0

我有一个像这样工作的三部分表单,第一个表单称为 create_ticket.php,它基本上是一个包含客户联系信息和他们想要做什么的表单。填写好票证后,它会提交给 MySQL,然后当对数据库进行搜索时,您可以通过单击搜索结果中与该票证关联的选择链接来选择所需的票证,浏览器将打开一个新窗口,其中包含表单的第二部分,但它会在浏览器中传递与该 MySQL 记录关联的 id,因此您可以在 url 的末尾看到 ?id=10 现在表单的第二部分是技术人员用来填写什么他们做到了,当他们点击页面底部的获取签名时,它将弹出表单的第三部分,允许客户在技术上签名' s ipad 或 Toughbook,当他们单击接受时,它应该更新 MySQL 中与在 url 中传递的那个 id 关联的记录。我的问题是它不起作用。因此您可以在以下位置查看表格http://jemtechnv.com/test/ticket_results.php并查看当您单击选择时,它会将您带到要填写的技术人员表格。这是我处理表单第二部分的代码:

<?php
// database connection //

include 'db/db_connect.php';

//This gets all the other information from the form

// start of form inputs //

$work_performed=$_POST['work_performed'];
$item_qty1=$_POST['item_qty1'];
$item_qty2=($_POST['item_qty2']);
$item_qty3=$_POST['item_qty1'];
$item_qty4=($_POST['item_qty2']);
$item_qty5=$_POST['item_qty1'];
$manuf_1=$_POST['manuf_1'];
$manuf_2=$_POST['manuf_2'];
$manuf_3=$_POST['manuf_3'];
$manuf_4=$_POST['manuf_4'];
$manuf_5=$_POST['manuf_5'];
$part_number1=$_POST['part_number1'];
$part_number2=$_POST['part_number2'];
$part_number3=$_POST['part_number3'];
$part_number4=$_POST['part_number4'];
$part_number5=$_POST['part_number5'];
$part_description1=$_POST['part_description1'];
$part_description2=$_POST['part_description2'];
$part_description3=$_POST['part_description3'];
$part_description4=$_POST['part_description4'];
$part_description5=$_POST['part_description5'];
$part1_price=$_POST['part_price1'];
$part2_price=$_POST['part_price2'];
$part3_price=$_POST['part_price3'];
$part4_price=$_POST['part_price4'];
$part5_price=$_POST['part_price5'];
$price_extension1=$_POST['price_extension1'];
$price_extension2=$_POST['price_extension2'];
$price_extension3=$_POST['price_extension3'];
$price_extension4=$_POST['price_extension4'];
$price_extension5=$_POST['price_extension5'];
$material_total=$_POST['material_total'];
$sales_tax=$_POST['sales_tax'];
$shipping_cost=$_POST['shipping_cost'];
$work_date1=$_POST['work_date1'];
$work_date2=$_POST['work_date2'];
$work_date3=$_POST['work_date3'];
$work_date4=$_POST['work_date4'];
$work_date5=$_POST['work_date5'];
$tech_name1=$_POST['tech_name1'];
$tech_name2=$_POST['tech_name2'];
$tech_name3=$_POST['tech_name3'];
$tech_name4=$_POST['tech_name4'];
$tech_name5=$_POST['tech_name5'];
$cost_code1=$_POST['cost_code1'];
$cost_code2=$_POST['cost_code2'];
$cost_code3=$_POST['cost_code3'];
$cost_code4=$_POST['cost_code4'];
$cost_code5=$_POST['cost_code5'];
$pay_rate1=$_POST['pay_rate1'];
$pay_rate2=$_POST['pay_rate2'];
$pay_rate3=$_POST['pay_rate3'];
$pay_rate4=$_POST['pay_rate4'];
$pay_rate5=$_POST['pay_rate5'];
$total_hours1=$_POST['total_hours1'];
$total_hours2=$_POST['total_hours2'];
$total_hours3=$_POST['total_hours3'];
$total_hours4=$_POST['total_hours4'];
$total_hours5=$_POST['total_hours5'];
$hours_subtotal1=$_POST['hours_subtotal1'];
$hours_subtotal2=$_POST['hours_subtotal2'];
$hours_subtotal3=$_POST['hours_subtotal3'];
$hours_subtotal4=$_POST['hours_subtotal4'];
$hours_subtotal5=$_POST['hours_subtotal5'];
$total_hours=$_POST['total_hours'];
$material_total=$_POST['material_total'];
$labor_cost=$_POST['labor_cost'];
$grand_total=$_POST['grand_total'];

//Writes the information to the database
 mysql_query("UPDATE INTO tickets WHERE id=$id (work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, manuf_2, manuf_3, manuf_4, manuf_5, part_number1, part_number2, part_number3, part_number4, part_number5, part_description1, part_description2, part_description3, part_description_4, part_description_5, part1_price, part2_price, part3_price, part4_price, part5_price, price_extension1, price_extension2, price_extension3, price_extension4, price_extension5, material_total, sales_tax, shipping_cost, work_date1, work_date2, work_date3, work_date4, work_date5, tech_name1, tech_name2, tech_name3, tech_name4, tech_name5, cost_code1, cost_code2, cost_code3, cost_code4, cost_code5, pay_rate1, pay_rate2, pay_rate3, pay_rate4, pay_rate5, total_hours1, total_hours2, total_hours3, total_hours4, total_hours5, hours_subtotal1, hours_subtotal2, hours_subtotal3, hours_subtotal4, hours_subtotal5, total_hours, material_total, labor_cost, grand_total,)
VALUES ('$work_performed','$item_qty1','$item_qty2','$item_qty3','$item_qty4','$item_qty5','$mauf_1','$manuf_2','$manuf_3','$manuf_4','$manuf_5','$part_number1','$part_number2','$part_number3','$part_number4','$part_number5','$part_description1','$part_description2','$part_description3','$part_description_4',
'$part_description5','$part1_price','$part2_price','$part3_price','$part4_price','$part5_price','$price_extension1','$price_extension2','$price_extension3','$price_extension4','$price_extension5','$material_total','$sales_tax','$shipping_cost','$work_date1','$work_date2','$work_date3','$work_date4','$work_date5','$tech_name1','$tech_name2','$tech_name3','$tech_name4','$tech_name5','$cost_code1','$cost_code2','$cost_code3','$cost_code4','$cost_code5','$pay_rate1','$pay_rate2','$pay_rate3','$pay_rate4','$pay_rate5',
'$total_hours1','$total_hours2','$total_hours3','$total_hours4','$total_hours5','$hours_subtotal1','$hours_subtotal2','$hours_subtotal3','$hours_subtotal4','$hours_subtotal5','$total_hours','$material_total','$labor_cost','$grand_total',)") ; 



mysql_affected_rows();

    ?>
<html>
<body>
<center>
<br><br><br>
<form name="results" method="post" action="ticket_results.php" enctype="multipart/form-data" id="ticketresult">
<input type="submit" class="submit" id="ticketresult" style="width: 165px" value="Do Something">
</form>
</center>
</body>
</html>

我也知道我需要采取 MySQL 注入预防措施,但老实说,目前这不是优先事项,因为我只想让表单首先工作,然后我会回去清理代码。谢谢你的帮助!我已经禁用了表单的签名部分,因此单击第二个表单上的获取签名将处理表单并为该记录进行更新,这应该是但没有!

更新:我已将以下建议的查询语法更改为:

mysql_query("UPDATE tickets SET (work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, manuf_2, manuf_3, manuf_4, manuf_5, part_number1, part_number2, part_number3, part_number4, part_number5, part_description1, part_description2, part_description3, part_description_4, part_description_5, part1_price, part2_price, part3_price, part4_price, part5_price, price_extension1, price_extension2, price_extension3, price_extension4, price_extension5, material_total, sales_tax, shipping_cost, work_date1, work_date2, work_date3, work_date4, work_date5, tech_name1, tech_name2, tech_name3, tech_name4, tech_name5, cost_code1, cost_code2, cost_code3, cost_code4, cost_code5, pay_rate1, pay_rate2, pay_rate3, pay_rate4, pay_rate5, total_hours1, total_hours2, total_hours3, total_hours4, total_hours5, hours_subtotal1, hours_subtotal2, hours_subtotal3, hours_subtotal4, hours_subtotal5, total_hours, material_total, labor_cost, grand_total,)WHERE id=$id
VALUES ('$work_performed','$item_qty1','$item_qty2','$item_qty3','$item_qty4','$item_qty5','$mauf_1','$manuf_2','$manuf_3','$manuf_4','$manuf_5','$part_number1','$part_number2','$part_number3','$part_number4','$part_number5','$part_description1','$part_description2','$part_description3','$part_description_4',
'$part_description5','$part1_price','$part2_price','$part3_price','$part4_price','$part5_price','$price_extension1','$price_extension2','$price_extension3','$price_extension4','$price_extension5','$material_total','$sales_tax','$shipping_cost','$work_date1','$work_date2','$work_date3','$work_date4','$work_date5','$tech_name1','$tech_name2','$tech_name3','$tech_name4','$tech_name5','$cost_code1','$cost_code2','$cost_code3','$cost_code4','$cost_code5','$pay_rate1','$pay_rate2','$pay_rate3','$pay_rate4','$pay_rate5',
'$total_hours1','$total_hours2','$total_hours3','$total_hours4','$total_hours5','$hours_subtotal1','$hours_subtotal2','$hours_subtotal3','$hours_subtotal4','$hours_subtotal5','$total_hours','$material_total','$labor_cost','$grand_total',)");

但是现在当我提交表单以更新数据库时出现以下错误,

您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 '(work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, ' 附近使用正确的语法

4

1 回答 1

2

你的查询是错误的。查询应该是

UPDATE tickets  SET work_performed = something, item_qty1 = something .... WHERE id=$id
于 2013-05-30T10:47:05.007 回答