2016-04-24 8 views
1

error私は初めてms sqlデータベースを使用しています。私はPHPを使用してテーブルを更新しようとしています。これらは私が更新に使用したコードです。それは誤りがあると言う「未定義のインデックスは:CUST_ID」 msでテーブルを変更する方法SQL Server2014でPHPを使用する

<style> 
 
\t th{text-align: right; border-style: none;} 
 
\t td{ 
 
\t \t width: 10%; 
 
\t } 
 
\t table{border-spacing:15px; width:20%;} 
 
\t .button { 
 
    background-color: black; 
 
    border: none; 
 
    color: white; 
 
    padding: 15px 32px; 
 
    text-align: center; 
 
    text-decoration: none; 
 
    display: inline-block; 
 
    font-size: 16px; 
 
    margin: 4px 2px; 
 
    cursor: hand; 
 
\t border-radius:12px; 
 
\t } 
 
\t .button:hover{ 
 
\t \t background-color: grey; 
 
\t \t color: black; 
 
\t } 
 
\t input[type=number]{ 
 
    width:200px; 
 
\t } 
 
\t input[type=date]{ 
 
\t width: 200px; 
 
\t } 
 
\t input[type=number]::-webkit-inner-spin-button, 
 
\t input[type=number]::-webkit-outer-spin-button { 
 
\t -webkit-appearance: none; 
 
\t margin: 0; 
 
\t } 
 
\t </style> 
 
<?php 
 
$serverName = "kwe-PC\SQLEXPRESS"; 
 
$connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe"); 
 
$conn = sqlsrv_connect($serverName, $connectionInfo); 
 
if ($conn === false) { 
 
    die(print_r(sqlsrv_errors(), true)); 
 
} 
 
//declare the SQL statement that will query the database 
 
$query = "SELECT * FROM Customer_Details WHERE Rec_No=".$_POST['id']; 
 

 
//execute the SQL query and return records 
 
$result = sqlsrv_query($conn, $query) 
 
     or die(print_r(sqlsrv_errors(), true)); 
 
//Show results in table 
 

 
$o = '<table border=1>'; 
 
while ($record = sqlsrv_fetch_array($result)) { 
 
\t $street1 = $record['street']; 
 
\t $o .='<form action= method=POST>'; 
 
    $o .= '<tr><th>REC NO.: </th><td><input type=text name=id value=' . $record ['Rec_No'] . '></td><th>CUSTOMER ID: </th><td><input type=text name=cust_id value=' . $record ['Cust_ID'] . '></td></tr>'; 
 
    $o .= '<tr><th>CUSTOMER NAME: </th><td><input type=text name=custname value=' . $record ['Cust_Name'] . '></td><th>SEC-REGISTERED NAME: </th><td><input type=text name=secname value=' . $record ['SEC_Name'] . '></td></tr>'; 
 
    $o .= '<tr><th>TIN NUMBER: </th><td><input type=text name=tin value=' . $record ['TIN Number'] . '></td><th>STORE TYPE: </th><td><input type=text name=store_type value=' . $record ['Store_Type'] . '></td></tr>'; 
 
    $o .="<tr><td colspan=2><b><u><font size=5>ORGANIZATION AND BUSINESS:</font></b></u></td></tr>"; 
 
    $o .= '<tr><th>SIZE OF BUSINESS: </th><td><input type=text name=tin value=' . $record ['Size of Business'] . '></td><th>SELLER ID: </th><td><input type=text name=store_type value=' . $record ['Seller_ID'] . '></td></tr>'; 
 
\t $o .= '<tr><th>DATE OF ESTABLISHMENT: </th><td><input type=date name=date_establish value=' . $record ['Date of Establishment'] . '></td></tr>'; 
 
    /*$o .='<td>' . date('F d, Y', strtotime($record ['Date of Establishment'])) . '</td>';*/ 
 
\t $o .='<tr><th>ADDRESS(Headquarters): </th><td><input type=text name=street placeholder=House Number/Street value="'.$street1.'"></td><td><input type=text name=barangay placeholder Barangay value="'. $record['barangay'] .'"></td><td><input type=text name=city placeholder=City/Municipality value="'. $record['city'] .'"></td></tr>'; 
 
\t $o .='<tr><th>&nbsp</th><td><input type=text name=province placeholder=Province value='. $record['province'] .'></td><td><input type=text name=postal_code placeholder="Postal Code" value='. $record['postal_code'] .'></td></tr>'; 
 
    $o .='<tr><th>TELEPHONE#/FAX: </th><td><input type=text name=tel_num value=' . $record ['Telephone/Fax'] . '></td><th>PAYMENT TERMS: </th><td><input type=text name=payment_terms value='.$record['Payment Terms'].'></td></tr>'; 
 
    $o .='<tr><th>SHIPPING INSTRUCTIONS: </th><td><input type=text name=ship_inst value=' . $record ['Shipping Instructions'] . '></td></tr>'; 
 
    $o .='<tr><th>NUMBER OF DOORS: </th><td><input type=text name=num_doors value=' . $record ['Number of Doors'] . '></td><th>NUMBER OF WAREHOUSES: </th><td><input type=text name=num_wh value='.$record['Number of Warehouses'].'></td></tr>'; 
 
    $o .='<tr><td colspan=2><b><u><font size=5>CONTACT PERSONNEL:</font></b></u></td></tr>'; 
 
\t $o .='<tr><th>OWNER: </th><td><input type=text name=owner_name value="' . $record ['Owner'] . '"></td><td><input type=number name=owner_contact placeholder="Contact Number" value='.$record['owner_contact'].'></td><td><input type=date name=owner_bday value="'.$record['owner_bday'].'"></td><td><input type=text name=owner_interest placeholder="Interest" value="'.$record['owner_interest'].'"></td></tr>'; 
 
\t $o .='<tr><th>PURCHASER/S: </th><td><input type=text name=purch_name value="' . $record ['Purchaser(s)'] . '"></td><td><input type=number name=purch_contact placeholder="Contact Number" value='.$record['purch_contact'].'></td><td><input type=date name=purch_bday value="'.$record['purch_bday'].'"></td><td><input type=text name=purch_interest placeholder="Interest" value="'.$record['purch_interest'].'"></td></tr>'; 
 
\t $o .='<tr><th>ACCOUNTING HEAD: </th><td><input type=text name=ah_name value="' . $record ['Accounting Head'] . '"></td><td><input type=number name=ah_contact placeholder="Contact Number" value='.$record['ah_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>'; 
 
\t $o .='<tr><th>WAREHOUSE HEAD: </th><td><input type=text name=wh_name value="' . $record ['Warehouse Head'] . '"></td><td><input type=number name=wh_contact placeholder="Contact Number" value='.$record['wh_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>'; 
 
\t $o .='<tr><th>OTHER PERSONNEL: </th><td><input type=text name=other_name placeholder="Fullname" value="' . $record ['Other Personnel'] . '"></td><td><input type=number name=other_contact placeholder="Contact Number" value='.$record['other_contact'].'></td><td><input type=date name=other_bday value="'.$record['other_bday'].'"></td><td><input type=text name=other_interest placeholder="Interest" value="'.$record['other_interest'].'"></td></tr>'; 
 
\t $o .='<tr><td colspan=2><b><u><font size=5>TERMS AND DISCOUNTS:</font></b></u></td></tr>'; 
 
\t $o .='<tr><th>PAYMENT TERMS: </th><td><input type=text name="payment_terms2" value="'.$record['Payment Terms 2'].'"></td><th>COLLECTION SCHEDULE:</th></tr>'; 
 
\t $o .='<tr><th>DISCOUNT: </th><td><input type="text" name="payment_terms2" value="'.$record['Discount'].'"></td><td><input type="text" name="coll_sched" placeholder="e.g Every Wednesday after lunch, MWF Mornings" value="'.$record['Collection Schedule'].'"></td></tr>'; 
 
    $o .='<tr><td colspan=2><b><u><font size=5>BUSINESS GOALS:</font></b></u></td></tr>'; 
 
\t $o .='<tr><th>VOLUME:</th><td><input type=text name="volume" size=24 value="'.$record['Volume'].'"></td><th>CSL:</th><td><input type=text name="csl" size=23 value="'.$record['CSL'].'"></td></tr>'; 
 
\t $o .='<tr><th>MERCHANDISING:</th><td><input type=text name="merchandising" size=24 value="'.$record['Merchandising'].'"></td><th>ASSORTMENT:</th><td><input type=text name="assortment" size=23 value="'.$record['Assortment'].'"></td></tr>'; 
 
\t $o .='<tr><th>VEHICLE:</th><td><input type=text name="vehicle" size=24 value="'.$record['Marketing Vehicle'].'"></td><th>PRICING:</th><td><input type=text name="pricing" size=23 value="'.$record['Pricing'].'"></td></tr>'; 
 
\t $o .='<tr><th>DISTRIBUTION:</th><td><input type=text name="distribution" size=24 value="'.$record['Distribution'].'"></td><th>MARGIN:</th><td><input type=text name="margin" size=23 value="'.$record['Margin'].'"></td></tr>'; 
 
\t $o .='<tr><td colspan=2><b><u><font size=5>STRATEGIES:</font></b></u></td></tr>'; 
 
\t $o .='<tr><th>PRICE:</th><td><input type=text name="price" size=24 value="'.$record['Price'].'"></td><th>PEOPLE:</th><td><input type=text name="people" size=23 value="'.$record['People'].'"></td></tr>'; 
 
\t $o .='<tr><th>PROMOTION:</th><td><input type=text name="promotion" size=24 value="'.$record['Promotion'].'"></td><th>PRODUCT:</th><td><input type=text name="product" size=23 value="'.$record['People'].'"></td></tr>'; 
 
\t $o .='<tr><th>CATMAN ENROLLMENT:</th><td><input type=text name="catman" size=24 value="'.$record['Catman Enrollment'].'"></td></tr>'; 
 
\t $o .='<tr><td colspan=2><font size=5><b><u>POLICIES:</u></b></font></td></tr>'; 
 
\t $o .='<tr><th>REPLENISHMENT ORDERS:</th><td colspan=3><input type=text name="rep_orders" size=92 value="'.$record['Replenishment Orders'].'"></td></tr>'; 
 
\t $o .='<tr><th>ASSORTMENT/MERCHANDISING:</th><td colspan=3><input type=text name="assort_merch" size=92 value="'.$record['Assortment/Merchandising'].'"></td></tr>'; 
 
\t $o .='<tr><th>NEW PRODUCTS:</th><td colspan=3><input type=text name="new_prod" size=92 value="'.$record['New Products'].'"></td></tr>'; 
 
\t $o .='<tr><th>PRICING/PROMOTION:</th><td colspan=3><input type=text name="price_promote" size=92 value="'.$record['Pricing/Promotions'].'"></td></tr>'; 
 
\t $o .='<tr><th>UPLOAD PICTURE:</th><td colspan=2><input type=file name="image" size=92 value="'.$record['image'].'"></td></tr>'; 
 
\t } 
 

 
$o .= '</tbody></table>'; 
 
echo $o; 
 
echo"<form action=edit.php method=POST>"; 
 

 
echo"<br><input type=submit value=Save name=submit></form>"; 
 
    $serverName = "kwe-PC\SQLEXPRESS"; 
 
    $connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe"); 
 
    $conn = sqlsrv_connect($serverName, $connectionInfo); 
 
    if ($conn === false) { 
 
     die(print_r(sqlsrv_errors(), true)); 
 
    } 
 
    if (isset($_POST['submit'])) { 
 
\t $sql = "UPDATE Customer_Details SET Cust_ID = ".$_POST['cust_id']." WHERE Rec_No =" . $_POST['id']; 
 
    sqlsrv_query($conn, $sql); 
 
\t $ids = $_POST['id']; 
 
    
 
} 
 
\t else{ 
 
     echo "ID is empty"; 
 
    } 
 
?>

+0

にないため、返された$ _POST配列にcust_idが設定されていません。 [参照回答を参照](http://stackoverflow.com/a/14115956/3585500)。 – ourmandave

答えて

1

、あなたがPHPのエラーではなく、SQLの1を取得している記述から判断します。

アドバイスのビットは、あなたのコードでアドホックなクエリを使用しないでください。

代わりに必要な目的のためにストアドプロシージャを作成し、appからプロシージャを実行します。

CREATE PROCEDURE proc_UpdateCustomer (@RecNo int, @CustomerID int) 
AS 
BEGIN 

    SET NOCOUNT ON; 

    UPDATE Customer_Details 
    SET Cust_ID = @CustomerID 
    WHERE Rec_No = @RecNo 

END 

この方法では、SQLインジェクションから安全です。同様に、SELECTステートメント用のSPを作成します。

関連する問題