dongtang3155 2019-03-08 22:33
浏览 140
已采纳

在数据库中找不到记录

I have the following problem: I am receiving a GET variable in a url. If the variable GET arrives, I send the contents of the variable to my controller.

My controller first brings the whole "sales" table, then I look for the record that has the same content of the GET variable in a column. Finally, I update the status of that record I found.

But nothing happens, and I do not know what I'm doing wrong.

I leave the code:

PHP file where the variable GET is received:

if(isset( $_GET['number'])){

$number = $_GET['number'];

$response = CartController::ctrShowSales($number);

echo $response;

}

PHP Controller:

static public function ctrShowSales($number){

    $table = "sales";

    $respuesta = CartModel::mdlShowSales($table);

    $find = 0;

    foreach ($response as $key => $value) {

        if ($value["number"] == $number) {

            $find = 1;
            $id = $value["id"];

            break;

        } 

    }

    if ($find == 1){

        $response2 = CartModel ::mdlUpdateRecord($table, $id);
        return $response2;

    } else { return "Did not find";}

}

PHP Model:

static public function mdlShowSales($table){

    $stmt = Conection::conect()->prepare("SELECT * FROM $table");

    $stmt -> execute();

    return $stmt -> fetch();

    $stmt -> close();

    $tmt =null;

}

static public function mdlUpdateRecord($table, $id) {

    $stmt = Conection::conect()->prepare("UPDATE $table SET status = :status WHERE $id = :$id");

            $stmt->bindParam(":id", $id, PDO::PARAM_INT);
    $stmt->bindParam(":status", "Verified", PDO::PARAM_STR);

    if($stmt -> execute()){

        return "ok";

    }else{

        return "error"; 

    }

    $stmt -> close();

    $stmt = null;

}
  • 写回答

2条回答 默认 最新

  • doulang2311 2019-03-08 23:30
    关注

    In addition to the other answers I would add this simple method to your models,

    protected static $tables  = ['sales'];

final static public function ckTable($table){
     if(false !== ($index = array_search($table, static::$tables, true))){
         return $tables[$index]; //return your table value
     }
     throw new Exception('Unknown Table');
}

static public function mdlShowSales($table){
       //here you can clearly see the table is being handled
       $safeTable = self::ckTable($table); //use a different var here


       $stmt = Conection::conect()->prepare("SELECT * FROM $safeTable");
       ....

      //or $stmt = Conection::conect()->prepare("SELECT * FROM ".self::ckTable($table));
}

    Right now you have only the fact that you hard coded this, in your controller:

    $table = "sales";

    All it would take is to one day make this mistake in a controller

    //here you cannot tell if this is safe to do or not as you cannot see how the query is done.
static public function somepage($table){
      $respuesta = CartModel::mdlShowSales($table);
}

    And you would be open to SQL Injection even if you prepare the query.

    Right now it's just Improbable that, that will happen, we should make this impossible.

    Also, this is basically what you are doing:

    //everything under PHP Controller can be done with this sql:
SELECT id FROM sales WHERE number = :number LIMIT 1
/*
  SELECT * FROM sales
foreach ($response as $key => $value) {   
        if ($value["number"] == $number) { //-- WHERE number = :number
            $find = 1;
            $id = $value["id"]; //-- SELECT id
            break; //-- LIMIT 1
        } 
    }
 */

//mdlUpdateRecord
UPDATE sales SET status = :status WHERE id = :id

    So why not just do this

    UPDATE sales SET status = :status WHERE number = :number LIMIT 1

    Basically I am just rewording your code into just SQL, you can do it however you want. I think maybe ordering will be an issue here with Limit 1 if your order is different and you have multiple number rows for the same value. But I don't know what your DB looks like to say for sure, this is true with your original code as well.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 用visual studi code完成html页面
  • ¥15 聚类分析或者python进行数据分析
  • ¥15 逻辑谓词和消解原理的运用
  • ¥15 三菱伺服电机按启动按钮有使能但不动作
  • ¥15 js,页面2返回页面1时定位进入的设备
  • ¥50 导入文件到网吧的电脑并且在重启之后不会被恢复
  • ¥15 (希望可以解决问题)ma和mb文件无法正常打开,打开后是空白,但是有正常内存占用,但可以在打开Maya应用程序后打开场景ma和mb格式。
  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?