此对 option.
好吧,这个答案比我预期的要长,可能漏掉了很多东西,但如果您有任何问题,请在下面留下!
<?php
require('dbcon.php');
include("header.php");
$transaction_id = $_GET['edit'];
$conn = sqlsrv_connect( $dbServer, $connectionInfo);
$sql = ("SELECT * FROM [Transaction] WHERE transaction_id = ?");
$parameters = array($transaction_id);
$MainQuery = sqlsrv_query($conn,$sql,$parameters);
/*if (!sqlsrv_query($conn, $sql)) {
die('An error has occurred. '.print_r(sqlsrv_errors()));
} else {
echo print_r MainQuery[0];
}*/
print_r($MainQuery[0]);
while($budget2=sqlsrv_fetch_array($MainQuery,SQLSRV_FETCH_ASSOC))
{
$ID =$budget2['transaction_id'];
$FUND =$budget2['fund'];
$DEPT =$budget2['department'];
$CODE =$budget2['code_name'];
$YEAR =$budget2['budget_year'];
$DATE =$budget2['entry_date'];
$PROJECT =$budget2['project_name'];
$DESC =$budget2['item_desc'];
$AMT =$budget2['amount'];
$DETAIL =$budget2['detail'];
$PO_NUM =$budget2['PO'];
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Update Transaction</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Update Transaction</h1>
<?php
$status = "";
if(isset($_POST['update']) && $_POST['update']==1)
{
$transaction_id = $_POST['transaction_id'];
$fund = $_POST['fund'];
$department = $_POST['department'];
$code_name = $_POST['code_name'];
$budget_year = $_POST['budget_year'];
$entry_date = $_POST['entry_date'];
$project_name = $_POST['project_name'];
$item_desc = $_POST['item_desc'];
$amount = $_POST['amount'];
$detail = $_POST['detail'];
$PO = $_POST['PO'];
$stm = $pdo->prepare("UPDATE [Transaction] SET fund = ? , department = ? , code_name = ? , budget_year = ? , entry_date = ? , project_name = ? , item_desc = ? , amount = ? , detail = ? , PO = ?");
$res = $stm->execute(array($fund,$department,$code_name,$budget_year,$entry_date,$project_name,$item_desc,$amount,$detail,$PO));
if($res){
$status = "Record Updated Successfully. </br></br>
<a href='transactions.php'>View Updated Record</a>";
}else{
$status = "Record Update Failed.";
}
echo '<p style="color:#FF0000;">' . $status . '</p>';
} else {
?>
<div>
<form name="form" method="post" action="">
<input type="hidden" name="update" value="1" />
<input name="transaction_id" type="hidden" value="<?php echo $transaction_id;?>" />
<p>Fund:
<?php
echo "<select name= 'fund' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT * FROM Funding";
$query_fund = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_fund,SQLSRV_FETCH_ASSOC))
{
echo $row['fund'].'=='.$FUND;
echo '<option value=" ' . $row['fund']. '"' . ((trim($row['fund']) == trim($FUND)) ? ' selected="selected"' : "").'>'.$row['fund']. '</option>';
//continue;
}
?>
</select>
</p>
<p>Department:
<?php
echo "<select name= 'department' class='form-control selectpicker' onChange='getState(this.value)' Required>";
$sql = "SELECT department FROM Department";
$query_dept = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_dept,SQLSRV_FETCH_ASSOC))
{
echo '<option value="' . $row['department']. '"';
if (trim($row['department']) == trim($DEPT)) {
echo " selected";
}
echo '>'.$row['department'] . '</option>' . "\n";
}
?>
</select>
</p>
<p>Object Code:
<?php
echo "<select name= 'code_name' class='form-control selectpicker' onChange='getState(this.value)' Required>";
echo '<option value="$code_name">'.'--Select Object Code'.'</option>';
$sql = "SELECT code_name FROM Object_Code";
$query_code = sqlsrv_query($conn,$sql);
while($row=sqlsrv_fetch_array($query_code,SQLSRV_FETCH_ASSOC))
{
echo '<option value=" ' . $row['code_name']. '"' . ((trim($row['code_name']) == trim($CODE)) ? ' selected="selected"' : "").'>'.$row['code_name']. '</option>';
}
?>
</select>
</p>