如何使用PHP更改MS SQL Server2014中的表 - how to alter table in ms sql server2014 using php

错误我是第一次使用 ms sql 数据库，我正在尝试使用 php 对表进行更新。这些是我用于更新的代码。它说有一个错误"未定义的索引：cust_id"

<style>
	th{text-align: right; border-style: none;}
	td{
		width: 10%;
	}
	table{border-spacing:15px; width:20%;}
	.button {
    background-color: black;
    border: none;
    color: white;
    padding: 15px 32px;
    text-align: center;
    text-decoration: none;
    display: inline-block;
    font-size: 16px;
    margin: 4px 2px;
    cursor: hand;
	border-radius:12px;
	}
	.button:hover{
		background-color: grey;
		color: black;
	}
	input[type=number]{
    width:200px;
	}
	input[type=date]{
	width: 200px;
	}
	input[type=number]::-webkit-inner-spin-button, 
	input[type=number]::-webkit-outer-spin-button { 
	-webkit-appearance: none; 
	margin: 0; 
	}
	</style>
<?php
$serverName = "kwe-PC'SQLEXPRESS";
$connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe");
$conn = sqlsrv_connect($serverName, $connectionInfo);
if ($conn === false) {
    die(print_r(sqlsrv_errors(), true));
}
//declare the SQL statement that will query the database
$query = "SELECT * FROM Customer_Details WHERE Rec_No=".$_POST['id'];
//execute the SQL query and return records
$result = sqlsrv_query($conn, $query)
        or die(print_r(sqlsrv_errors(), true));
//Show results in table
$o = '<table border=1>';
while ($record = sqlsrv_fetch_array($result)) {
	$street1 = $record['street'];
	$o .='<form action= method=POST>';
    $o .= '<tr><th>REC NO.: </th><td><input type=text name=id value=' . $record ['Rec_No'] . '></td><th>CUSTOMER ID: </th><td><input type=text name=cust_id value=' . $record ['Cust_ID'] . '></td></tr>';
    $o .= '<tr><th>CUSTOMER NAME: </th><td><input type=text name=custname value=' . $record ['Cust_Name'] . '></td><th>SEC-REGISTERED NAME: </th><td><input type=text name=secname value=' . $record ['SEC_Name'] . '></td></tr>';
    $o .= '<tr><th>TIN NUMBER: </th><td><input type=text name=tin value=' . $record ['TIN Number'] . '></td><th>STORE TYPE: </th><td><input type=text name=store_type value=' . $record ['Store_Type'] . '></td></tr>';
    $o .="<tr><td colspan=2><b><u><font size=5>ORGANIZATION AND BUSINESS:</font></b></u></td></tr>";
    $o .= '<tr><th>SIZE OF BUSINESS: </th><td><input type=text name=tin value=' . $record ['Size of Business'] . '></td><th>SELLER ID: </th><td><input type=text name=store_type value=' . $record ['Seller_ID'] . '></td></tr>';
	$o .= '<tr><th>DATE OF ESTABLISHMENT: </th><td><input type=date name=date_establish value=' . $record ['Date of Establishment'] . '></td></tr>';
    /*$o .='<td>' . date('F d, Y', strtotime($record ['Date of Establishment'])) . '</td>';*/
	$o .='<tr><th>ADDRESS(Headquarters): </th><td><input type=text name=street placeholder=House Number/Street value="'.$street1.'"></td><td><input type=text name=barangay placeholder Barangay value="'. $record['barangay'] .'"></td><td><input type=text name=city placeholder=City/Municipality value="'. $record['city'] .'"></td></tr>';
	$o .='<tr><th>&nbsp</th><td><input type=text name=province placeholder=Province value='. $record['province'] .'></td><td><input type=text name=postal_code placeholder="Postal Code" value='. $record['postal_code'] .'></td></tr>';
    $o .='<tr><th>TELEPHONE# / FAX: </th><td><input type=text name=tel_num value=' . $record ['Telephone/Fax'] . '></td><th>PAYMENT TERMS: </th><td><input type=text name=payment_terms value='.$record['Payment Terms'].'></td></tr>';
    $o .='<tr><th>SHIPPING INSTRUCTIONS: </th><td><input type=text name=ship_inst value=' . $record ['Shipping Instructions'] . '></td></tr>';
    $o .='<tr><th>NUMBER OF DOORS: </th><td><input type=text name=num_doors value=' . $record ['Number of Doors'] . '></td><th>NUMBER OF WAREHOUSES: </th><td><input type=text name=num_wh value='.$record['Number of Warehouses'].'></td></tr>';
    $o .='<tr><td colspan=2><b><u><font size=5>CONTACT PERSONNEL:</font></b></u></td></tr>';
	$o .='<tr><th>OWNER: </th><td><input type=text name=owner_name value="' . $record ['Owner'] . '"></td><td><input type=number name=owner_contact placeholder="Contact Number" value='.$record['owner_contact'].'></td><td><input type=date name=owner_bday value="'.$record['owner_bday'].'"></td><td><input type=text name=owner_interest placeholder="Interest" value="'.$record['owner_interest'].'"></td></tr>';
	$o .='<tr><th>PURCHASER/S: </th><td><input type=text name=purch_name value="' . $record ['Purchaser(s)'] . '"></td><td><input type=number name=purch_contact placeholder="Contact Number" value='.$record['purch_contact'].'></td><td><input type=date name=purch_bday value="'.$record['purch_bday'].'"></td><td><input type=text name=purch_interest placeholder="Interest" value="'.$record['purch_interest'].'"></td></tr>';
	$o .='<tr><th>ACCOUNTING HEAD: </th><td><input type=text name=ah_name value="' . $record ['Accounting Head'] . '"></td><td><input type=number name=ah_contact placeholder="Contact Number" value='.$record['ah_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>';
	$o .='<tr><th>WAREHOUSE HEAD: </th><td><input type=text name=wh_name value="' . $record ['Warehouse Head'] . '"></td><td><input type=number name=wh_contact placeholder="Contact Number" value='.$record['wh_contact'].'></td><td><input type=date name=ah_bday value="'.$record['ah_bday'].'"></td><td><input type=text name=ah_interest placeholder="Interest" value="'.$record['ah_interest'].'"></td></tr>';
	$o .='<tr><th>OTHER PERSONNEL: </th><td><input type=text name=other_name placeholder="Fullname" value="' . $record ['Other Personnel'] . '"></td><td><input type=number name=other_contact placeholder="Contact Number" value='.$record['other_contact'].'></td><td><input type=date name=other_bday value="'.$record['other_bday'].'"></td><td><input type=text name=other_interest placeholder="Interest" value="'.$record['other_interest'].'"></td></tr>';
	$o .='<tr><td colspan=2><b><u><font size=5>TERMS AND DISCOUNTS:</font></b></u></td></tr>';
	$o .='<tr><th>PAYMENT TERMS: </th><td><input type=text name="payment_terms2" value="'.$record['Payment Terms 2'].'"></td><th>COLLECTION SCHEDULE:</th></tr>';
	$o .='<tr><th>DISCOUNT: </th><td><input type="text" name="payment_terms2" value="'.$record['Discount'].'"></td><td><input type="text" name="coll_sched" placeholder="e.g Every Wednesday after lunch, MWF Mornings" value="'.$record['Collection Schedule'].'"></td></tr>';
    $o .='<tr><td colspan=2><b><u><font size=5>BUSINESS GOALS:</font></b></u></td></tr>';
	$o .='<tr><th>VOLUME:</th><td><input type=text name="volume" size=24 value="'.$record['Volume'].'"></td><th>CSL:</th><td><input type=text name="csl" size=23 value="'.$record['CSL'].'"></td></tr>';
	$o .='<tr><th>MERCHANDISING:</th><td><input type=text name="merchandising" size=24 value="'.$record['Merchandising'].'"></td><th>ASSORTMENT:</th><td><input type=text name="assortment" size=23 value="'.$record['Assortment'].'"></td></tr>';
	$o .='<tr><th>VEHICLE:</th><td><input type=text name="vehicle" size=24 value="'.$record['Marketing Vehicle'].'"></td><th>PRICING:</th><td><input type=text name="pricing" size=23 value="'.$record['Pricing'].'"></td></tr>';
	$o .='<tr><th>DISTRIBUTION:</th><td><input type=text name="distribution" size=24 value="'.$record['Distribution'].'"></td><th>MARGIN:</th><td><input type=text name="margin" size=23 value="'.$record['Margin'].'"></td></tr>';
	$o .='<tr><td colspan=2><b><u><font size=5>STRATEGIES:</font></b></u></td></tr>';
	$o .='<tr><th>PRICE:</th><td><input type=text name="price" size=24 value="'.$record['Price'].'"></td><th>PEOPLE:</th><td><input type=text name="people" size=23 value="'.$record['People'].'"></td></tr>';
	$o .='<tr><th>PROMOTION:</th><td><input type=text name="promotion" size=24 value="'.$record['Promotion'].'"></td><th>PRODUCT:</th><td><input type=text name="product" size=23 value="'.$record['People'].'"></td></tr>';
	$o .='<tr><th>CATMAN ENROLLMENT:</th><td><input type=text name="catman" size=24 value="'.$record['Catman Enrollment'].'"></td></tr>';
	$o .='<tr><td colspan=2><font size=5><b><u>POLICIES:</u></b></font></td></tr>';
	$o .='<tr><th>REPLENISHMENT ORDERS:</th><td colspan=3><input type=text name="rep_orders" size=92 value="'.$record['Replenishment Orders'].'"></td></tr>';
	$o .='<tr><th>ASSORTMENT/MERCHANDISING:</th><td colspan=3><input type=text name="assort_merch" size=92 value="'.$record['Assortment/Merchandising'].'"></td></tr>';
	$o .='<tr><th>NEW PRODUCTS:</th><td colspan=3><input type=text name="new_prod" size=92 value="'.$record['New Products'].'"></td></tr>';
	$o .='<tr><th>PRICING/PROMOTION:</th><td colspan=3><input type=text name="price_promote" size=92 value="'.$record['Pricing/Promotions'].'"></td></tr>';
	$o .='<tr><th>UPLOAD PICTURE:</th><td colspan=2><input type=file name="image" size=92 value="'.$record['image'].'"></td></tr>';
	}
$o .= '</tbody></table>';
echo $o;
echo"<form action=edit.php method=POST>";
echo"<br><input type=submit value=Save name=submit></form>";
    $serverName = "kwe-PC'SQLEXPRESS";
    $connectionInfo = array("Database" => "customerdb", "UID" => "dbadmin", "PWD" => "kwe");
    $conn = sqlsrv_connect($serverName, $connectionInfo);
    if ($conn === false) {
        die(print_r(sqlsrv_errors(), true));
    }
    if (isset($_POST['submit'])) {
	$sql = "UPDATE Customer_Details SET Cust_ID = ".$_POST['cust_id']." WHERE Rec_No =" . $_POST['id'];
    sqlsrv_query($conn, $sql);
	$ids = $_POST['id'];
    
}
	else{
        echo "ID is empty";
    }
?>

从描述来看，你得到的是php错误，而不是sql error。

一些建议，不要在代码中使用即席查询。

而是为您需要的目的创建一个存储过程，并从应用程序执行该过程，例如。

CREATE PROCEDURE proc_UpdateCustomer (@RecNo int, @CustomerID int)
AS
BEGIN
    SET NOCOUNT ON;
    UPDATE Customer_Details
    SET Cust_ID = @CustomerID
    WHERE Rec_No = @RecNo
END

这样，您就可以免受SQL注入的影响。以同样的方式为 SELECT 语句创建 SP。