如何将数据值传递给表单?

时间:2012-05-24 18:38:55

标签: php mysql forms

我正在申请一个梦幻足球网站。如果你去这里:

http://digitaldemo.net/kickass/a-results.php

您可以看到管理员在查看/编辑播放器时会看到的内容。

UPDATE --------------------------------------

这是a-results.php上的相关代码,用于呈现数据,将数据传递到qb-edit.php上的表单:

<table cellspacing="0" cellpadding="5" border="1" width="560">
<tr style="text-align:center">
<td style="text-align:left ; width:175px">Player Name</td>
<td>Team</td>
<td>Pass Yds</td>
<td>Pass TDs</td>
<td>Int Thrown</td>
<td>Rush Yds</td>
<td>Rush TDs</td>
<td>Overall Pts</td>
<td>TFP</td>
</tr>
<?php
$result = mysql_query("SELECT ID, Player, Team, Pass_Yds, Pass_TDs, Int_Thrown, Rush_Yds, Rush_TDs, Overall_Pts, Total_Fantasy_Pts FROM ff_projections WHERE Position = 'QB' ORDER BY Pass_Yds DESC;");

while($row = mysql_fetch_array($result))
{
echo "<tr style=\"text-align:center\"><td style=\"text-align:left\">{$row['Player']}</td>";
echo "<td>{$row['Team']}</td>";
echo "<td>{$row['Pass_Yds']}</td>";
echo "<td>{$row['Pass_TDs']}</td>";
echo "<td>{$row['Int_Thrown']}</td>";
echo "<td>{$row['Rush_Yds']}</td>";
echo "<td>{$row['Rush_TDs']}</td>";
echo "<td>{$row['Overall_Pts']}</td>";
echo "<td>{$row['Total_Fantasy_Pts']}</td>";
echo "<td><form action=\"qb-edit.php\" method=\"post\"><input type=\"hidden\" name=\"ID\" value=\"". $row['ID'] ."\"><input type=\"submit\" name=\"submit\" value=\"Edit\"></form></td></tr>";
}
?>
</table>

这是qb-edit.php的内容:

<?php
$posted_id = $_POST['ID'];
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style>
body    { font-family:Arial, Helvetica, sans-serif ;
font-size:14px ;
}

.form   { width:350px ;
margin-auto ;
}

label   { clear:both ;
display:block ;
float:left ;
padding-right:8px ;
line-height:26px ;
}

input[type=text]    { float:right ;
width:163px ;
height:18px ;
margin:3px 0px ;
} 

input[type=text].short  { width:30px ;
margin-right:132px ;
}

input[type=submit]  { clear:both ;
float:left ;
margin-top:20px ;
margin-bottom:20px ;
}

select  { float:right ;
margin-right:118px ;
}
</style>
</head>

<body>

<div class="form">            
<?php 

echo $posted_id;

$result = mysql_query($connect, "SELECT * FROM ff_projections where ID='" . $posted_id . "'") or die ("Error in query");
if ($row = mysql_fetch_array($result)) {

echo "<form method='post' action='add_player.php'>";
echo "<label for='Player'>Player Name:</label> <input type='text' name='Player' value='" . $row['Player'] . "' />";
echo "<label for='Pass_Yds'>Pass Yds:</label> <input class='short' type='text' name='Pass_Yds' value='" . $row['Pass_Yds'] . "' />";
echo "<label for='Pass_TDs'>Pass TDs:</label> <input class='short' type='text' name='Pass_TDs' value='" . $row['Pass_TDs'] . "' />";
echo "<label for='Int_Thrown'>Int Thrown:</label> <input class='short' type='text' name='Int_Thrown' value='" . $row['Int_Thrown'] . "' />";
echo "<label for='Rush_Yds'>Rush Yds:</label> <input class='short' type='text' name='Rush_Yds' value='" . $row['Rush_Yds'] . "' />";
echo "<label for='Rush_TDs'>Rush TDs:</label> <input class='short' type='text' name='Rush_TDs' value='" . $row['Rush_TDs'] . "' />";
echo "<label for='Overall_Pts'>Overall Pts:</label> <input class='short' type='text' name='Overall_Pts' value='" . $row['Overall_Pts'] . "' />";
echo "<input type='submit' name='submit' value='Update Player' />";
echo "<input type='hidden' name='id' value='" . $row['ID'] . "' />";
echo "</form>";
}
?>
</div>


</body>
</html>

我收到错误消息:

PHP Warning:  mysql_query() expects parameter 2 to be resource, string given in C:\\xampp\\htdocs\\kickass\\qb-edit.php on line 55, referer: http://localhost/kickass/a-results.php

这是qb-edit.php的第55行:

$result = mysql_query($connect, "SELECT * FROM ff_projections where ID='" . $posted_id . "'") or die ("Error in query");

我疯了,试图让它发挥作用......

3 个答案:

答案 0 :(得分:1)

只需将其数据库记录的ID作为参数传递,可能作为隐藏字段,然后使用它从下一页的数据库中提取记录。

答案 1 :(得分:1)

这个想法是你传递了播放器的ID(可以是GET或POST方法),我认为最好的方法是POST,因为你可以将ID传递给URL

例如:

player_id = 1 Vince Young 如果您创建指向此页面的链接http://digitaldemo.net/kickass/edit_player.php?id=1,则会显示编辑页面

player_id = 2 Ryan Tannehill 如果您创建指向此页面的链接http://digitaldemo.net/kickass/edit_player.php?id=2,它将显示编辑页面

等等

当然,你必须考虑一些事情:

  1. 你必须创建一个名为edit_player的php文件及其上的函数。
  2. 您必须验证SESSION ['user']是否有权编辑播放器,如果您没有检查是否有人可以打开浏览器副本并粘贴如下链接:http://digitaldemo.net/ kickass / edit_player.php?id = 1,可以编辑你的帖子。
  3. 如果我使用某种md5算法发送用户ID,那么我会限制入侵者。
  4. 请查看此安全指南,它将帮助您保护您的网站:

    http://phpsec.org/projects/guide/

答案 2 :(得分:1)

你的错误是在这里引起的我相信

“SELECT * FROM ff_projections where ID ='”。 $ posted_id。 “'”

你在SELECT之前开始双引号这很好 但是当你得到ID =你结束了那套报价 删除双引号

所以换句话说

"SELECT * FROM ff_projections WHERE ID = '$posted_id'"

而不是

 "SELECT * FROM ff_projections where ID='" . $posted_id . "'"