1. 首页
  2. 问答
  3. SQL仍然插入数据到数据库中,即使它是错误的

SQL仍然插入数据到数据库中,即使它是错误的

2017-08-10 66 views
1

我想要做的是:我正在使用Android将数据插入到数据库中。但是它必须RETRIEVE/SEARCH为第一个表中的这个板号,但是在将数据插入到另一个表之前,它应该首先检查这个表中是否存在这个板号,如果是true,那么将数据插入到表中如果错误,则不要将数据插入表中。SQL仍然插入数据到数据库中,即使它是错误的

我遇到的问题是:即使我输入的板号是错误的,我在我的EditText中输入的数据仍将INSERT插入到数据库/表中。

我认为我的SQL语句有问题吗?

我在PHP代码:

<?php 
$host='localhost'; 
$user='root'; 
$password=''; 
$db='employee101'; 

$PLATE_NUM = $_POST["PLATE_NUM"]; 
$PUV_TYPE = $_POST["PUV_TYPE"]; 
$content = $_POST["content"]; 

$sql = "select * from employee_data where PLATE_NUM like '$PLATE_NUM';";//first table where you retrieve the plate number first 
$sql_insert = "insert into employee_content (PLATE_NUM, PUV_TYPE, content) values('$PLATE_NUM', '$PUV_TYPE', '$content')";//insert the table 

$con = mysqli_connect($host,$user,$password,$db); 

$result = mysqli_query($con, $sql); 
$result2 = mysqli_query($con, $sql_insert); 
$response = array(); 

if (mysqli_num_rows($result)> 0 && ($result2)=== TRUE){ 
     echo"Log-In Success!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; 
}else{ 
    echo "Log-In not success"; 
} 

mysqli_close($con); 

?>

我的Android Studio中的代码:

onButtonClick代码:

public void Button(View view) { 

     String puv_plate = report_plate.getText().toString(); 
     String puv_type = report_type.getText().toString(); 
     String content = report_content.getText().toString(); 
     String type="report"; 
     BackgroundWorker backgroundWorker = new BackgroundWorker(this); 
     backgroundWorker.execute(type, puv_plate,puv_type,content); 
    }

后台辅助类:

if(type.equals("report")){ 
       try { 
        String id_ret = params[1]; 
        String puv_type = params[2]; 
        String report = params[3]; 

        URL url = new URL(retrieve_id); 
        HttpURLConnection httpURLConnection = (HttpURLConnection)url.openConnection(); 
        httpURLConnection.setRequestMethod("POST"); 
        httpURLConnection.setDoOutput(true); 
        httpURLConnection.setDoInput(true); 
        OutputStream outputStream = httpURLConnection.getOutputStream(); 
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, "UTF-8")); 
        String post_data = URLEncoder.encode("PLATE_NUM","UTF-8")+"="+URLEncoder.encode(id_ret,"UTF-8") + "&" 
          + URLEncoder.encode("PUV_TYPE", "UTF-8") + "=" + URLEncoder.encode(puv_type, "UTF-8") + "&" 
          + URLEncoder.encode("content", "UTF-8") + "=" + URLEncoder.encode(report, "UTF-8");; 
        bufferedWriter.write(post_data); 
        bufferedWriter.flush(); 
        bufferedWriter.close(); 
        outputStream.close(); 
        InputStream inputStream = httpURLConnection.getInputStream(); 
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "iso-8859-1")); 
        String result = ""; 
        String line = ""; 
        while((line = bufferedReader.readLine())!= null){ 
         result += line; 
        } 
        bufferedReader.close(); 
        inputStream.close(); 
        httpURLConnection.disconnect(); 
        return result; 
       } catch (MalformedURLException e) { 
        e.printStackTrace(); 
       } catch (IOException e) { 
        e.printStackTrace(); 
       }

来源

2017-08-10 YaZao RuZakiaga

+0

检查我更新的答案,很确​​定这是真正的问题 – Bqin1

回答

1

这一说法在你的PHP抓取数看起来粗略:

$ sql =“select * from employee_data where PLATE_NUM like'$ PLATE_NUM';”

我以为like关键字找到一个模式[1]。为什么不做=在那里?只有在两个条件都为真的情况下,才会导致if语句= true,并且如果在PLATE_NUM列中找到了某个模式,它将始终为真。你想要一个特定的车牌号码作为条件检查。

$ sql =“select * from employee_data where PLATE_NUM ='$ PLATE_NUM';”

[1] https://www.w3schools.com/sql/sql_like.asp

编辑,问题是在这里,你总是甚至在if语句检查运行结果2查询。当result1返回成功时,您只需运行result2。

将其更改为

$result = mysqli_query($con, $sql);

//注释掉它$结果2 = mysqli_query($ CON,$ sql_insert); $ response = array();

if (mysqli_num_rows($result)> 0){ 
     $result2 = mysqli_query($con, $sql_insert);

来源

2017-08-10 04:12:45 Bqin1

+0

我将它改为'=',但它仍然插入到数据库中。 –

+0

啊我现在看到你的问题了,你总是会运行result2。我正在更新我的答案,现在已更新 – Bqin1

2

你可以做这两个way

1)使用一些php脚本在数据库中手动检查。然后你可以插入数据。 这样做的逻辑是

写onesql查询以检查计数where the PLATE_NUM='the value'

$query="SELECT COUNT(*) FROm table_name WHERE PLATE_NUM='the value';"

然后得到的结果thecount值。如果该值大于0表示值已存在于数据库

if($count>0){ 
    echo "PLATE_NUM already exist"; 
    // if you want to update. Here you can update. 
}else{ 
    // perform your actions like insert. 
}

2)请在databadse的PLATE_NUM字段作为唯一键。该这将为重复自动检查

使用mysqli_bind参数概念

$stmt = $mysqli->prepare($query) or trigger_error($mysqli->error."[$sql]"); 
$stmt->bind_param('d', $plate_no_value);// here d for number and s for string 
$stmt->bind_result($count); 
$stmt->execute();

来源

2017-08-10 04:10:27

+0

上午我做对了吗? $ count = mysqli_query($ con,$ query);? –

+0

为了更好的实践,我已经使用MySQLi_bind参数编辑了答案。请看看 –

1

其实,你写的查询,但你没有检查第一个查询它是否是可用与否,不检查你插入的数据,

相反,你可以简单地用一个UPDATE查询来实现这,

$sql_insert = "UPDATE employee_content SET PLATE_NUM = '$PLATE_NUM', PUV_TYPE = '$PUV_TYPE', content = '$content' WHERE PLATE_NUM='$PLATE_NUM')";

来源

2017-08-10 04:16:25

相关问题

 相关问题