如何使用php更改ms sql server2014中的表格

Question

23 浏览2023年3月21日

匿名的 2023年3月21日

0 Comments

我第一次使用ms sql数据库，尝试使用php对表进行更新。以下是我用于更新的代码。报错显示"未定义的索引：cust_id"。


 "customerdb", "UID" => "dbadmin", "PWD" => "kwe");
$conn = sqlsrv_connect($serverName, $connectionInfo);
if ($conn === false) {
    die(print_r(sqlsrv_errors(), true));
}
//声明将查询数据库的SQL语句
$query = "SELECT * FROM Customer_Details WHERE Rec_No=".$_POST['id'];
//执行SQL查询并返回记录
$result = sqlsrv_query($conn, $query)
        or die(print_r(sqlsrv_errors(), true));
//在表中显示结果
$o = '';
while ($record = sqlsrv_fetch_array($result)) {
	$street1 = $record['street'];
	$o .='';
    $o .= '';
    $o .= '';
    $o .= '';
    $o .="";
    $o .= '';
	$o .= '';
    $o .='';
	$o .='';
    $o .='';
    $o .='';
    $o .='';
    $o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
    $o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	$o .='';
	}
$o .= '
REC NO.: CUSTOMER ID: 
CUSTOMER NAME: SEC-REGISTERED NAME: 
TIN NUMBER: STORE TYPE: 
ORGANIZATION AND BUSINESS:
SIZE OF BUSINESS: SELLER ID: 
DATE OF ESTABLISHMENT: 
ADDRESS(Headquarters): 
  
TELEPHONE# / FAX: PAYMENT TERMS: 
SHIPPING INSTRUCTIONS: 
NUMBER OF DOORS: NUMBER OF WAREHOUSES: 
CONTACT PERSONNEL:
OWNER: 
PURCHASER/S: 
ACCOUNTING HEAD: 
WAREHOUSE HEAD: 
OTHER PERSONNEL: 
TERMS AND DISCOUNTS:
PAYMENT TERMS: COLLECTION SCHEDULE:
DISCOUNT: 
BUSINESS GOALS:
VOLUME: CSL: 
MERCHANDISING: ASSORTMENT: 
VEHICLE: PRICING: 
DISTRIBUTION: MARGIN: 
STRATEGIES:
PRICE: PEOPLE: 
PROMOTION: PRODUCT: 
CATMAN ENROLLMENT: 
POLICIES:
REPLENISHMENT ORDERS: 
ASSORTMENT/MERCHANDISING: 
NEW PRODUCTS: 
PRICING/PROMOTION: 
UPLOAD PICTURE: ';
echo $o;
echo"";
echo"";
    $serverName = "kwe-PC\SQLEXPRESS";
    $connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe");
    $conn = sqlsrv_connect($serverName, $connectionInfo);
    if ($conn === false) {
        die(print_r(sqlsrv_errors(), true));
    }
    if (isset($_POST['submit'])) {
	$sql = "UPDATE Customer_Details SET Cust_ID = ".$_POST['cust_id']." WHERE Rec_No =" . $_POST['id'];
    sqlsrv_query($conn, $sql);
	$ids = $_POST['id'];
}
	else{
        echo "ID为空";
    }
?>

0

1 答案

匿名的 · Answer 1 · 2023-04-21T11:24:28+00:00

从上面的内容可以看出，问题的原因是在使用php代码时出现了错误，而不是SQL错误。为了避免SQL注入，建议不要在代码中使用临时查询。相反，可以创建一个存储过程来实现所需的功能，并从应用程序中执行该存储过程。下面是一个创建存储过程的示例：

CREATE PROCEDURE proc_UpdateCustomer (@Cust_ID int, @Rec_No int)
AS
BEGIN
    SET NOCOUNT ON;
    UPDATE Customer_Details
    SET Cust_ID = @Cust_ID
    WHERE Rec_No = @Rec_No
END

使用存储过程的方式可以避免SQL注入攻击。同样的方法可以用于创建SELECT语句的存储过程。

REC NO.:		CUSTOMER ID:
CUSTOMER NAME:		SEC-REGISTERED NAME:
TIN NUMBER:		STORE TYPE:
ORGANIZATION AND BUSINESS:
SIZE OF BUSINESS:		SELLER ID:
DATE OF ESTABLISHMENT:
ADDRESS(Headquarters):

TELEPHONE# / FAX:		PAYMENT TERMS:
SHIPPING INSTRUCTIONS:
NUMBER OF DOORS:		NUMBER OF WAREHOUSES:
CONTACT PERSONNEL:
OWNER:
PURCHASER/S:
ACCOUNTING HEAD:
WAREHOUSE HEAD:
OTHER PERSONNEL:
TERMS AND DISCOUNTS:
PAYMENT TERMS:		COLLECTION SCHEDULE:
DISCOUNT:
BUSINESS GOALS:
VOLUME:		CSL:
MERCHANDISING:		ASSORTMENT:
VEHICLE:		PRICING:
DISTRIBUTION:		MARGIN:
STRATEGIES:
PRICE:		PEOPLE:
PROMOTION:		PRODUCT:
CATMAN ENROLLMENT:
POLICIES:
REPLENISHMENT ORDERS:
ASSORTMENT/MERCHANDISING:
NEW PRODUCTS:
PRICING/PROMOTION:
UPLOAD PICTURE: