저는 PHP에 익숙하지 않지만 이것이 왜 작동하지 않는지 파악하려고합니다. PHP를 통해 매개 변수를 취하는 SQL 저장 프로 시저를 실행하려고했습니다. 이 코드는 기준에 따라 사용자 데이터 입력을 위해 양식에 추가 행을 추가해야합니다. 저장 프로 시저를 SQL Server Management Studio에서 직접 실행하면 올바르게 작동하고 백 엔드 테이블에 행이 추가되고 프런트 엔드 형식의 행이 반영되지만 행을 기본 코드와 함께 추가하려고하면 , 나는 아무런 오류없이 아무것도 업데이트하지 않는다.PHP에서 SQL 저장 프로 시저 실행
저는 PHP에 익숙하지 않지만 이것이 왜 작동하지 않는지 배우려 고 노력하고 있습니다. 어떤 도움이라도 대단히 감사합니다.
다음은 기본 PHP 코드입니다. 여기
<?PHP include 'Connections/PromAPPS01Connection.php'; ?>
<?php
session_start();
$sUserid = "9999";
if(isset($_SESSION['sUserID'])){
$sUserid = $_SESSION['sUserID'];
//echo "Yes";
}
else{
/* Redirect browser */
header("Location: LoginSession.php");
/* Make sure that code below does not get executed when we redirect. */
exit;
//echo "No";
}
$sPostPropertyId = $_POST["Props"];
$sPostGroupId = $_POST["AcctGroup"];
$sRecordStart = $_POST["RS"];
$sPostAcct = $_POST["Acct"];
$sPostYear = $_POST["Year"];
$sBudgetID = $_POST["BudgetID"];
$sPostRowCount = $_POST["AcctCount"];
$sSubmitType = $_POST["SubmitType"];
$sView = $_POST["View"];
$sAddLineAcct = $_POST["NewLineAcct"];
$sAddLineProp = $_POST["NewLineProp"];
$sAddLineYear = $_POST["NewLineYear"];
$sPropertyNumber = $_POST["PropertyNumber"];
$sType = $_POST["Type"];
$sDept = $_POST["Dept"];
$sComments = $_POST["Comments"];
$sAddType = $_POST["AddType"];
$sqlNewLine = "Exec Budgeting.procAddNewLines '". $sPostPropertyId ."', '". $sPropertyNumber ."', '". $sAddLineAcct ."', '". $sAddType ."','". $sType ."', '". $sAddLineYear ."', '". $sPostYear ."', '". $sComments ."', '". $sUserid ."','". $sDept ."' ";
//echo "<br>";
//echo $sAddType ." & ". $sAddLineYear . " &". $sPostYear;
if ($sRecordStart == ""){
$sRecordStart = 0;
}
$iNextRS = $sRecordStart;
$navigateLocation = "PlanSheetProperty.php";
//echo "<br>";
// echo $sqlNewLine;
// Executing the sql update code
//conn.Execute sql_New_Line
//#####################################################################
$stmtNewLine = sqlsrv_prepare($dbLink, $sqlNewLine);
sqlsrv_execute($stmtNewLine);
//#################################
?>
<html>
<head>
<Link Rel="Stylesheet" href="RenewStyle.css" type="text/css">
<title>The Budget Machine</title>
</head>
<!--body-->
<body onLoad="document.AcctUpdate.submit();">
<?PHP include 'Top.php'; ?>
<table width="100%" bordercolor="#003366" cellpadding="0" cellspacing="0"><tr><td>
<table width="100%" cellpadding="3" cellspacing="0" border="0">
<tr class="Title1">
<td valign="bottom">
</td>
<td colspan="5" rowspan="2" valign="middle" nowrap>
</td>
<td colspan="13" align="right" valign="bottom" nowrap>
</td>
<td align="right" valign="bottom" nowrap>
</td>
<td align="right" valign="bottom" nowrap>
</td>
<td align="right" valign="bottom" nowrap>
<!--input type="Button" value="< Back to Properties" onClick="document.location='PropertyList.asp'"-->
</td>
<td valign="bottom">
</td>
</tr>
<tr class="Title1">
<td valign="bottom">
</td>
<td colspan="5" rowspan="2" valign="middle" nowrap>
</td>
<td colspan="13" align="left" valign="bottom" nowrap>
Saving data...<br>
Please be patient
</td>
<td align="right" valign="bottom" nowrap>
<form method="post" action="<?php echo $navigateLocation ?>" name="AcctUpdate" id="AcctUpdate" />
<input type="hidden" name="RS" id="RS" value="<?PHP echo $iNextRS ?>">
<input type="hidden" name="Props" id="Props" value="<?PHP echo $sPostPropertyId ?>">
<input type="hidden" name="AcctGroup" id="AcctGroup" value="<?PHP echo $sPostGroupId ?>">
<input type="hidden" name="GLAcct" id="GLAcct" value="<?php echo $sAddLineAcct ?>">
<input type="hidden" name="AcctCount" id="AcctCount" value="<?PHP echo $sPostRowCount ?>">
<input type="hidden" name="BudgetID" id="BudgetID" value="<?PHP echo $sBudgetID ?>">
<input type="hidden" name="NewLineAcct" id="NewLineAcct" value="<?php echo $sPostAddLineAcct ?>">
<input type="hidden" name="PropertyNumber" id="PropertyNumber" value="<?php echo $sPostPropertyNumber ?>">
<input type="hidden" name="SubmitType" id="SubmitType" value="<?php echo $sSubmitType ?>">
<input type="hidden" name="View" id="View" value="<?php echo $sView ?>">
<input type="hidden" name="NewLineProp" id="NewLineProp" value="<?php echo $sPostAddLineProp ?>">
</form>
</td>
<td align="right" valign="bottom" nowrap>
</td>
<td align="right" valign="bottom" nowrap>
</td>
<td align="right" valign="bottom" nowrap>
</td>
<td valign="bottom">
</td>
</tr>
</table>
</td></tr></table>
</body>
</html>
는 저장 프로 시저입니다 :
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER Procedure AddNewLines
(
@PropertyID numeric (10,0) = NULL,
@PropertyNumber varchar (30) = NULL,
@GLAccountNumber varchar (10) = NULL,
@InsertType varchar (10) = NULL,
@LineAssoc varchar (10) = NULL,
@ClickYear varchar (30) = NULL,
@Year varchar (30) = NULL,
@Comments varchar (800) = NULL,
@User int = NULL,
@DeptCode varchar (10) = NULL
) AS
IF @InsertType = 'Single'
BEGIN
IF @LineAssoc = 'Project'
BEGIN
INSERT INTO BudDat(PropertyID,
PropertyNumber,
GLAccountNumber,
Project,
[Year],
BudgetID,
Comments,
LastChangedDate,
LastChangedBy)
VALUES (@PropertyID,
@PropertyNumber,
@GLAccountNumber,
'Y',
@ClickYear,
'',
@Comments,
getDate(),
@User)
END
IF @LineAssoc = 'None'
BEGIN
INSERT INTO BudDat(PropertyID,
PropertyNumber,
GLAccountNumber,
DeptCode,
[Year],
BudgetID,
Comments,
LastChangedDate,
LastChangedBy)
VALUES (@PropertyID,
@PropertyNumber,
@GLAccountNumber,
@DeptCode,
@ClickYear,
'',
@Comments,
getDate(),
@User)
END
END
IF @InsertType = 'Multiple'
BEGIN
DECLARE @YearCount int
Select @YearCount = 0
IF @LineAssoc = 'Project'
BEGIN
WHILE (@YearCount < 5)
BEGIN
INSERT INTO BudDat(PropertyID,
PropertyNumber,
GLAccountNumber,
Project,
[Year],
BudgetID,
Comments,
LastChangedDate,
LastChangedBy)
VALUES (@PropertyID,
@PropertyNumber,
@GLAccountNumber,
'Y',
@Year,
'',
@Comments,
getDate(),
@User)
Select @YearCount = @YearCount+1
Select @Year = @Year+1
END
END
IF @LineAssoc = 'None'
BEGIN
WHILE (@YearCount < 5)
BEGIN
INSERT INTO BudDat(PropertyID,
PropertyNumber,
GLAccountNumber,
DeptCode,
[Year],
BudgetID,
Comments,
LastChangedDate,
LastChangedBy)
VALUES (@PropertyID,
@PropertyNumber,
@GLAccountNumber,
@DeptCode,
@Year,
'',
@Comments,
getDate(),
@User)
Select @YearCount = @YearCount+1
Select @Year = @Year+1
END
END
END
내가 말했듯이 나는 PHP에 대해 많이 알지 못하지만 프로 시저가 다른 곳에서 호출 될 때 뭔가 다른 것을하지는 않는다. PHP에서 저장 프로 시저를 올바르게 호출하는 방법을 모르지만 쿼리를 통해 통과를 실행하는 것처럼 보입니다. 이것은 SQL 인젝션에 취약합니다. 대신 프로 시저 호출을 매개 변수화해야합니다. –