[英]PHP Script wont update Database
I'm using a MySQLI API to try to make a modify system to change the price of a product.我正在使用 MySQLI API 尝试制作修改系统以更改产品的价格。 When I try to run this code I see no errors but nothing in my database changes.
当我尝试运行此代码时,我看不到任何错误,但我的数据库中没有任何变化。 Here are the code and the table.
这是代码和表格。
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link href="css/design.css" rel="stylesheet">
<title>Home Page</title>
</head>
<body>
<nav class="navbar">
<table border="0" height="100%" class="tablenav" >
<tr>
<td class="logo">Mask Emporium
</td>
<td class="navcell"><a href="adminpage.html" class="linknav">Admin</a>
</td>
</tr>
</table>
</nav>
<div align="center">
<div align="center" class="container">
<br>
<img src="images/banner.png" alt="banner" width="100%">
<br>
<br>
<?php
//Gets input info for stock manager
$price=$_POST['price'];
$ID=$_POST['mask_id'];
//Connects to database
$conn = new mysqli('localhost','teamavatar','teamavatarpass');
//Selecting database
$conn->select_db("teamavatar");
//Querys the database and updates stock info with a error checker
$query = "UPDATE stock SET price='".$price."' WHERE access= .$ID." or die("Error: ".mysql_error());
$result = $conn->query($query);
//Simply makes sure that info was logged, if not info must be inputted incorrectly
if($result== TRUE){
echo "The Mask Price has been updated";
}
$conn->close();
?>
</div>
</div>
</body>
</html>
$query = "UPDATE stock SET price='".$price."' WHERE access= .$ID." or die("Error: ".mysql_error());
You don't have a column access
in your database structure您的数据库结构中没有列
access
stock - id - name - price - inventory - type
You're open to SQL injection because you're putting user generated content directly into a query which is run on the database您对 SQL 注入持开放态度,因为您将用户生成的内容直接放入在数据库上运行的查询中
price='".$price."' WHERE access=.$ID.
You have periods either side of your variable so this wouldn't work even if access
was the right column name您的变量两侧都有句点,因此即使
access
是正确的列名,这也不起作用
.$ID. ==BECOMES==>.1.
Reporting your errors with die
is not an efficient way to do things用
die
报告错误并不是一种有效的做事方式
In MySQL all column names are treated as lower case.在 MySQL 中,所有列名都被视为小写。 It's good practice not to mix and match cases though!
不过,最好不要混合和匹配案例!
You can access the database directly in the connection.您可以在连接中直接访问数据库。 There's not need to run a separate function to choose a database
无需运行单独的 function 来选择数据库
//Connects to database $conn = new mysqli('localhost','teamavatar','teamavatarpass'); //Selecting database $conn->select_db("teamavatar");
You haven't activated error reporting for mysqli
which means you have a lot of additional code to check for errors needlessly您尚未激活
mysqli
的错误报告,这意味着您有很多额外的代码来检查不必要的错误
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // Comes before connection
Checking that the query completed the way you have doesn't prove much.检查查询是否按照您的方式完成并不能证明太多。 Checking if/how many rows on the other hand would confirm exactly what has happened
另一方面,检查是否/有多少行将确切地确认发生了什么
$result = $conn->query($query); //Simply makes sure that info was logged, if not info must be inputted incorrectly if($result== TRUE){ echo "The Mask Price has been updated"; }
There's nothing stopping your query running with blank/empty values没有什么可以阻止您的查询以空白/空值运行
Again it's good to have consistency naming variables and functions don't mix同样,保持命名变量和函数不混用的一致性很好
// Common naming conventions $variableOne = "..."; // Camel case $variable_two = "..."; // Snake case
// Gets input values or sets variables to NULL if nothing has been posted
$price = $_POST['price'] ?? NULL;
$id = $_POST['mask_id'] ?? NULL;
// Check we have input variables before running the code
if($price && $id){
// Set error reporting and connect to the database
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost','teamavatar','teamavatarpass', 'teamavatar');
$sql = "UPDATE stock SET price = ? WHERE id = ?"; // Query with ? as placeholders for variables
$query = $mysqli->prepare($sql); // Prepare query
$query->bind_param("ii", $price, $id); // Bind variables to place holders (assuming both are integers based on SS)
$query->execute(); // Run the query
echo $mysqli->affected_rows; // Print the number of rows updated in the query
}
else{
echo "Nothing submitted.";
}
Are you sure the connection to the DB is successful?您确定与数据库的连接成功吗? Try adding this under the connection code:
尝试在连接代码下添加:
if ($conn->connect_error) {
echo 'Error connecting to DB: ' . $mysqli->connect_error;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.