MySQL 神秘地添加 VALUES
MySQL mysteriously adding VALUES
我的项目中有这段代码
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
con.query(sql, (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
})
})
});
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
然后我得到这个错误
即使我的 table 上只有 8 列并且 id 处于自动递增状态,它仍会向 VALUES 添加另外两列
罪魁祸首是什么?
我尝试了其他编码方式,比如没有子查询,但出于某种原因它仍然添加了这 3 个额外值
这是我其他项目的代码,但我没有使用 Select 因为我没有从其他 tables
获得其他值
.post("/send-data", (req,res)=>{
let order = req.body.OrderNo;
let quantity = req.body.quantity;
let first = req.body.fname,
last = req.body.lname,
contact = req.body.Contact,
email = req.body.emailAdd,
fb = req.body.facebook,
date = req.body.date,
delivery = req.body.delivery,
payment = req.body.payment,
time = req.body.time,
address = req.body.address;
[order].forEach((product, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO foodorder.orders (" +
"food_id," +
" qty,"+
" customer_FName," +
" customer_LName," +
" customer_address," +
" customer_number," +
" customer_email," +
" customer_facebook," +
" order_date," +
" delivery_option," +
" mode_of_payment," +
" delivery_time" +
") VALUES (" +
con.escape(product) + `,` +
con.escape(q) + `,` +
con.escape(first) + `,` +
con.escape(last) + `,` +
con.escape(address) + `,` +
con.escape(contact) + `,` +
con.escape(""+email) + `,` +
con.escape(fb) + `,` +
con.escape(date) + `,` +
con.escape(delivery) + `,` +
con.escape(payment) + `,` +
con.escape(time) +
`)`;
con.query(sql, (err,result) => {
if(!err){
res.redirect('thankyou.html');
}
else{
res.status(404).send('ERROR. Please Go back and Order Again');
}
})
})
});
为了巴尔马尔的回答
const dbconfig = require('../config/database');
const mysql = require('mysql2');
const con = mysql.createConnection(dbconfig.connection);
con.query('USE ' + dbconfig.database);
module.exports = function(app, passport) {
app.use((req, res, next)=>{
res.locals.filterdata;
next();
})
// LOGIN =========================
// ===============================
app.get('/', (req,res) =>{
res.redirect('/login');
});
app.get('/login', function(req, res) {
res.render(process.cwd() + '/pages/login', { message: req.flash('loginMessage') });
});
app.post('/login', passport.authenticate('local-login', {
successRedirect : '/profile',
failureRedirect : '/login',
failureFlash : true
}),
function(req, res) {
console.log("someone logged in");
if (req.body.remember) {
req.session.cookie.maxAge = 1000 * 60 * 3;
} else {
req.session.cookie.expires = false;
}
res.redirect('/');
});
// FORGOT PW =======================
// =================================
app.get('/forgot', function(req, res) {
res.render(process.cwd() + '/pages/forgot');
});
// PAGE ROUTES =====================
// =================================
app.get('/profile', isLoggedIn, (req, res)=> {
if (req.isAuthenticated() && (req.user.isAdmin === 1)) {
res.redirect('/admin');
}
else{
res.redirect('/cashier');
}
});
// ADMIN ROUTES =====================
// ==================================
app.get('/admin', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/history', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/history/form', isLoggedIn,(req,res)=>{
let sql = "SELECT * FROM receive"
let sql2 = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
con.query(sql2, (err2,result2)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/form', {data2:result2, data:result, user: req.user});
}
else{
res.status(404).send(err, err2);
}
})
});
});
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
console.log(sql);
con.query(sql,[product, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
console.log(sql);
res.status(404).send(err);
}
})
})
});
app.post('/history/form/confirmPrint', isLoggedIn, (req,res)=>{
let code = req.body.pcode, name = req.body.pname, unit = req.body.punit,
qty = req.body.qty, price = req.body.price, cust = req.body.orderedBy, oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = qty[index];
let sql = "INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (?,?,?,?,?,?,?)"
con.query(sql,[product, name, unit, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
})
});
app.get('/admin/stocks', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM receive"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/stocks', {data: result, user: req.user});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/receive', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', date)
res.render(process.cwd() + '/pages/admin/receive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage'),
message: req.flash('receiveMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/receive/edit', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', "" + date)
res.render(process.cwd() + '/pages/admin/editReceive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/delete', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/save', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// FILTER ADMIN ROUTES =====================
// =========================================
app.post('/receive/filter', isLoggedIn, (req,res)=>{
let date2 = req.body.date;
filterdata = date2;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date2], (err,result)=>{
if (!err){
req.flash('dateMessage', date2)
res.render(process.cwd() + '/pages/admin/receiveFltr', {
data: result,
user: req.user,
message: req.flash('receiveMessage'),
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit', isLoggedIn, (req,res)=>{
let date3 = filterdata;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date3], (err,result)=>{
if (!err){
req.flash('dateMessage', date3)
res.render(process.cwd() + '/pages/admin/editReceiveFltr', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/delete', isLoggedIn, (req,res)=>{
let date = filterdata;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/save', isLoggedIn, (req,res)=>{
let date = filterdata;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// CASHIER ROUTES =====================
// =================================
// LOGOUT =========================
// ================================
app.get('/logout', (req, res)=> {
req.logout();
res.redirect('/login');
});
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
res.redirect('/');
}
}
我不确定额外值的来源,但您可以使用带参数的准备语句来简化它。并且查询可以使用 INSERT INTO ... SELECT ... 而不是将子查询放入 VALUES 列表中。
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach(product => {
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
con.query(sql, [product, q, price, cust, oDate, product], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
});
});
我已经解决了这个问题,它在我的 EJS 文件中。我有一个迭代来查看 table 的结果并输入价格。价格没有禁用属性,这就是为什么即使复选框为 false,它也会继续接受其他价格。
只需添加 disabled 并创建一个 JS 文件,如果复选框被选中,则删除 disabled 属性 == true。
我的项目中有这段代码
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
con.query(sql, (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
})
})
});
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
然后我得到这个错误
即使我的 table 上只有 8 列并且 id 处于自动递增状态,它仍会向 VALUES 添加另外两列
罪魁祸首是什么?
我尝试了其他编码方式,比如没有子查询,但出于某种原因它仍然添加了这 3 个额外值
这是我其他项目的代码,但我没有使用 Select 因为我没有从其他 tables
获得其他值.post("/send-data", (req,res)=>{
let order = req.body.OrderNo;
let quantity = req.body.quantity;
let first = req.body.fname,
last = req.body.lname,
contact = req.body.Contact,
email = req.body.emailAdd,
fb = req.body.facebook,
date = req.body.date,
delivery = req.body.delivery,
payment = req.body.payment,
time = req.body.time,
address = req.body.address;
[order].forEach((product, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO foodorder.orders (" +
"food_id," +
" qty,"+
" customer_FName," +
" customer_LName," +
" customer_address," +
" customer_number," +
" customer_email," +
" customer_facebook," +
" order_date," +
" delivery_option," +
" mode_of_payment," +
" delivery_time" +
") VALUES (" +
con.escape(product) + `,` +
con.escape(q) + `,` +
con.escape(first) + `,` +
con.escape(last) + `,` +
con.escape(address) + `,` +
con.escape(contact) + `,` +
con.escape(""+email) + `,` +
con.escape(fb) + `,` +
con.escape(date) + `,` +
con.escape(delivery) + `,` +
con.escape(payment) + `,` +
con.escape(time) +
`)`;
con.query(sql, (err,result) => {
if(!err){
res.redirect('thankyou.html');
}
else{
res.status(404).send('ERROR. Please Go back and Order Again');
}
})
})
});
为了巴尔马尔的回答
const dbconfig = require('../config/database');
const mysql = require('mysql2');
const con = mysql.createConnection(dbconfig.connection);
con.query('USE ' + dbconfig.database);
module.exports = function(app, passport) {
app.use((req, res, next)=>{
res.locals.filterdata;
next();
})
// LOGIN =========================
// ===============================
app.get('/', (req,res) =>{
res.redirect('/login');
});
app.get('/login', function(req, res) {
res.render(process.cwd() + '/pages/login', { message: req.flash('loginMessage') });
});
app.post('/login', passport.authenticate('local-login', {
successRedirect : '/profile',
failureRedirect : '/login',
failureFlash : true
}),
function(req, res) {
console.log("someone logged in");
if (req.body.remember) {
req.session.cookie.maxAge = 1000 * 60 * 3;
} else {
req.session.cookie.expires = false;
}
res.redirect('/');
});
// FORGOT PW =======================
// =================================
app.get('/forgot', function(req, res) {
res.render(process.cwd() + '/pages/forgot');
});
// PAGE ROUTES =====================
// =================================
app.get('/profile', isLoggedIn, (req, res)=> {
if (req.isAuthenticated() && (req.user.isAdmin === 1)) {
res.redirect('/admin');
}
else{
res.redirect('/cashier');
}
});
// ADMIN ROUTES =====================
// ==================================
app.get('/admin', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/history', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/history/form', isLoggedIn,(req,res)=>{
let sql = "SELECT * FROM receive"
let sql2 = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
con.query(sql2, (err2,result2)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/form', {data2:result2, data:result, user: req.user});
}
else{
res.status(404).send(err, err2);
}
})
});
});
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
console.log(sql);
con.query(sql,[product, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
console.log(sql);
res.status(404).send(err);
}
})
})
});
app.post('/history/form/confirmPrint', isLoggedIn, (req,res)=>{
let code = req.body.pcode, name = req.body.pname, unit = req.body.punit,
qty = req.body.qty, price = req.body.price, cust = req.body.orderedBy, oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = qty[index];
let sql = "INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (?,?,?,?,?,?,?)"
con.query(sql,[product, name, unit, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
})
});
app.get('/admin/stocks', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM receive"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/stocks', {data: result, user: req.user});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/receive', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', date)
res.render(process.cwd() + '/pages/admin/receive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage'),
message: req.flash('receiveMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/receive/edit', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', "" + date)
res.render(process.cwd() + '/pages/admin/editReceive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/delete', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/save', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// FILTER ADMIN ROUTES =====================
// =========================================
app.post('/receive/filter', isLoggedIn, (req,res)=>{
let date2 = req.body.date;
filterdata = date2;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date2], (err,result)=>{
if (!err){
req.flash('dateMessage', date2)
res.render(process.cwd() + '/pages/admin/receiveFltr', {
data: result,
user: req.user,
message: req.flash('receiveMessage'),
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit', isLoggedIn, (req,res)=>{
let date3 = filterdata;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date3], (err,result)=>{
if (!err){
req.flash('dateMessage', date3)
res.render(process.cwd() + '/pages/admin/editReceiveFltr', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/delete', isLoggedIn, (req,res)=>{
let date = filterdata;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/save', isLoggedIn, (req,res)=>{
let date = filterdata;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// CASHIER ROUTES =====================
// =================================
// LOGOUT =========================
// ================================
app.get('/logout', (req, res)=> {
req.logout();
res.redirect('/login');
});
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
res.redirect('/');
}
}
我不确定额外值的来源,但您可以使用带参数的准备语句来简化它。并且查询可以使用 INSERT INTO ... SELECT ... 而不是将子查询放入 VALUES 列表中。
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach(product => {
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
con.query(sql, [product, q, price, cust, oDate, product], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
});
});
我已经解决了这个问题,它在我的 EJS 文件中。我有一个迭代来查看 table 的结果并输入价格。价格没有禁用属性,这就是为什么即使复选框为 false,它也会继续接受其他价格。
只需添加 disabled 并创建一个 JS 文件,如果复选框被选中,则删除 disabled 属性 == true。