2

我正在开发一个可以使用 mysql 和 php 将人员添加到数据库的系统。我的表单的基础是管理员可以添加人员类型和人员角色,当用户在表单中输入他们的详细信息时,这些将应用于用户。例如,如果将此系统应用于学校环境,则人员类型可以是教师或厨师,并且人员角色可以是父母,因为人员类型不排除人员角色。我在这个系统上遇到了各种问题,因为我的系统使用 MISAM 类型的表,所以外键没有更新,但是如果我使用 INNODB 表,我的数据输入将不起作用。我正在寻找可以同时使用查询的方法来使这项工作像大学项目一样工作,而我的截止日期已经迫在眉睫。但是我的意思是让这个系统正常工作,因此将在今年晚些时候寻求使其全面运作的方法。我有 javascript 用于错误处理,还有 php 代码块来帮助防止 sql 注入攻击。

当管理员输入用户时,会出现一个由人员类型表中的字段填充的下拉菜单,这是由人员类型表中的 Person_Type_Value_Description字段完成的。人员类型表中的每一行都有一个Person_Type_ID。我需要一个可以找到Person_Type_Value_Description的查询,调用Person_Type_ID并将其存储在一个变量中,以便可以将其解析为人员表中的人员类型 ID。我的表格的基本布局可以从下面的创建脚本中看到。

CREATE TABLE Person_Type(
Person_Type_ID int auto_increment NOT NULL,
Person_Type_Value_Description varchar(150) NOT NULL,
Create_Date datetime NOT NULL NOT NULL,
Modify_Date datetime NOT NULL  NOT NULL,
Archive char(1) NULL,
CONSTRAINT PK_Person_Type_ID PRIMARY KEY (Person_Type_ID)
 ) ;

...

CREATE TABLE Person(
Person_ID int auto_increment NOT NULL,
Person_Type_ID int NOT NULL,
Create_Date datetime NOT NULL ,
Modify_Date datetime NOT NULL ,
First_Name varchar(50) NOT NULL,
Surname varchar(50) NOT NULL,
DOB date NOT NULL,
Gender char(1) NOT NULL CHECK (Gender ='f' OR Gender ='m'),
Archive char(1) NULL,
Allergies varchar(200) NOT NULL,
Dietry_Requirements varchar(200) NOT NULL,
Disabilities varchar(200) NOT NULL,
Medicine_Requirements varchar(200) NOT NULL,
username varchar (30) NOT NULL,
password varchar (30) NOT NULL,
CONSTRAINT PK_Person_ID PRIMARY KEY (Person_ID),
CONSTRAINT FK_Person_Type_ID FOREIGN KEY (Person_Type_ID)
REFERENCES Person_Type (Person_Type_ID)) ;

编辑

下面是我试图开始工作的代码。我需要存储查询结果,以便可以通过插入命令将其解析到 Person 表。谢谢你的评论。

The problem I am having is that the Person_Type_ID in the Person table is always setting to 0, because of the NOT NULL command, however it is not updating based off my queries.

// drawing the information from the Person_Type table.
$sql9 = "(SELECT Person_Type_ID
                 FROM Person_Type pt
                WHERE pt.Person_Type_Value_Description =  $Person_Type_Value_Description)";
                $result = @mysql_query($sql9);

//inserting into the person table. **All filed work except for the Person_Type_ID
$qry = "INSERT INTO Person (Person_Type_ID, Create_Date, Modify_Date, First_Name, Surname, DOB, Gender, Allergies, Dietry_Requirements, Disabilities, Medicine_Requirements, username, password) 
   VALUES('$sql9', NOW(), NOW(), '$First_Name', '$Surname', '$DOB', '$Gender', '$Allergies', '$Dietry_Requirements', '$Disabilities', '$Medicine_Requirements', '$username', '$password')" ;
    $result = @mysql_query($qry);

How it is called to display in the form

<?

$persontype = array();

$qry = mysql_query("SELECT Person_Type_Value_Description FROM Person_Type ORDER BY Person_Type_ID");

while($res = mysql_fetch_array($qry)) {
$persontype[$res['Person_Type_Value_Description']] = $res['Person_Type_Value_Description'];
}

?> 


//creates the drop down
<?
function createDropdown($arr, $frm) {
foreach ($arr as $key => $value) {
echo '<option value="'.$value.'">'.$value.'</option>';
}
echo '</select>';
}
?>

The administrator would then select this from a simple drop down menu.

<td align="right"><div align="left">Person Type* </div></td>           
<td><select name="Person_Type_Value_Description" id="Person_Type_Value_Description">
 <option value="">Select One...</option>
<?php createDropdown($persontype, 'frmpersontype'); ?>
  </select>
      </td>
        </tr> 
4

1 回答 1

0

I think the problem is here

// drawing the information from the Person_Type table.
$sql9 = "(SELECT Person_Type_ID
             FROM Person_Type pt
            WHERE pt.Person_Type_Value_Description =  $Person_Type_Value_Description)";
$result = @mysql_query($sql9);

//inserting into the person table. **All filed work except for the Person_Type_ID
$qry = "INSERT INTO Person 
    (Person_Type_ID, Create_Date, Modify_Date, First_Name, Surname, DOB, Gender,
     Allergies, Dietry_Requirements, Disabilities, Medicine_Requirements, 
     username,password) 
  VALUES('$sql9', NOW(), NOW(), '$First_Name', '$Surname', '$DOB', '$Gender', 
    '$Allergies', '$Dietry_Requirements', '$Disabilities', '$Medicine_Requirements', 
    '$username', '$password')" ;
$result = @mysql_query($qry);

You're inserting the actual query in $sql9 rather than the result.

You need something like this:

$result = @mysql_query($sql9);
$row = mysql_fetch_assoc( $result );
$personTypeID = intval( $row['Person_Type_ID'] );

//inserting into the person table. **All filed work except for the Person_Type_ID
$qry = "INSERT INTO Person 
    (Person_Type_ID, Create_Date, Modify_Date, First_Name, Surname, DOB, Gender,
     Allergies, Dietry_Requirements, Disabilities, Medicine_Requirements, 
     username,password) 
  VALUES($personTypeID etc.

As a side-note, it's recommended not to use the mysql_ family of functions any more. You should use mysqli_ or PDO, preferably with prepared statements to escape input automatically.

于 2012-04-16T12:32:16.727 回答