if else语句和javascript编码问题

时间:2014-06-27 02:40:57

标签: javascript php

我的想法是系统会弹出一个框并显示是或取消,如果选择取消则它不会存储在MYSQL数据库中,如果是,则存储在数据库中,现在的问题是它是否存储在数据库中是否单击是或取消,我该如何解决?

if(isset($_POST['submit'])){


if($favour=="Chocolate"and $topping=="Chocolate Chip"){
    ?>
    <script type="text/javascript">
        if(window.confirm("You have selected chocolate's favour and chocolate's topping, are you sure?")) { alert("You have apply successfully");window.location="index.php";
        } else {
            window.location="customization.php";
        }
    </script>
    <?php
}

elseif($favour=="Fruit"and $topping=="Mix Fruit"){
    ?>
    <script type="text/javascript">
        if(window.confirm("You have selected Fruit's favour and Fruit's topping, are you sure?")) { alert("You have apply successfully");window.location="index.php";
        } else {
            window.location="customization.php";
        }
    </script>
<?php
}

mysql_query("INSERT INTO customization (cakesize,cfavour,topping, ccolor, cmessage,customizeMessage, C_date, Member_ID,status) VALUES ('$cakesize','$favour' ,'$topping', '$color' ,'$cmessage','$cumessage', '$date', '$uname','pending')");

}
?>

1 个答案:

答案 0 :(得分:0)

显然你有一个问题,那就是JS和PHP的混合,关于该代码的想法不会很好,你需要将它们分开。做这样的事情:(你只需根据自己的需要来适应它)。

<?php

if(isset($_POST['submit'])){
    extract($_POST);
    $con = new mysqli('localhost', 'username', 'password', 'database');
    $stmt = $con->prepare('
        INSERT INTO customization (cakesize,cfavour,topping, ccolor, cmessage,customizeMessage, C_date, Member_ID,status)' 
        VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)
    );
    $stmt->bind_param('sssssssis', $cakesize, $favour, $topping, $color, $cmessage, $cumessage, $date, $uname, 'pending');
    $stmt->execute();
    if($stmt->affected_rows > 0) {
        // insert success!
        echo '<script>alert("Success!");</script>';
    }
}

?>

<form method="POST" name="form" onsubmit="handle_form()">
    <!-- your input forms blah blah -->
</form>
<script type="text/javascript">
function handle_form() {
    var favour = document.forms['form']['favour'].value;
    var topping = document.forms['form']['topping'].value;
    var message = '';
    if(favour == 'Chocolate Chip' && topping == 'Chocolate Chip') {
        message = 'You have selected chocolate's favour and chocolate's topping, are you sure?';
    } elseif(favour == 'Fruit' && topping == 'Mix Fruit') {
        message = 'You have selected Fruit's favour and Fruit's topping, are you sure?';
    }

    if(confirm(message)) {
        document.getElementsByName('form').submit();
    } else {
        window.location = "customization.php";
    }
}
</script>
  

旁注:您很容易使用SQL注入,使用MYSQLI或PDO并使用参数化语句。