From 22ec52a514f1ac3b7c040f081d0afd8d397fe522 Mon Sep 17 00:00:00 2001 From: Buping <2107013744@qq.com> Date: Thu, 30 May 2024 16:32:16 +0800 Subject: [PATCH] 0530 --- 功能界面.py | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/功能界面.py b/功能界面.py index 321f611..5a5ef72 100644 --- a/功能界面.py +++ b/功能界面.py @@ -68,16 +68,32 @@ class CarSalesSystem: def edit_car(self): edit_car_model = simpledialog.askstring("编辑汽车", "请输入要编辑的汽车型号:") - for car in self.cars: - if car[1] == edit_car_model: + if edit_car_model: + # 查询要编辑的汽车信息 + select_sql = "SELECT * FROM tj WHERE xh = %s" + self.cursor.execute(select_sql, (edit_car_model,)) + car_to_edit = self.cursor.fetchone() + + if car_to_edit: + # 显示当前信息并获取用户输入的新信息 + current_info = f"当前信息:品牌={car_to_edit[0]}, 型号={car_to_edit[1]}, 价格={car_to_edit[2]}, 颜色={car_to_edit[3]}" + tk.messagebox.showinfo("当前信息", current_info) new_info = simpledialog.askstring("编辑信息", "请输入新的汽车信息(品牌,型号,价格,颜色):") + if new_info: - car_info = new_info.split(',') - car[0], car[1], car[2], car[3] = car_info - messagebox.showinfo("成功", "汽车信息已更新。") - break - else: - messagebox.showerror("错误", f"未找到型号为{edit_car_model}的汽车。") + new_pp, new_xh, new_jg, new_color = new_info.split(',') + + # 预防SQL注入,使用参数化查询更新 + update_sql = "UPDATE tj SET pp = %s, xh = %s, jg = %s, color = %s WHERE xh = %s" + try: + self.cursor.execute(update_sql, (new_pp, new_xh, float(new_jg), new_color, edit_car_model)) + self.db_connect.commit() + tk.messagebox.showinfo("成功", "汽车信息已更新。") + except Exception as e: + tk.messagebox.showerror("错误", f"更新汽车信息时发生错误:{e}") + self.db_connect.rollback() + else: + tk.messagebox.showerror("错误", f"未找到型号为{edit_car_model}的汽车。") def view_cars(self): # 使用Treeview显示数据 @@ -114,4 +130,4 @@ def main(): if __name__ == "__main__": - main() \ No newline at end of file + main()