将SQL添加到名为'onclick'的函数中

时间:2015-10-24 02:48:28

标签: javascript php jquery mysql function

我有一个名为“添加”的按钮,它与列表中的每个人有关。

height: 200px

单击“添加”时,我想将人员详细信息添加到表中(工作正常),还要在我的数据库中的表中添加包含其名称和ID的新行(这是我的问题)。 / p>

我知道PHP不能在JS函数中工作。我也知道由于安全问题,我不应该从JS访问我网站上的数据库。

那么如何才能有 echo <td><input type=\"submit\" id=\"PlayerAdded".$id."\" value=\"Add\" onclick=\"add('".$id."','".$name."','".$_SESSION['GameID']."');\"></input></td>"; 调用添加到数据库的函数的按钮?

我尝试在PHP中编写我的函数,但是当我点击按钮时它没有做任何事情。请参阅下面的功能:

onclick

2 个答案:

答案 0 :(得分:4)

删除变量之前的括号,这是为函数中的每个变量编写的。

在功能代码的末尾添加ajax部分。

function add(id, name, game) {
    var t = "</td><td>";
    var str = "<tr id='Players" + id + "'><td>"
    var ctr = "</td></tr>"

    var PID = "<input type = 'hidden' name='ID" + id + "' value='" + id + "'></input>" + id;
    var Pnam = "<input type='hidden' name='Name" + id + "' value='" + name + "'></input>";
    var place = "<select name='Place" + id + "'><option value='17'>17th</option><option value='16'>16th</option><option value='15'>15th</option><option value='14'>14th</option><option value='13'>13th</option><option value='12'>12th</option><option value='11'>11th</option><option value='10'>10th</option><option value='9'>9th</option><option value='8'>8th</option><option value='7'>7th</option><option value='6'>6th</option><option value='5'>5th</option><option value='4'>4th</option><option value='3'>3rd</option><option value='2'>2nd</option><option value='1'>1st</option></select>";
    var points = "<form action='leaderboards.php' method='post' target='_blank'><input type='hidden' name='playerid' value='" + id + "'></input><input type='hidden' name='name' value='" + name + "'></input><input type='submit' value='View'></form>";
    var cash = "$<input name='Cash" + id + "' placeholder=' 0'></input>";
    var ticket = "<select name='Ticket" + id + "'><option value='No'>No</option><option value='Yes'>Yes</option>";
    var del = "<input type='button' value='Delete' onclick='remove(" + id + ")'> </input>";

    $('#PlayerAdded').before(str + PID + t + Pnam + name + t + place + t + points + t + cash + t + ticket + t + del + ctr);

    // making ajax call to insert.php and posting the data
    $.ajax({
        method: "POST",
        url: "insert.php",
        data: {
            "id": id,
            "name": name,
            "game": game
        },
         beforeSend:function(){
            // show something before data is saved to db.
         }
    }).done(function(msg) {
        $("body").append(msg); //debugging purpose
    }).fail(function( jqXHR, textStatus ) {
        alert( "Request failed: " + textStatus );
    });
}

<强> insert.php

<?php
   if(isset($_POST['id']) && isset($_POST['name']) && isset($_POST['game'])){
      $id= $_POST['id'];
      $name= $_POST['name'];
      $game= $_POST['game'];   

    //write your connection logic

    // never write bare queries there is a chance of sql injection.
    //Instead use prepared statement, prepare your query then bind the above values to it, then excute. 
    //write your insert logic below.
}
?>

答案 1 :(得分:0)

您需要通过AJAX发布要插入数据库的值,并将其附加到add()函数:

$.post('insertnew.php', { id:id,name:name,game:game }, function(data){
    alert(data);
}); 

<强> insertnew.php:

<?php
   if(isset($_POST['id']) && isset($_POST['name']) && isset($_POST['game'])){
    // sanitize your data here, then:
      $id = $_POST['id'];
      $name = $_POST['name'];
      $game = $_POST['game'];

   //connect to your db, or instead include your dbconnect.php
      $link= new mysqli('localhost', 'my_user', 'my_password', 'world');

   // check connection
     if (mysqli_connect_errno()) {
         printf("Connect failed: %s\n", mysqli_connect_error());
         exit();
     }
   //use prepared statement, prepare your query then bind the above values to it, then excute
     $stmt = mysqli_prepare($link, "INSERT INTO results VALUES (?, ?, ?)");
     mysqli_stmt_bind_param($stmt, $id, $name, $game);

     if(mysqli_stmt_execute($stmt)){
          echo "Record has been added successfully";
     }else{
          echo "Sorry, record could not be inserted";
     }
   }
?>

http://php.net/manual/en/mysqli.prepare.php

http://php.net/manual/en/mysqli-stmt.bind-param.php