dongtang3155 2019-03-08 14:33
浏览 140
已采纳

在数据库中找不到记录

I have the following problem: I am receiving a GET variable in a url. If the variable GET arrives, I send the contents of the variable to my controller.

My controller first brings the whole "sales" table, then I look for the record that has the same content of the GET variable in a column. Finally, I update the status of that record I found.

But nothing happens, and I do not know what I'm doing wrong.

I leave the code:

PHP file where the variable GET is received:

if(isset( $_GET['number'])){

$number = $_GET['number'];

$response = CartController::ctrShowSales($number);

echo $response;

}

PHP Controller:

static public function ctrShowSales($number){

    $table = "sales";

    $respuesta = CartModel::mdlShowSales($table);

    $find = 0;

    foreach ($response as $key => $value) {

        if ($value["number"] == $number) {

            $find = 1;
            $id = $value["id"];

            break;

        } 

    }

    if ($find == 1){

        $response2 = CartModel ::mdlUpdateRecord($table, $id);
        return $response2;

    } else { return "Did not find";}

}

PHP Model:

static public function mdlShowSales($table){

    $stmt = Conection::conect()->prepare("SELECT * FROM $table");

    $stmt -> execute();

    return $stmt -> fetch();

    $stmt -> close();

    $tmt =null;

}

static public function mdlUpdateRecord($table, $id) {

    $stmt = Conection::conect()->prepare("UPDATE $table SET status = :status WHERE $id = :$id");

            $stmt->bindParam(":id", $id, PDO::PARAM_INT);
    $stmt->bindParam(":status", "Verified", PDO::PARAM_STR);

    if($stmt -> execute()){

        return "ok";

    }else{

        return "error"; 

    }

    $stmt -> close();

    $stmt = null;

}

展开全部

  • 写回答

2条回答 默认 最新

  • doulang2311 2019-03-08 15:30
    关注

    In addition to the other answers I would add this simple method to your models,

    protected static $tables  = ['sales'];
    
    final static public function ckTable($table){
         if(false !== ($index = array_search($table, static::$tables, true))){
             return $tables[$index]; //return your table value
         }
         throw new Exception('Unknown Table');
    }
    
    static public function mdlShowSales($table){
           //here you can clearly see the table is being handled
           $safeTable = self::ckTable($table); //use a different var here
    
    
           $stmt = Conection::conect()->prepare("SELECT * FROM $safeTable");
           ....
    
          //or $stmt = Conection::conect()->prepare("SELECT * FROM ".self::ckTable($table));
    }
    

    Right now you have only the fact that you hard coded this, in your controller:

    $table = "sales";
    

    All it would take is to one day make this mistake in a controller

    //here you cannot tell if this is safe to do or not as you cannot see how the query is done.
    static public function somepage($table){
          $respuesta = CartModel::mdlShowSales($table);
    }
    

    And you would be open to SQL Injection even if you prepare the query.

    Right now it's just Improbable that, that will happen, we should make this impossible.

    Also, this is basically what you are doing:

    //everything under PHP Controller can be done with this sql:
    SELECT id FROM sales WHERE number = :number LIMIT 1
    /*
      SELECT * FROM sales
    foreach ($response as $key => $value) {   
            if ($value["number"] == $number) { //-- WHERE number = :number
                $find = 1;
                $id = $value["id"]; //-- SELECT id
                break; //-- LIMIT 1
            } 
        }
     */
    
    //mdlUpdateRecord
    UPDATE sales SET status = :status WHERE id = :id
    

    So why not just do this

    UPDATE sales SET status = :status WHERE number = :number LIMIT 1
    

    Basically I am just rewording your code into just SQL, you can do it however you want. I think maybe ordering will be an issue here with Limit 1 if your order is different and you have multiple number rows for the same value. But I don't know what your DB looks like to say for sure, this is true with your original code as well.

    展开全部

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)
编辑
预览

报告相同问题?

悬赏问题

  • ¥20 谁刷目标页面的uv记录器上数据,数据只记录跳转的数值
  • ¥30 数据库软件的安装方法
  • ¥15 一道以太网数据传输题
  • ¥15 python 下载群辉文件
  • ¥50 代码还没怎么运行但是需要代码功能调用数据
  • ¥15 vue请求不到数据,返回状态200,数据为html
  • ¥15 用白鹭引擎开发棋牌游戏的前端为什么这么难找
  • ¥35 哪位专业人士知道这是什么原件吗?哪里可以买到?
  • ¥15 关于#c##的问题:treenode反序列化后获取不到上一节点和下一节点,Fullpath和Handle报错
  • ¥15 一部手机能否同时用不同的app进入不同的直播间?
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部