任何人都可以看到为什么这段代码不起作用?支付给它检查,他说它应该工作

时间:2015-04-16 09:29:00

标签: php html sql

很多人都说代码应该正常工作,连接正常,sql语句很好我们不确定为什么,任何人都知道为什么?我认为它会假设get_data方法在某处出错,下拉框保持空白

 <?php
    require("db.php");
    include("functions.php");
    if(isset($_POST['submit']))
    {
      $Date = date('Y-m-d H:i:s');
      $FirstName = $mysqli->real_escape_string($_POST['FirstName']);
      $LastName = $mysqli->real_escape_string($_POST['LastName']);
      $Rating = $mysqli->real_escape_string($_POST['Rating']);
      $Comment = $mysqli->real_escape_string($_POST['Comment']);

      $sql = "INSERT INTO guest(GuestID, FirstName, LastName, PostcodeFK, Email, Date, Rating,Comment)"
       ." VALUES ('', '$FirstName', '$LastName', '$Postcode', '$Email', '$Date', '$Rating', '$Comment')";

    if($mysqli->query($sql)==TRUE)
    {
      echo "<script>alert('Record Added.'); location.href='customers.html'</script>";
    }else{
     echo "<script>alert('Error'); location.href='#'</script>"; 
    }
    function get_data($mysqli)
    {

       $sql="SELECT `MealOption` FROM menu";
       $result=$mysqli->query($sql);
           while ($row=$result->fetch_assoc())
          {
            echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";
          }

    }
    }

    ?>
    <html>

    <body>
    <form action="" method="post">
    First Name: <input type="text" name="FirstName" require/><br>
    Last Name: <input type="text" name="LastName" require/><br>
    Postcode: <input type="number" name="Postcode" require/><br>
    Email: <input type="email" name="Email" require/><br>
    <button class="btn" onclick="get_data(Meal);">Add</button>
    <label for="Meal">Meal:</label>
    <select name="Meal">
    <?php
     //echo get_data($mysqli);   
    ?>
    </select><br>
    Rating: <input type="number" name ="Rating" min="1" max="5" require/><br>
    Comment: <input type="text" name ="Comment"><br>
    <input type="submit" name="submit">
    </form>
    </body>
    </html>

3 个答案:

答案 0 :(得分:2)

你的<button class="btn" onclick="get_data(Meal);">Add</button>函数get_data(Meal)无法调用php函数。

所以你必须创建一个javascript函数get_data(),例如通过ajax请求信息。

你应该从那个人那里拿回你的钱。

答案 1 :(得分:0)

您需要将get_data函数移出if语句。缩进可以帮助你。 

if(isset($_POST['submit']))
{
  $Date = date('Y-m-d H:i:s');
  $FirstName = $mysqli->real_escape_string($_POST['FirstName']);
  $LastName = $mysqli->real_escape_string($_POST['LastName']);
  $Rating = $mysqli->real_escape_string($_POST['Rating']);
  $Comment = $mysqli->real_escape_string($_POST['Comment']);

  $sql = "INSERT INTO guest(GuestID, FirstName, LastName, PostcodeFK, Email, Date, Rating,Comment)"
   ." VALUES ('', '$FirstName', '$LastName', '$Postcode', '$Email', '$Date', '$Rating', '$Comment')";

   if($mysqli->query($sql)==TRUE)
   {
       echo "<script>alert('Record Added.');location.href='customers.html'</script>";
   } else {
       echo "<script>alert('Error'); location.href='#'</script>"; 
   }
}

function get_data($mysqli)
{

   $sql="SELECT `MealOption` FROM menu";
   $result=$mysqli->query($sql);
       while ($row=$result->fetch_assoc())
      {
        echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";
      }

}

对于html用法,你需要在使用php函数之前添加php标签。

 <?php get_data($mysqli); ?>

答案 2 :(得分:0)

您的代码对XSS攻击不安全 - 这可能会导致问题,例如:如果您的用餐选项包含撇号。

尝试更改此行:

echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";

到这一行:

echo "<option value='". htmlspecialchars($row['MealOption'],ENT_QUOTES) . "'>". htmlspecialchars($row['MealOption']) ."</option>";
相关问题
最新问题