使用mysql更有效地从下拉菜单填充表单

时间:2014-01-02 08:42:48

标签: php mysql forms

大家晚上,我有一个使用表单更新mysql表记录/行的页面。当你转到页面xyz.php时,有一个下拉列表。从下拉列表中选择artID并点击提交后,将显示一个表单。该表单使用artId预先填充,并匹配在脚本开头提取的mysql查询。下面的代码完美无缺。

然而,我的问题是,这可能会更有效率下降吗?特别是预先填充的表格。我正在使用if语句来查找'artId'嵌套在的数组的索引。然后使用索引数组的变量来填充表单。如果sql查询很大,这个接缝会很麻烦。

我也使用2 foreach个构造来获取相同的数据。我还在研究如何在不破坏整个表格的情况下消除其中一个。

任何有关方向跑步的建议或想法都会一如既往地受到重视。 谢谢 JR 

    $sqllst = "SELECT artId, artName, artSummary, artContent FROM article";

    $dba = new PDO($dsn, $usr, $pas);
    $dba->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

    $getlist = $dba->prepare($sqllst);
    $getlist->execute();
    $res = $getlist->fetchAll();

    if ($_SERVER['REQUEST_METHOD'] != 'POST') {

        echo   '<form method="post">
                <select name="dro">';   

            foreach ($res as $red){
                echo '<option name="dro" value=' . $red['artId'] . '>ID# ' .$red['artId']  . '-' . $red['artName'] . '</option>';
            }

        echo    '</select>
                 <input type="submit" value="Select Article">
                 </form>';
    } else {

            $arrayIndex = $_POST ['dro'];

            foreach ($res AS $searchValue) {
                if ($searchValue['artId'] == $arrayIndex) {
                    $name = $searchValue['artName'];
                    $sumry = $searchValue['artSummary'];
                    $cont = $searchValue['artContent'];
                }
            }
            echo "<form method=post id=setArticle>
                    Article Id: <input type=text name=id value=" . $arrayIndex . "><br>
                    Article Name: <input type=text name=name value=" . $name . "><br>
                    Article Summary: <input type=text name=sum value=" . $sumry . "><br>
                    Article Content: <textarea name=content rows=4 cols=10>" . $cont . " </textarea><br>
                    <input type=submit value=SUBMIT>    
                 </form>";
    }

1 个答案:

答案 0 :(得分:0)

你的else陈述很奇怪。为什么没有参数化查询? 如果你使用这样的东西,Foreach语句就没用了:

$sth = $dba->prepare('SELECT artId, artName, artSummary, artContent FROM article WHERE artId = :id');
$sth->bindValue(':id', $_POST ['dro'], PDO::PARAM_INT);
$sth->execute();

准备语句以避免SQL注入。

所以现在看起来应该是这样的:

$sqllst = "SELECT artId, artName, artSummary, artContent FROM article";

$dba = new PDO($dsn, $usr, $pas);
$dba->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

if ($_SERVER['REQUEST_METHOD'] != 'POST') {

    $getlist = $dba->prepare($sqllst);
    $getlist->execute();
    $res = $getlist->fetchAll();

    echo   '<form method="post">
            <select name="dro">';   

        foreach ($res as $red){
            echo '<option name="dro" value=' . $red['artId'] . '>ID# ' .$red['artId']  . '-' . $red['artName'] . '</option>';
        }

    echo    '</select>
             <input type="submit" value="Select Article">
             </form>';
} else {

    $sth = $dba->prepare('SELECT artId, artName, artSummary, artContent FROM article WHERE artId = :id');
    $sth->bindValue(':id', $_POST ['dro'], PDO::PARAM_INT);
    $sth->execute();

    $result = $sth->fetch(PDO::FETCH_ASSOC);
//Please remember to purify everything which is provided by users
        echo "<form method=post id=setArticle>
                Article Id: <input type=text name=id value=" . $result['artId']. "><br>
                Article Name: <input type=text name=name value=" . $result['artName']. "><br>
                Article Summary: <input type=text name=sum value=" . $result['artSummary']. "><br>
                Article Content: <textarea name=content rows=4 cols=10>" . $result['artContent']. " </textarea><br>
                <input type=submit value=SUBMIT>    
             </form>";
}

当然,下一步是将视图与控制器分开。当一切都在一个文件中时,它看起来非常难看。

相关问题
最新问题