所以我对php很新,但我想创建一个基于mysql数据库的票证系统。
所以我现在的问题是,当我按下一个按钮时,我想关闭一张票。我的门票显示在一个表格中,一旦按下按钮,我就不知道如何在更新功能中指定数据集。
这是我到目前为止所得到的:
$con = mysqli_connect($ip, $user, $pw, $db);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if($show_updates == 'true') {
echo file_get_contents('http://zombieland.eu/api/sht/update-1.2.php');
}
$page_query = mysqli_query($con, "SELECT * FROM `SHT_Tickets` WHERE `status`='OPEN' ORDER BY `id` DESC");
$page_nums = mysqli_num_rows($page_query);
echo "<div style=\"margin: 1% 2%;\">";
echo "<p>Tickets open: ". $page_nums ."</p>";
if ($page_nums >= 1) {
echo "<table class=\"ui celled striped table\">";
echo "<tr>";
echo " <td class='tbr tbt'><b>Beschreibung</b></td>";
echo " <td class='tbr tbt'><b>Datum</b></td>";
echo " <td class='tbr tbt'><b>Besitzer</b></td>";
echo " <td class='tbr tbt'><b>Welt</b></td>";
echo " <td class='tbr tbt'><b>Admin-Antwort</b></td>";
echo " <td class='tbr tbt'><b>User-Antwort</b></td>";
echo " <td class='tbr tbt'><b>Status</b></td>";
echo " <td class='tbr tbt'><b>Admin</b></td>";
echo " <td class='tbr tbt'><b>Antworten</b></td>";
echo " <td class='tbr tbt'><b>Schliessen</b></td>";
echo "</tr>";
while ($obj = mysqli_fetch_object($page_query)) {
echo "<tr>";
echo "<td class='tbr'>" . $obj->description . "</td>";
echo "<td class='tbr'>" . $obj->date . "</td>";
echo "<td class='tbr'>" . $obj->owner . "</td>";
echo "<td class='tbr'>" . $obj->world . "</td>";
echo "<td class='tbr'>" . $obj->adminreply . "</td>";
echo "<td class='tbr'>" . $obj->userreply . "</td>";
echo "<td class='tbr'>" . $obj->status . "</td>";
echo "<td class='tbr'>" . $obj->admin . "</td>";
echo "<td><form action='' method='POST'><button class='tbr' type='submit' value='. $obj->date .'>Schliessen</button></form></td>";
echo "</tr>";
}
}
echo "</table>";
echo "</div>";
if(isset($_POST['submit'])){
$con = mysqli_connect($ip, $user, $pw, $db);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
$page_query = mysqli_query($con, "UPDATE `SHT_Tickets` SET `status`='CLOSED' WHERE 'date'=buttonObject.value ");
$page_nums = mysqli_num_rows($page_query);
}
}
答案 0 :(得分:2)
在我的系统上运行正常。屏幕截图here,但以下代码已删除调试信息。我根据您在问题下的评论将名为date的列设为datetime数据类型。
请注意 UPDATE行区域周围的注释。由于注入风险,这应该变成准备好的声明,并思考这样一个事实,理论上没有任何人阻止关闭每张票你的系统。他们可以制作一个循环,只用他们自己的疯狂代码来做帖子。因此,您需要查看其他SESSION信息才能重新执行此操作。
首先打开错误报告(前2行)。
此外,我还为要更新的故障单日期添加了一个隐藏字段。这确实应该是来自数据库的auto_increment id,而不是日期时间,以获得唯一性。我回复了日期列名称和数据库关闭。将UPDATE块移动到顶部,然后在它下面刷新。
create table SHT_Tickets
( id int auto_increment primary key,
description varchar(100) not null,
date datetime not null,
owner varchar(100) not null,
world varchar(100) not null,
adminreply varchar(100) not null,
userreply varchar(100) not null,
status varchar(100) not null,
admin varchar(100) not null
);
truncate table SHT_Tickets;
insert SHT_Tickets (description,date,owner,world,adminreply,userreply,status,admin) values
('fenster','2015-09-01 11:00:00','own','w','ar','der Himmel noch blaut','open','admin111'),
('trout','2015-09-02 11:00:00','own','w','ar','zwei','open','admin111'),
('fish','2015-09-03 11:00:00','own','w','ar','drei','closed','admin111'),
('mustard','2015-09-04 11:00:00','own','w','ar','haben Sie etwas?','open','admin111');
error_reporting(E_ALL);
ini_set("display_errors", 1);
$con = mysqli_connect('localhost', 'xxx', 'yyy', 'dbname');
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
// I am scrared, so I remmed this out
//if($show_updates == 'true') {
// echo file_get_contents('http://zombieland.eu/api/sht/update-1.2.php');
//}
if(isset($_POST['delMe'])){
// Warning, it was db data to begin with
// but the poster could fake the data and inject harmful code
$theDate=$_POST['delMe'];
$sql="UPDATE `SHT_Tickets` SET `status`='CLOSED' WHERE `date`='$theDate'";
$page_query = mysqli_query($con, $sql);
$page_nums = mysqli_num_rows($page_query); // residue left here of no use
}
$page_query = mysqli_query($con, "SELECT * FROM `SHT_Tickets` WHERE `status`='OPEN' ORDER BY `id` DESC");
$page_nums = mysqli_num_rows($page_query);
echo "<div style=\"margin: 1% 2%;\">";
echo "<p>Tickets open: ". $page_nums ."</p>";
if ($page_nums >= 1) {
echo "<table class=\"ui celled striped table\">";
echo "<tr>";
echo " <td class='tbr tbt'><b>Beschreibung</b></td>";
echo " <td class='tbr tbt'><b>Datum</b></td>";
echo " <td class='tbr tbt'><b>Besitzer</b></td>";
echo " <td class='tbr tbt'><b>Welt</b></td>";
echo " <td class='tbr tbt'><b>Admin-Antwort</b></td>";
echo " <td class='tbr tbt'><b>User-Antwort</b></td>";
echo " <td class='tbr tbt'><b>Status</b></td>";
echo " <td class='tbr tbt'><b>Admin</b></td>";
echo " <td class='tbr tbt'><b>Antworten</b></td>";
echo " <td class='tbr tbt'><b>Schliessen</b></td>";
echo "</tr>";
while ($obj = mysqli_fetch_object($page_query)) {
echo "<tr>";
echo "<td class='tbr'>" . $obj->description . "</td>";
echo "<td class='tbr'>" . $obj->date . "</td>";
echo "<td class='tbr'>" . $obj->owner . "</td>";
echo "<td class='tbr'>" . $obj->world . "</td>";
echo "<td class='tbr'>" . $obj->adminreply . "</td>";
echo "<td class='tbr'>" . $obj->userreply . "</td>";
echo "<td class='tbr'>" . $obj->status . "</td>";
echo "<td class='tbr'>" . $obj->admin . "</td>";
echo '<td><form action="this.php" method="POST"><input type="hidden" name="delMe" value="' . $obj->date . '" /><input type="submit" value="Delete" /></form></td>';
echo "</tr>";
}
}
echo "</table>";
echo "</div>";
mysqli_close($con); // do not forget me