堆栈内存溢出
  简体   繁体   English

将我的动态行的值添加到数据库中

[英]adding my value of my dynamic row to my DB

 原文  2014-03-31 14:44:13       javascript/ php/ html/ database

问题描述

I have a problem : my coworker played with my code and now it doesn't work anymore. 我有一个问题:我的同事玩了我的代码,现在它不再起作用了。 Have any idea ? 有什么想法吗? Here is my code, I checked it twice but can't see what changes were made and why it doesn't work 这是我的代码,我检查了两次,但看不到所做的更改以及为什么不起作用 

<?php
// Connect to the DB
$link = mysqli_connect("localhost","root","","testlp") or die("Error " . mysqli_error($link));

I connected there to my DB 我在那里连接到我的数据库 

// store in the DB 
if(!empty($_POST['ok'])) {  
    // first delete the records marked for deletion. Why? Because we don't want to process them in the code below
    if( !empty($_POST['delete_ids']) and is_array($_POST['delete_ids'])) {

        foreach($_POST['delete_ids'] as $id) {
            $sql = "DELETE FROM recherche WHERE id=$id";
            $link->query($sql);
        }
    }

Here normaly I add to my DB 通常我在这里添加到我的数据库中 

    // adding new recherche
    if(!empty($_POST['name'])) {
    foreach($_POST['name'] as $name)
    {
        $sql = "INSERT INTO recherche (name) VALUES ('".mysqli_real_escape_string($link,$name)."')";
        $link->query($sql);
    }
} 
}

// select existing recherche here
$sql="SELECT * FROM recherche ORDER BY id";
$result = $link->query($sql);
?>

<html>
<head>
    <script type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.js"></script>
</head>

<body>

<div style="width:90%;margin:auto;">


    <form method="post">
    <div id="itemRows">

     Item name: <input type="text" name="add_name" /> <input onclick="addRow(this.form);" type="button" value="Add row" /> 
     <?php
if($result!=false && mysqli_num_rows($result)>0){
    while($product = mysqli_fetch_array($result)): ?>
        <p id="oldRow<?=$product['id']?>"> Item name: <input type="text" name="name<?=$product['id']?>" value="<?=$product['name']?>" />
        <input type="checkbox" name="delete_ids[]" value="<?=$product['id']?>"> Mark to delete</p>
    <?php endwhile;

}
?>
    </div>

    <p><input type="submit" name="ok" value="Save Changes"></p>
    </form>
</div>

<script type="text/javascript">
var rowNum = 0;function addRow(frm) {
    rowNum ++;
    var row = '<p id="rowNum'+rowNum+'">Item name: <input type="text" name="name[]" value="'+frm.add_name.value+'"> <input type="button" value="Remove" onclick="removeRow('+rowNum+');"></p>';
    jQuery('#itemRows').append(row);
    frm.add_qty.value = '';
    frm.add_name.value = '';
}

function removeRow(rnum) {
    jQuery('#rowNum'+rnum).remove();
}
</script>
</body> 
</html>

1 个解决方案

解决方案1
 0  2014-03-31 15:05:22

try it with just a little bit more error handling (and protection from sql injections as a bonus) 尝试一点更多的错误处理(以及防止SQL注入作为奖励) 

$link = mysqli_connect(...);
// unlike mysql_connect, mysqli_connect() will not return false when the connection cannot be established
// therefore or die() won't work
if ($link->connect_error) {
    die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
}

// you have no error handling in your script
// making mysqli throw exceptions makes it harder to miss errors
// you still have to handle them - but at least you will see them now....
mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);

if(!empty($_POST['ok'])) {  
    // first delete the records marked for deletion. Why? Because we don't want to process them in the code below
    if( !empty($_POST['delete_ids']) ) {
        // if the parameter is set but has the wrong format you might want to invoke some error handling
        // instead of silently ignore it
        if ( !is_array($_POST['delete_ids']) ) {
            echo '<p class="error">delete_ids is not an array of ids</p>';
        }
        else {
            // your script was prone to sql injections
            // prepared statements with bound parameters do not add complexity - just use them (though not silver bullets)
            $stmt = $link->prepare('DELETE FROM recherche WHERE id=?');
            $stmt->bind_param('s', $id);
            foreach($_POST['delete_ids'] as $id) {
                $stmt->execute();   echo '.';
            }
        }
    }

    // adding new recherche
    if(!empty($_POST['name'])) {
        if ( !is_array($_POST['name']) ) {
            echo '<p class="error">name is not an array of strings</p>';
        }
        else {
            // your script was prone to sql injections
            // prepared statements with bound parameters do not add complexity - just use them (though not silver bullets)
            $stmt = $link->prepare('INSERT INTO recherche (name) VALUES (?)');
            $stmt->bind_param('s', $name);
            foreach($_POST['name'] as $name) {
            $stmt->execute();
            }
        } 
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将TinyMCE添加到我的动态表单表中 - Adding TinyMCE to my dynamic form table 为什么我的代码没有正确将值添加到下拉列表中? - Why is my code not adding the value to the dropdown properly? 将下拉菜单添加到我的动态表单jQuery中 - Adding drop down menu into my dynamic form jQuery 我的动态表格行创建代码无效 - My dynamic table row creation code doesn't work 我的表在使用 for 循环动态构造时添加了额外的行 - My table is adding an extra row when being constructed dynamically with a for loop 在我的游戏中添加计时器 - Adding a timer to my game 标记未添加到我的地图 - Marker not adding to my map 将图像添加到我的阵列中? - Adding images to my array? 向我添加日历 - adding a calendar to my 将Cookie添加到我的游戏中 - Adding cookies to my game
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM