所以我对 php 很陌生,但我想创建一个基于 mysql 数据库的票务系统。
所以我现在的问题是我想在按下按钮时关闭票证。我的票证显示在表格中,我不知道按下按钮后如何在更新函数中指定数据集。
这是我到目前为止得到的:
$con = mysqli_connect($ip, $user, $pw, $db);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if($show_updates == 'true') {
echo file_get_contents('http://zombieland.eu/api/sht/update-1.2.php');
}
$page_query = mysqli_query($con, "SELECT * FROM `SHT_Tickets` WHERE `status`='OPEN' ORDER BY `id` DESC");
$page_nums = mysqli_num_rows($page_query);
echo "<div style=\"margin: 1% 2%;\">";
echo "<p>Tickets open: ". $page_nums ."</p>";
if ($page_nums >= 1) {
echo "<table class=\"ui celled striped table\">";
echo "<tr>";
echo " <td class='tbr tbt'><b>Beschreibung</b></td>";
echo " <td class='tbr tbt'><b>Datum</b></td>";
echo " <td class='tbr tbt'><b>Besitzer</b></td>";
echo " <td class='tbr tbt'><b>Welt</b></td>";
echo " <td class='tbr tbt'><b>Admin-Antwort</b></td>";
echo " <td class='tbr tbt'><b>User-Antwort</b></td>";
echo " <td class='tbr tbt'><b>Status</b></td>";
echo " <td class='tbr tbt'><b>Admin</b></td>";
echo " <td class='tbr tbt'><b>Antworten</b></td>";
echo " <td class='tbr tbt'><b>Schliessen</b></td>";
echo "</tr>";
while ($obj = mysqli_fetch_object($page_query)) {
echo "<tr>";
echo "<td class='tbr'>" . $obj->description . "</td>";
echo "<td class='tbr'>" . $obj->date . "</td>";
echo "<td class='tbr'>" . $obj->owner . "</td>";
echo "<td class='tbr'>" . $obj->world . "</td>";
echo "<td class='tbr'>" . $obj->adminreply . "</td>";
echo "<td class='tbr'>" . $obj->userreply . "</td>";
echo "<td class='tbr'>" . $obj->status . "</td>";
echo "<td class='tbr'>" . $obj->admin . "</td>";
echo "<td><form action='' method='POST'><button class='tbr' type='submit' value='. $obj->date .'>Schliessen</button></form></td>";
echo "</tr>";
}
}
echo "</table>";
echo "</div>";
if(isset($_POST['submit'])){
$con = mysqli_connect($ip, $user, $pw, $db);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
$page_query = mysqli_query($con, "UPDATE `SHT_Tickets` SET `status`='CLOSED' WHERE 'date'=buttonObject.value ");
$page_nums = mysqli_num_rows($page_query);
}
}
最佳答案
在我的系统上运行良好。屏幕截图here但下面的代码已删除调试信息。根据您在问题下的评论,我将名为 date 的列设为 datetime 数据类型。
请注意 UPDATE 行区域周围的注释。由于注入(inject)风险,这应该变成准备好的声明,并思考这样一个事实:理论上没有什么可以阻止某人关闭每张票你的系统。他们可以制作一个循环,只用自己的疯狂代码来完成帖子。因此,您需要查看其他 SESSION 信息来重新处理此问题。
首先打开错误报告(前 2 行)。
我还添加了一个隐藏字段来更新票证日期。为了唯一性,这确实应该是来自数据库的 auto_increment id,而不是日期时间。我反勾了日期列名称,并关闭了数据库。将 UPDATE block 移至顶部,以便它发生在其下方的刷新。
架构:
create table SHT_Tickets
( id int auto_increment primary key,
description varchar(100) not null,
date datetime not null,
owner varchar(100) not null,
world varchar(100) not null,
adminreply varchar(100) not null,
userreply varchar(100) not null,
status varchar(100) not null,
admin varchar(100) not null
);
truncate table SHT_Tickets;
insert SHT_Tickets (description,date,owner,world,adminreply,userreply,status,admin) values
('fenster','2015-09-01 11:00:00','own','w','ar','der Himmel noch blaut','open','admin111'),
('trout','2015-09-02 11:00:00','own','w','ar','zwei','open','admin111'),
('fish','2015-09-03 11:00:00','own','w','ar','drei','closed','admin111'),
('mustard','2015-09-04 11:00:00','own','w','ar','haben Sie etwas?','open','admin111');
这个.php:
error_reporting(E_ALL);
ini_set("display_errors", 1);
$con = mysqli_connect('localhost', 'xxx', 'yyy', 'dbname');
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
// I am scrared, so I remmed this out
//if($show_updates == 'true') {
// echo file_get_contents('http://zombieland.eu/api/sht/update-1.2.php');
//}
if(isset($_POST['delMe'])){
// Warning, it was db data to begin with
// but the poster could fake the data and inject harmful code
$theDate=$_POST['delMe'];
$sql="UPDATE `SHT_Tickets` SET `status`='CLOSED' WHERE `date`='$theDate'";
$page_query = mysqli_query($con, $sql);
$page_nums = mysqli_num_rows($page_query); // residue left here of no use
}
$page_query = mysqli_query($con, "SELECT * FROM `SHT_Tickets` WHERE `status`='OPEN' ORDER BY `id` DESC");
$page_nums = mysqli_num_rows($page_query);
echo "<div style=\"margin: 1% 2%;\">";
echo "<p>Tickets open: ". $page_nums ."</p>";
if ($page_nums >= 1) {
echo "<table class=\"ui celled striped table\">";
echo "<tr>";
echo " <td class='tbr tbt'><b>Beschreibung</b></td>";
echo " <td class='tbr tbt'><b>Datum</b></td>";
echo " <td class='tbr tbt'><b>Besitzer</b></td>";
echo " <td class='tbr tbt'><b>Welt</b></td>";
echo " <td class='tbr tbt'><b>Admin-Antwort</b></td>";
echo " <td class='tbr tbt'><b>User-Antwort</b></td>";
echo " <td class='tbr tbt'><b>Status</b></td>";
echo " <td class='tbr tbt'><b>Admin</b></td>";
echo " <td class='tbr tbt'><b>Antworten</b></td>";
echo " <td class='tbr tbt'><b>Schliessen</b></td>";
echo "</tr>";
while ($obj = mysqli_fetch_object($page_query)) {
echo "<tr>";
echo "<td class='tbr'>" . $obj->description . "</td>";
echo "<td class='tbr'>" . $obj->date . "</td>";
echo "<td class='tbr'>" . $obj->owner . "</td>";
echo "<td class='tbr'>" . $obj->world . "</td>";
echo "<td class='tbr'>" . $obj->adminreply . "</td>";
echo "<td class='tbr'>" . $obj->userreply . "</td>";
echo "<td class='tbr'>" . $obj->status . "</td>";
echo "<td class='tbr'>" . $obj->admin . "</td>";
echo '<td><form action="this.php" method="POST"><input type="hidden" name="delMe" value="' . $obj->date . '" /><input type="submit" value="Delete" /></form></td>';
echo "</tr>";
}
}
echo "</table>";
echo "</div>";
mysqli_close($con); // do not forget me
关于php - 单击按钮时使用 ID 进行 SQL 查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32290283/