[英]PHP/MySQL: Update int where id = column?
I want to list some products out of an SQL-DB, which works perfectly.我想从一个完美的 SQL-DB 中列出一些产品。 Now the user should click on two different buttons to add +1 to the amount of this specific product and subtract -1 of this.
现在,用户应该点击两个不同的按钮,将这个特定产品的数量加 +1,然后减去 -1。
This is how my front-end looks like:这是我的前端的样子:
<?php
require_once('../system/config.php');
require_once('../system/server.php');
// Create connection
$conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT item, count, date FROM shop";
$result = $conn->query($sql);
?>
[...] [...]
<form>
<table>
<form method="post" action="frontend.php">
<tr>
<th></th>
<th></th>
<th>Amount</th>
<th>Item</th>
<th>Date</th>
<th></th>
</tr>
<?php while($row = mysqli_fetch_array($result)):?>
<tr>
<td><button class="delete" name="delete">x</button></td>
<td><button class="minus" name="minus">-</button></td>
<td><?php echo $row['count'];?></td>
<td><?php echo $row['item'];?></td>
<td><?php echo $row['date'];?></td>
<td><button class="plus" name="plus">+</button></td>
</tr>
</form>
<?php endwhile;?>
</table>
</form>
Here works everything so far, it lists the datas out of the DB.到目前为止,这里一切正常,它列出了数据库中的数据。
For my backend-code I thought I will work with 'UPDATE'.对于我的后端代码,我想我会使用“更新”。 I post only one function, the two others are quiet similar.
我只发布一个功能,其他两个功能很相似。
$db = mysqli_connect('xxx', 'xxx', 'xxx', 'xx');
//Item add
if (isset($_POST['plus'])) {
$count = mysqli_real_escape_string($db, $_POST['count']);
$query = "UPDATE `shop` SET `count` = `count` + 1 WHERE `id` = '51'";
mysqli_query($db, $query) or die(mysqli_error($db));
header('location: frontend.php');
};
It works if I give a specific ID-number.如果我提供特定的 ID 号,它就可以工作。 What can I do if I want the ID who should be changed is the ID the column where the button is clicked?
如果我想要修改的ID是按钮所在列的ID怎么办?
What really should be done is:真正应该做的是:
<!-- NOTE: no <form> tags around and inside <table> -->
<table>
<tr>
<th></th>
<th></th>
<th>Amount</th>
<th>Item</th>
<th>Date</th>
<th></th>
</tr>
<?php while($row = mysqli_fetch_array($result)):?>
<tr>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="delete" name="delete">x</button>
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="minus" name="minus">-</button>
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
<td><?php echo $row['count'];?></td>
<td><?php echo $row['item'];?></td>
<td><?php echo $row['date'];?></td>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="plus" name="plus">+</button>
<!-- also `input` with type hidden appears, which holds
the ID of current value (I assume it is `id` column) -->
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
</tr>
<?php endwhile;?>
On server side:在服务器端:
if (isset($_POST['plus'])) {
// you don't need $count
//$count = mysqli_real_escape_string($db, $_POST['count']);
$query = "UPDATE `shop` SET `count` = `count` + 1 WHERE `id` = ?";
// As we receive data from user input, it should be considered
// not safe that's why we use prepared statements
$stmt = $db->prepare($query);
$stmt->bind_param('s', $_POST['item_id']);
$stmt->execute();
header('location: frontend.php');
};
// similar code can be used to `delete`/`minus` actions
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.