我有一个简单的代码,可以在其中创建和修改表,但是这些表并不是从一开始就创建的,并且会出现以下错误:
未定义变量:第28行的价格
未定义的变量:第28行上的newbrand
未定义的变量:第28行的newprice
第28行:
$conexion-> modify("Mitsubishi",40000000,$price,$newbrand,$newprice);
完整的代码:
<?php
class MyDataBase{
private $link;
public function __construct($server,$user,$password,$base){
//Conectar
$this->link = mysql_connect($server,$user,$password);
mysql_select_db($base,$this->link);
}
public function insert($model,$brand,$price){
mysql_query("INSERT INTO autos (model, brand, price) VALUES ($model,'$brand', $price)",$this->link);}
public function modify($model,$brand,$price,$newbrand,$newprice){
mysql_query("UPDATE 'crautos'.'autos' SET 'brand' = '$newbrand',
'price' = '$newprice' WHERE 'autos'.'model' =5 AND 'autos'.'brand' = '$brand' AND 'autos'.'price' ='$price' LIMIT 1" ,$this->link);}
public function __destruct(){
//desconectar
}
}
$conexion = new MyDataBase ('localhost', 'root', '','crcars');
$conexion-> insert(05,"Ford",50000000);
$conexion-> modify("Mitsubishi",40000000,$price,$newbrand,$newprice);
?>
最佳答案
$conexion-> modify("Mitsubishi",40000000,$price,$newbrand,$newprice);
您永远不会设置$ price,$ newbrand和$ newprice的值。而且,您也没有在转义数据:
public function insert($model,$brand,$price){
$model = mysql_real_escape_string($model);
$brand = mysql_real_escape_string($brand);
$price = (int)$price;
mysql_query("INSERT INTO autos (model, brand, price) VALUES ('$model','$brand', $price)",$this->link);
}
与修改相同,您应该转义数据,请参见:http://php.net/manual/fr/function.mysql-real-escape-string.php