[英]PHP/MySQL: Update int where id = column?
我想從一個完美的 SQL-DB 中列出一些產品。 現在,用戶應該點擊兩個不同的按鈕,將這個特定產品的數量加 +1,然后減去 -1。
這是我的前端的樣子:
<?php
require_once('../system/config.php');
require_once('../system/server.php');
// Create connection
$conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT item, count, date FROM shop";
$result = $conn->query($sql);
?>
[...]
<form>
<table>
<form method="post" action="frontend.php">
<tr>
<th></th>
<th></th>
<th>Amount</th>
<th>Item</th>
<th>Date</th>
<th></th>
</tr>
<?php while($row = mysqli_fetch_array($result)):?>
<tr>
<td><button class="delete" name="delete">x</button></td>
<td><button class="minus" name="minus">-</button></td>
<td><?php echo $row['count'];?></td>
<td><?php echo $row['item'];?></td>
<td><?php echo $row['date'];?></td>
<td><button class="plus" name="plus">+</button></td>
</tr>
</form>
<?php endwhile;?>
</table>
</form>
到目前為止,這里一切正常,它列出了數據庫中的數據。
對於我的后端代碼,我想我會使用“更新”。 我只發布一個功能,其他兩個功能很相似。
$db = mysqli_connect('xxx', 'xxx', 'xxx', 'xx');
//Item add
if (isset($_POST['plus'])) {
$count = mysqli_real_escape_string($db, $_POST['count']);
$query = "UPDATE `shop` SET `count` = `count` + 1 WHERE `id` = '51'";
mysqli_query($db, $query) or die(mysqli_error($db));
header('location: frontend.php');
};
如果我提供特定的 ID 號,它就可以工作。 如果我想要修改的ID是按鈕所在列的ID怎么辦?
真正應該做的是:
<!-- NOTE: no <form> tags around and inside <table> -->
<table>
<tr>
<th></th>
<th></th>
<th>Amount</th>
<th>Item</th>
<th>Date</th>
<th></th>
</tr>
<?php while($row = mysqli_fetch_array($result)):?>
<tr>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="delete" name="delete">x</button>
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="minus" name="minus">-</button>
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
<td><?php echo $row['count'];?></td>
<td><?php echo $row['item'];?></td>
<td><?php echo $row['date'];?></td>
<td>
<!-- form tag appears here -->
<form method="post" action="frontend.php">
<button type="submit" class="plus" name="plus">+</button>
<!-- also `input` with type hidden appears, which holds
the ID of current value (I assume it is `id` column) -->
<input type="hidden" name="item_id" value="<?php echo $row['id'];?>" />
</form>
</td>
</tr>
<?php endwhile;?>
在服務器端:
if (isset($_POST['plus'])) {
// you don't need $count
//$count = mysqli_real_escape_string($db, $_POST['count']);
$query = "UPDATE `shop` SET `count` = `count` + 1 WHERE `id` = ?";
// As we receive data from user input, it should be considered
// not safe that's why we use prepared statements
$stmt = $db->prepare($query);
$stmt->bind_param('s', $_POST['item_id']);
$stmt->execute();
header('location: frontend.php');
};
// similar code can be used to `delete`/`minus` actions
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.