comment modifier la table dans ms sql server2014 en utilisant php

erreur J'utilise la database MS SQL pour la première fois et j'essaie de faire une mise à jour sur la table en utilisant PHP. ce sont les codes que j'ai utilisés pour la mise à jour. il dit qu'il y a une erreur "Undefined index: cust_id"

<style> th{text-align: right; border-style: none;} td{ width: 10%; } table{border-spacing:15px; width:20%;} .button { background-color: black; border: none; color: white; padding: 15px 32px; text-align: center; text-decoration: none; display: inline-block; font-size: 16px; margin: 4px 2px; cursor: hand; border-radius:12px; } .button:hover{ background-color: grey; color: black; } input[type=number]{ width:200px; } input[type=date]{ width: 200px; } input[type=number]::-webkit-inner-spin-button, input[type=number]::-webkit-outer-spin-button { -webkit-appearance: none; margin: 0; } </style> <?php $serverName = "kwe-PC\SQLEXPRESS"; $connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe"); $conn = sqlsrv_connect($serverName, $connectionInfo); if ($conn === false) { die(print_r(sqlsrv_errors(), true)); } //declare the SQL statement that will query the database $query = "SELECT * FROM Customer_Details WHERE Rec_No=".$_POST['id']; //execute the SQL query and return records $result = sqlsrv_query($conn, $query) or die(print_r(sqlsrv_errors(), true)); //Show results in table $o = '<table border=1>'; while ($record = sqlsrv_fetch_array($result)) { $street1 = $record['street']; $o .='<form action= method=POST>'; $o .= '<tr><th>REC NO.: </th><td><input type=text name=id value=' . $record ['Rec_No'] . '></td><th>CUSTOMER ID: </th><td><input type=text name=cust_id value=' . $record ['Cust_ID'] . '></td></tr>'; $o .= '<tr><th>CUSTOMER NAME: </th><td><input type=text name=custname value=' . $record ['Cust_Name'] . '></td><th>SEC-REGISTERED NAME: </th><td><input type=text name=secname value=' . $record ['SEC_Name'] . '></td></tr>'; $o .= '<tr><th>TIN NUMBER: </th><td><input type=text name=tin value=' . $record ['TIN Number'] . '></td><th>STORE TYPE: </th><td><input type=text name=store_type value=' . $record ['Store_Type'] . '></td></tr>'; $o .="<tr><td colspan=2><b><u><font size=5>ORGANIZATION AND BUSINESS:</font></b></u></td></tr>"; $o .= '<tr><th>SIZE OF BUSINESS: </th><td><input type=text name=tin value=' . $record ['Size of Business'] . '></td><th>SELLER ID: </th><td><input type=text name=store_type value=' . $record ['Seller_ID'] . '></td></tr>'; $o .= '<tr><th>DATE OF ESTABLISHMENT: </th><td><input type=date name=date_establish value=' . $record ['Date of Establishment'] . '></td></tr>'; /*$o .='<td>' . date('F d, Y', strtotime($record ['Date of Establishment'])) . '</td>';*/ $o .='<tr><th>ADDRESS(Headquarters): </th><td><input type=text name=street placeholder=House Number/Street value="'.$street1.'"></td><td><input type=text name=barangay placeholder Barangay value="'. $record['barangay'] .'"></td><td><input type=text name=city placeholder=City/Municipality value="'. $record['city'] .'"></td></tr>'; $o .='<tr><th>&nbsp</th><td><input type=text name=province placeholder=Province value='. $record['province'] .'></td><td><input type=text name=postal_code placeholder="Postal Code" value='. $record['postal_code'] .'></td></tr>'; $o .='<tr><th>TELEPHONE# / FAX: </th><td><input type=text name=tel_num value=' . $record ['Telephone/Fax'] . '></td><th>PAYMENT TERMS: </th><td><input type=text name=payment_terms value='.$record['Payment Terms'].'></td></tr>'; $o .='<tr><th>SHIPPING INSTRUCTIONS: </th><td><input type=text name=ship_inst value=' . $record ['Shipping Instructions'] . '></td></tr>'; $o .='<tr><th>NUMBER OF DOORS: </th><td><input type=text name=num_doors value=' . $record ['Number of Doors'] . '></td><th>NUMBER OF WAREHOUSES: </th><td><input type=text name=num_wh value='.$record['Number of Warehouses'].'></td></tr>'; $o .='<tr><td colspan=2><b><u><font size=5>CONTACT PERSONNEL:</font></b></u></td></tr>'; $o .='<tr><th>OWNER: </th><td><input type=text name=owner_name value="' . $record ['Owner'] . '"></td><td><input type=number name=owner_contact placeholder="Contact Number" value='.$record['owner_contact'].'></td><td><input type=date name=owner_bday value="'.$record['owner_bday'].'"></td><td><input type=text name=owner_interest placeholder="Interest" value="'.$record['owner_interest'].'"></td></tr>'; $o .='<tr><th>PURCHASER/S: </th><td><input type=text name=purch_name value="' . $record ['Purchaser(s)'] . '"></td><td><input type=number name=purch_contact placeholder="Contact Number" value='.$record['purch_contact'].'></td><td><input type=date name=purch_bday value="'.$record['purch_bday'].'"></td><td><input type=text name=purch_interest placeholder="Interest" value="'.$record['purch_interest'].'"></td></tr>'; $o .='<tr><th>ACCOUNTING HEAD: </th><td><input type=text name=ah_name value="' . $record ['Accounting Head'] . '"></td><td><input type=number name=ah_contact placeholder="Contact Number" value='.$record['ah_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>'; $o .='<tr><th>WAREHOUSE HEAD: </th><td><input type=text name=wh_name value="' . $record ['Warehouse Head'] . '"></td><td><input type=number name=wh_contact placeholder="Contact Number" value='.$record['wh_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>'; $o .='<tr><th>OTHER PERSONNEL: </th><td><input type=text name=other_name placeholder="Fullname" value="' . $record ['Other Personnel'] . '"></td><td><input type=number name=other_contact placeholder="Contact Number" value='.$record['other_contact'].'></td><td><input type=date name=other_bday value="'.$record['other_bday'].'"></td><td><input type=text name=other_interest placeholder="Interest" value="'.$record['other_interest'].'"></td></tr>'; $o .='<tr><td colspan=2><b><u><font size=5>TERMS AND DISCOUNTS:</font></b></u></td></tr>'; $o .='<tr><th>PAYMENT TERMS: </th><td><input type=text name="payment_terms2" value="'.$record['Payment Terms 2'].'"></td><th>COLLECTION SCHEDULE:</th></tr>'; $o .='<tr><th>DISCOUNT: </th><td><input type="text" name="payment_terms2" value="'.$record['Discount'].'"></td><td><input type="text" name="coll_sched" placeholder="eg Every Wednesday after lunch, MWF Mornings" value="'.$record['Collection Schedule'].'"></td></tr>'; $o .='<tr><td colspan=2><b><u><font size=5>BUSINESS GOALS:</font></b></u></td></tr>'; $o .='<tr><th>VOLUME:</th><td><input type=text name="volume" size=24 value="'.$record['Volume'].'"></td><th>CSL:</th><td><input type=text name="csl" size=23 value="'.$record['CSL'].'"></td></tr>'; $o .='<tr><th>MERCHANDISING:</th><td><input type=text name="merchandising" size=24 value="'.$record['Merchandising'].'"></td><th>ASSORTMENT:</th><td><input type=text name="assortment" size=23 value="'.$record['Assortment'].'"></td></tr>'; $o .='<tr><th>VEHICLE:</th><td><input type=text name="vehicle" size=24 value="'.$record['Marketing Vehicle'].'"></td><th>PRICING:</th><td><input type=text name="pricing" size=23 value="'.$record['Pricing'].'"></td></tr>'; $o .='<tr><th>DISTRIBUTION:</th><td><input type=text name="dissortingbution" size=24 value="'.$record['Dissortingbution'].'"></td><th>MARGIN:</th><td><input type=text name="margin" size=23 value="'.$record['Margin'].'"></td></tr>'; $o .='<tr><td colspan=2><b><u><font size=5>STRATEGIES:</font></b></u></td></tr>'; $o .='<tr><th>PRICE:</th><td><input type=text name="price" size=24 value="'.$record['Price'].'"></td><th>PEOPLE:</th><td><input type=text name="people" size=23 value="'.$record['People'].'"></td></tr>'; $o .='<tr><th>PROMOTION:</th><td><input type=text name="promotion" size=24 value="'.$record['Promotion'].'"></td><th>PRODUCT:</th><td><input type=text name="product" size=23 value="'.$record['People'].'"></td></tr>'; $o .='<tr><th>CATMAN ENROLLMENT:</th><td><input type=text name="catman" size=24 value="'.$record['Catman Enrollment'].'"></td></tr>'; $o .='<tr><td colspan=2><font size=5><b><u>POLICIES:</u></b></font></td></tr>'; $o .='<tr><th>REPLENISHMENT ORDERS:</th><td colspan=3><input type=text name="rep_orders" size=92 value="'.$record['Replenishment Orders'].'"></td></tr>'; $o .='<tr><th>ASSORTMENT/MERCHANDISING:</th><td colspan=3><input type=text name="assort_merch" size=92 value="'.$record['Assortment/Merchandising'].'"></td></tr>'; $o .='<tr><th>NEW PRODUCTS:</th><td colspan=3><input type=text name="new_prod" size=92 value="'.$record['New Products'].'"></td></tr>'; $o .='<tr><th>PRICING/PROMOTION:</th><td colspan=3><input type=text name="price_promote" size=92 value="'.$record['Pricing/Promotions'].'"></td></tr>'; $o .='<tr><th>UPLOAD PICTURE:</th><td colspan=2><input type=file name="image" size=92 value="'.$record['image'].'"></td></tr>'; } $o .= '</tbody></table>'; echo $o; echo"<form action=edit.php method=POST>"; echo"<br><input type=submit value=Save name=submit></form>"; $serverName = "kwe-PC\SQLEXPRESS"; $connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe"); $conn = sqlsrv_connect($serverName, $connectionInfo); if ($conn === false) { die(print_r(sqlsrv_errors(), true)); } if (isset($_POST['submit'])) { $sql = "UPDATE Customer_Details SET Cust_ID = ".$_POST['cust_id']." WHERE Rec_No =" . $_POST['id']; sqlsrv_query($conn, $sql); $ids = $_POST['id']; } else{ echo "ID is empty"; } ?>

A en juger par la description, vous obtenez erreur php, pas un sql.

Un petit conseil, n'utilisez pas de requêtes ad-hoc dans votre code.

Au lieu de créer une procédure stockée dans le but dont vous avez besoin et exécuter la procédure à partir de l'application, par exemple.

 CREATE PROCEDURE proc_UpdateCustomer (@RecNo int, @CustomerID int) AS BEGIN SET NOCOUNT ON; UPDATE Customer_Details SET Cust_ID = @CustomerID WHERE Rec_No = @RecNo END

De cette façon, vous êtes à l'abri de l'injection SQL. De la même manière, créez le SP pour votre instruction SELECT.