我在使用该函数时遇到了计算问题。我希望在不输入SQL的情况下直接计算总支出限额和年度余额,并从SQL中检索唯一的年度支出限额。年度支出限额是插入治疗表的txtcast的附加数据。它成功地插入数据库,但不显示总支出限额和年度余额。
<?php
if (isset($_POST['Submit']))
{
if(empty($_POST['txtdate']))
{
echo '<p><font color="red" size="-1">Fill in date</font></p>';
}
else
if(empty($_POST['txtcost'])){
echo '<p><font color="red" size="-1">Fill in cost</font></p>';
}
else {
if($annualspendinglimit > $annualbalance) {
echo '<p><font color="red" size="-1">Annual spending limit exceed annual balance</font></p>';
}
else {
function gettotal($txtcost){
$totalspendinglimit = $txtcost++;
echo $totalspendinglimit;
}
gettotal($txtcost);
function getbalance($annualspendinglimit,$totalspendinglimit){
$annualbalance = $annualspendinglimit - $totalspendinglimit;
echo $annualbalance;}
getbalance($annualspendinglimit,$totalspendinglimit);
$sqltreatment = "INSERT INTO treatment(nostaf, nosiri, date, panelcode, cost)
values ('$ids', '$nosiri_new', '$_POST[txtdate]','$_POST[txtpanelcode]', '$_POST[txtcost]')";
mysqli_query($mysqli,$sqltreatment);
header("location: rekod_staf2.php?nostaf=$ids");
}
}
}
?>
总支出限额、年度支出限额和年度余额的前端代码
<td width="141"><font face="Tahoma">Total spend</font></td>
<td width="173"><font face="Tahoma"><strong>RM <font face="Tahoma">
<? $totalspendinglimit; ?>
</font></strong></font></td>
</tr>
<tr bgcolor="#0099FF">
<td><font face="Tahoma"> Limit Spend</font></td>
<td class="style71"><strong><font face="Tahoma">RM
<?=$r['annualspendinglimit']?>
</font></strong></td>
<td class="style71"><font face="Tahoma">Total balance</font></td>
<td class="style71"><font color="#FF0000" face="Tahoma"><strong>RM
<? $annualbalance;
?>
</strong></font></td>
我建议您的函数return是一个值,而不是简单地回显-您将返回的值分配给一个可以在其他地方使用的变量(在这种情况下,既用于显示,也作为下一个函数的输入参数(
必须对您发布的代码进行某些假设,因为有几个变量缺失——它们出现了,但在您共享的代码中没有定义。
此外,根据上面的评论和@Barmar的回答中的详细信息,您的代码容易受到SQL注入的攻击,这可能会对您的网站造成巨大损害,并可能泄露非常敏感的信息。调查准备好的语句,并在处理用户提供的输入时使用它们。
<?php
function getbalance($asl,$tsl){
return $asl - $tsl;
}
function gettotal($tc){
$tc++;
return $tc;
}
$errors=array();
/*
where are $annualspendinglimit, $annualbalance, $ids and $nosiri_new defined?
*/
if( isset(
$_POST['Submit'],
$_POST['txtdate'],
$_POST['txtcost'],
$_POST['txtpanelcode']
) ){
if( empty( $_POST['txtdate'] ) )$errors[]='Fill in date';
if( empty( $_POST['txtcost'] ) )$errors[]='Fill in cost';
if( $annualspendinglimit > $annualbalance )$errors[]='Annual spending limit exceed annual balance';
if( empty( $errors ){
$txtdate=$_POST['txtdate'];
$txtcode=$_POST['txtpanelcode'];
$txtcost=$_POST['txtcost'];
$totalspendinglimit=gettotal( $txtcost );
$annualbalance=getbalance( $annualspendinglimit, $totalspendinglimit );
printf('<div>Total Spending Limit: %s, Annual Balance: %s</div>', $totalspendinglimit, $annualbalance );
$sql='INSERT INTO `treatment`
( `nostaf`, `nosiri`, `date`, `panelcode`, `cost` )
VALUES
(?,?,?,?,?)';
$stmt=$mysqli->prepare( $sql );
$stmt->bind_param('sssss',$ids,$nosiri_new,$txtdate,$txtcode,$txtcost);
$stmt->execute();
$stmt->close();
exit( header("Location: rekod_staf2.php?nostaf=$ids") );
}else{
foreach( $errors as $error )printf('<p style="color:red;size:smaller">%s</p>',$error);
}
}
?>
您在gettotal()函数中本地分配$totalspendinglimit,因此无法在getbalance()中访问它。去掉那些函数,直接在顶层代码中分配变量。
$totalspendinglimit = $txtcost++;递增$txtcost,但在递增之前将$totalspendinglimit设置为值。由于此后您再也不用$txtcost,因此增量是无用的。我假设您实际上想要将$totalspendinglimit设置为递增的值,所以您应该只使用$txtcost + 1。你也从来没有分配过$txtcost,我在下面假设你指的是$_POST['txtcost']。
使用准备好的语句,而不是将变量直接替换到SQL中,以防止SQL注入。
<?php
if (isset($_POST['Submit']))
{
if(empty($_POST['txtdate']))
{
echo '<p><font color="red" size="-1">Fill in date</font></p>';
} elseif(empty($_POST['txtcost'])){
echo '<p><font color="red" size="-1">Fill in cost</font></p>';
} elseif($annualspendinglimit > $annualbalance) {
echo '<p><font color="red" size="-1">Annual spending limit exceed annual balance</font></p>';
} else {
$totalspendinglimit = $_POST['txtcost'] + 1;
echo $totalspendinglimit;
$annualbalance = $annualspendinglimit - $totalspendinglimit;
echo $annualbalance;
$sqltreatment = "INSERT INTO treatment(nostaf, nosiri, date, panelcode, cost)
values (?, ?, ?, ?, ?)";
$stmt = $mysqli->prepare($sqltreatment);
$stmt->bind_param('sssss', $ids, $nosiri_new, $_POST['txtdate'], $_POST['txtpanelcode'], $_POST['txtcost']);
$stmt->execute();
header("location: rekod_staf2.php?nostaf=$ids");
}
}
?>