Question

我正在使用带有javascript的表单，用于向动态添加n行数并将数据发布到mysql。现在我想使用sql语句中的where子句（表单数据）向mysql发布更多信息。

这是我提交和发布数据的代码。

<script  src="jquery.min.js"></script>       
<script type="text/javascript">
$(function() {
        var addDiv = $('#addinput');
        var i = $('#addinput p').size() + 1;

        $('#addNew').live('click', function() {
                $('<p><select name="stockid[]' + i +'" onchange="showUser(this.value)"> <?php echo $item; ?></select> <select name="desc[]' + i +'" id="txtHint"> <?php echo $description; ?></ </select><a href="#" id="remNew">Remove</a> </p>').appendTo(addDiv);
                i++;


                return false;
        });

        $('#remNew').live('click', function() { 
                if( i > 2 ) {
                        $(this).parents('p').remove();
                        i--;
                }
                return false;
        });
});

</script>

<body>


<?php if (!isset($_POST['submit_val'])) { ?>
 <h1>Add your Hobbies</h1>
 <form method="post" action="">

 <div id="container">
 <p id="addNew"><a href="#"><span>Add New</span></a></p>
 <div id="addinput">

 <input type="submit" name="submit_val" value="Submit" />
 </form>
<?php } ?>
<?php

?>


<?php
    if (isset($_POST['submit_val']))
    {
        $stockid = $_POST["stockid"];
        $desc = $_POST["desc"];
        foreach($stockid as $a => $B)
        {
            $query = mysql_query("INSERT INTO 0_stock_master (stock_id,description) VALUES ('$stockid[$a]','$desc[$a]')", $connection );
        }
        echo "<i><h2><strong>" . count($_POST['stockid']) . "</strong> Hobbies Added</h2></i>";
    }
?>

现在当我尝试使用select语句并将数据发布到mysql时它工作正常这是代码

<?php
    $con=mysqli_connect("localhost","root","","inventory");

    // Check connection
    if (mysqli_connect_errno())
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    $result = mysqli_query($con,"SELECT * FROM 0_stock_master where id = '".$$_POST['stockid']."'");

    while($row = mysqli_fetch_array($result))
    {
      echo $row['price'];
    }

    mysqli_close($con);
?>

然后我像这样修改上面文件的邮政编码

<?php    
    if (isset($_POST['submit_val']))
    {
        $stockid = $_POST["stockid"];
        $desc = $_POST["desc"];
        $price = $row['price'];
        foreach($stockid as $a => $B)
        {
            $query = mysql_query("INSERT INTO 0_stock_master (stock_id,description,price) VALUES ('$stockid[$a]','$desc[$a]','$price[$a]')", $connection);
        }
        echo "<i><h2><strong>" . count($_POST['stockid']) . "</strong> Hobbies Added</h2></i>";
    }
?>

但在价格列

中没有插入任何数据库

Answer 1

正如aconrad在评论中所说，用$ _POST替换$$ _ POST可能会解决您的问题。

但我建议您将mysqli_query（）更改为mysqli_prepare（并使用等效的mysql_*函数更改所有mysqli_*）

我建议你将所有内容转换为mysqli_并使用预处理语句而不是像这样的直接查询：

改变这个：

<?php
$result = mysqli_query($con,"SELECT * FROM 0_stock_master where id = '".$$_POST['stockid']."'");

while($row = mysqli_fetch_array($result))

到此：

<?php
$stmt = mysqli_prepare($con,"SELECT price FROM 0_stock_master where id = ?");
mysqli_stmt_bind_param($stmt, 'i', $_POST['stockid']);
$result = mysqli_stmt_execute($stmt);
if (!$result)
  echo 'Mysql error : '.mysqli_stmt_error($stmt);
mysqli_stmt_bind_result($stmt, $price); // values will 
mysqli_stmt_fetch($stmt); // this call send the result in $price
mysqli_stmt_close($stmt);

改变这个：

<?php
$query = mysql_query("INSERT INTO 0_stock_master (stock_id,description,price) VALUES ('$stockid[$a]','$desc[$a]','$price[$a]')", $connection );

到此：

<?php
$stmt = mysqli_prepare($connection, "INSERT INTO 0_stock_master (stock_id,description,price) VALUES (?, ?, ?)");
// I assume stock_id must be int, desc must be string, and price must be float
mysqli_stmt_bind_param($stmt, 'isf', $stockid[$a],$desc[$a],$price[$a]);
$query = mysqli_stmt_execute($stmt);
$affected_rows = mysqli_stmt_affected_rows($stmt);

编辑：一些文件： MySQLi

mysqli_prepare（sql查询更多受sql注入保护）

mysqli_stmt_bind_param

mysqli_stmt_execute

mysqli_stmt_bind_result

mysqli_stmt_fetch

Answer 2

更改代码以将价格值存储在新变量中： -

<?php
    $con=mysqli_connect("localhost","root","","inventory");
    $price = array(); //declare

    // Check connection
    if (mysqli_connect_errno())
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    $result = mysqli_query($con,"SELECT * FROM 0_stock_master where id = '".$_POST['stockid']."'");

    while($row = mysqli_fetch_array($result))
    {
      echo $row['price'];
      $price = $row['price']; //initiate
    }

    mysqli_close($con);
?>

<?php    
    if (isset($_POST['submit_val']))
    {
        $stockid = $_POST["stockid"];
        $desc = $_POST["desc"];


            $query = mysql_query("INSERT INTO 0_stock_master (stock_id,description,price) VALUES ('$stockid','$desc','$price')", $connection);

    }
?>

您的$row['price']变量只会存在于while循环中，因此您必须将其存储在事先存在的内容中并使用该变量。

假设两个代码片段都在同一个文件中，那就是。查看代码并查看第3行和第27行的更改。

此外，正如其他人所说的那样，删除了双$ $$并在这一行上使用了一个： -

$result = mysqli_query($con,"SELECT * FROM 0_stock_master where id = '".$$_POST['stockid']."'");

希望这对你有所帮助：）

如何使用where子句中的$ _Post id格式从sql中获取数据

2 个答案: