【发布时间】:2013-01-13 07:33:02
【问题描述】:
我遇到了范围问题;我已经阅读了多篇关于在 MySQL 中使用 OOP PHP 的 TUTS,但我仍然遇到问题.. 所以这里是: 我有一个变量 ($GetUsersSQL),其中包含用于检索用户数据以填充表的 MySQL SELECT。但是,当尝试对这些数据使用 MySQL UPDATE 时;它说 POST 数据为空。这就是我所拥有的(请原谅我在代码中的创可贴修复)。
Class Lib
{
//public variables are still not retrieved by uploaddata method.
public $rank;
public $username;
public $regiment;
public $EventsRan;
public $RankUp;
public $DatePromoted;
public $ReadNextRank;
public $TimeReady;
public $registered;
public $ontag;
public $Notes;
public $GetUsersSQL;
function Connection($host,$user,$password,$datab){
$con = mysql_connect($host,$user,$password) or die(mysql_error());
if (isset($con))
{
$db = mysql_select_db($datab);
}
$LoginSQL = /**mysql_query("SELECT regiment FROM Users WHERE username='$username' AND password='$userpassword'")**/ mysql_query("SELECT * FROM NewOrder");
$regiment = $LoginSQL;
}
function GetUsers($rank){
$GetUsersSQL =/** mysql_query("SELECT * FROM Users WHERE regiment='$regiment' ORDER BY rank DESC")**/ mysql_query("SELECT * FROM NewOrder where rank='$rank'");
while ($row = mysql_fetch_array($GetUsersSQL))
{
echo '
<tr>
<td>
<input type="text" value="'.$row['Rank'].'" id="rank"></td>
<td><input type="text" value="'.$row['Name'].'" id="name"></td>
<td><input type="text" value="'.$row['Regiment'].'" id="regiment"></td>
<td><input type="text" value="'.$row['Events Ran'].'" id="EventsRan"></td>
<td><input type="text" value="'.$row['Rank Up?'].'" id="RankUp"></td>
<td><input type="text" value="'.$row['Read next Rank'].'" id="ReadyNextRank"></td>
<td><input type="text" value="'.$row['Date Promoted'].'" id="DateLastPromoted"></td>
<td><input type="text" value="'.$row['Time ready'].'" id="TimeReady"></td>
<td><input type="text" value="'.$row['Registered'].'" id="Registered"></td>
<td><input type="text" value="'.$row['On Tag?'].'" id="OnTag"></td>
<td><input type="text" value="'.$row['Notes'].'" id="Notes"></td>
';
}
}
public function __UploadData()
{
return $this->GetUsersSQL;
//this is still broken
if (isset($_POST['rank']))
{
$this->rank = $_POST['rank'];
$this->name = $_POST['name'];
$this->regiment = $_POST['regiment'];
$this->EventsRan = $_POST['EventsRan'];
$this->RankUp = $_POST['RankUp'];
$this->DatePromoted = $_POST['DateLastPromoted'];
$this->ReadNextRank = $_POST['ReadyNextRank'];
$this->TimeReady = $_POST['TimeReady'];
$this->registered = $_POST['Registered'];
$this->ontag = $_POST['OnTag'];
$this->Notes = $_POST['Notes'];
$Query = mysql_query("UPDATE gfy SET rank='$this->rank', name='$this->name',ReadNextRank ='$this->ReadNextRank', regiment='$this->regiment', EventsRan='$this->EventsRan', RankUp='$this->RankUp', DatePromoted='$this->DatePromoted', timeReady='$this->Timeready',registered='$this->registered',ontag='$this->ontag' notes='$this->notes' WHERE name='$this->name'")or die(mysql_error());
}
else
{
echo 'EMPTY';
}
}
}
自太平洋时间 2013 年 1 月 13 日凌晨 1:11 起进行了以下更改: 到 GetUsers($rank): $this->GetUsersSQL = '...'; To _UploadData(): isset 改为 isset($this->rank) 并且查询现在使用 '".$this->rank."'... vs '$rank'
【问题讨论】:
-
无论如何,您应该不在您的类中使用 $_POST/$_GET 或任何其他超全局变量。有关详细信息,请参阅 Dependency Injection 上的 Martin Fowlers 文章。
-
此外,您在 SQL 语句中使用了未经检查的值。请不要直接在您的 SQL 中嵌入请求值,而是首先对其进行清理,例如检查正确的类型并至少使用 mysql_real_escape。您应该考虑使用 PDO_MYSQL 而不是已弃用的 ext/mysql 并考虑准备好的语句。这至少解决了将值直接嵌入 SQL 字符串的基本问题。
-
感谢大家的回复,我会尽我所能,看看效果如何。