我有一个数据库,我想插入用户选择的饮料。如果他们选择饮用其中一种饮料,我希望将1号分配给记录。
HTML
<form role="form" action="/form.php" name="submitfkgo" id="submitfkgo" method="post" onsubmit="return submitfk()">
<input type="email" class="form-control" id="FormEmail" name="FormEmail" placeholder="Enter email">
<input type="text" class="form-control" id="FormName" name="FormName" placeholder="Enter full name">
<input type="checkbox" name="checker[]" id="formOpt1" value="A">
Yes, I will drink A
<input type="checkbox" name="checker[]" id="formOpt2" value="B">
Yes, I will drink B
<input type="checkbox" name="checker[]" id="formOpt3" value="C">
Yes, I will drink C
<a href="#join" onclick="javascript:submitfk();return false" class="btn btn-primary btn-lg btn-block">Submit my application!</a>
</form>
PHP
以下PHP连接到数据库。然后它将值安全地存储到变量中。然后它创建第一条记录。然后我想用他们从上面的选择中勾选的内容更新记录。目前,所有组合都只用0更新。
<?php
// DB
include("../inc/c.php");
mysql_select_db("join", $con);
// VARS
$FormEmail=mysql_real_escape_string($_POST['FormEmail']);
$FormName=mysql_real_escape_string($_POST['FormName']);
$chkbox = array('A', 'B', 'C');
$choiceDrink=mysql_real_escape_string($_POST['checker']);
// SQL
$r=mysql_query("
INSERT INTO `db`.`join` (`id`, `FormEmail`, `FormName`) VALUES (NULL, '".$FormEmail."', '".$FormName."');
");
// GET INSERTED RECORD
$id = mysql_insert_id();
$values = array();
foreach($chkbox as $selection ){
if(in_array($selection, $choiceDrink))
{
$values[ $selection ] = 1;
} else {
$values[ $selection ] = 0;
}
}
// SQL FOR CHOICES
$r2=mysql_query("
UPDATE `db`.`join`
SET
`A` = '".$values['A']."',
`B` = '".$values['B']."',
`C` = '".$values['C']."'
WHERE
`join`.`id` =".$id.";
");
// FORM
echo '<script type="text/javascript">window.location="/thanks"</script>';
// MYSQL CLOSE
mysql_close($con);
?>
答案 0 :(得分:1)
请勿在{{1}}上使用mysql_real_escape_string。当您将输入直接替换为数据库时,您只需要这样做。所以它应该是:
$_POST['checker']答案 1 :(得分:0)
我建议,主要是检查$_POST['checker']的数组大小。
然后有条件地将SQL查询构建为
if(count($_POST['checker']) ==0)
{
// SQL Query
}
else if (count($_POST['checker']) ==1)
{
// SQL query
}
//...
else
{
}
答案 2 :(得分:0)
试试这个:
<强> HTML
<form role="form" action="/form.php" name="submitfkgo" id="submitfkgo" method="post" onsubmit="return submitfk()">
<input type="email" class="form-control" id="FormEmail" name="FormEmail" placeholder="Enter email">
<input type="text" class="form-control" id="FormName" name="FormName" placeholder="Enter full name">
<input type="checkbox" name="checker" id="formOpt1" value="A">
Yes, I will drink A
<input type="checkbox" name="checker" id="formOpt2" value="B">
Yes, I will drink B
<input type="checkbox" name="checker" id="formOpt3" value="C">
Yes, I will drink C
<a href="#join" onclick="javascript:submitfk();return false" class="btn btn-primary btn-lg btn-block">Submit my application!</a>
</form>
<强> PHP
...
// VARS
$FormEmail=mysql_real_escape_string($_POST['FormEmail']);
$FormName=mysql_real_escape_string($_POST['FormName']);
$choiceDrink=$_POST['checker'];
// SQL
$r=mysql_query("
INSERT INTO `db`.`join` (`id`, `FormEmail`, `FormName`) VALUES (NULL, '".$FormEmail."', '".$FormName."');
");
// GET INSERTED RECORD
$id = mysql_insert_id();
$values = array('A' => 0, 'B' => 0, 'C' => 0);
if (isset($values[$choiceDrink])) $values[ $choiceDrink ] = 1;
// SQL FOR CHOICES
$r2=mysql_query("
UPDATE `db`.`join`
SET
`A` = '".$values['A']."',
`B` = '".$values['B']."',
`C` = '".$values['C']."'
WHERE
`join`.`id` =".$id.";
");
...