如何在mysql数据库

时间:2016-03-23 13:11:11

标签: php mysql database

我有两个表页面和上传

PAGE:

page_id,   page_name,   page_parent 
( 4,   test,   0)
( 5,   test-sub,   4)
( 6,   test-sub2,   4)

UPLOAD:

upload_id,   upload_name,   upload_root
(1,    test,   4)
(2,    test-sub,   4)
(3,   test-sub2,   4)

我非常成功地将page_id导入upload_root,但是当页面有子菜单并输入page_parent时出现问题。

我的插入命令如下:

$name =  $_POST['name'];
$root = $_POST['root'];
$insert_sql = "INSERT INTO tbl_upload VALUES ('' , \"$name\",  \"$root\")";

$root = $_POST['page_id'];?>
<form action="" enctype="multipart/form-data" method="post">
<div>Name:   <input name="title" type="text" size="50"/></div> 
<input name="page_id" type="hidden" value= "<?php echo"$page_id"; ?>"
<input type="submit" value="Upload" id="upload" class="upload"/>
</form>

我的fetch命令如下:

$fetch_sql = "SELECT upload_id, upload_name, upload_root from tbl_upload WHERE upload_root = \"$page_id\"";

我无法获得正确的网页网址。我没有用正确的词语来描述我的问题。但我真正想要的是将page_id(自动增量)的确切值重新转换为upload_id,如果不可能的话则上传到upload_root。

我想做的是:

UPLOAD:

upload_id,   upload_name,   upload_root
(4,   test,   4)
(5,   test-sub,   4)
(6,   test-sub2,   4)

1 个答案:

答案 0 :(得分:1)

<?php
if (isset($_GET['submit']))
{
$name =  $_POST['title'];
$pageid = $_POST['page_id'];
$insert_sql = "INSERT INTO tbl_upload (upload_id, upload_name, upload_root) VALUES ('".$pageid."','".$name."','')";
mysql_query($insert_sql);
}
?>
<form action="your_page.php?submit=yes" enctype="multipart/form-data" method="post">
<div>Name:   <input type="text" name="title" size="50"></div> 
<input type="hidden" name="page_id" value= "<?php echo $page_id; ?>">
<input type="submit" value="Upload" id="upload" class="upload">
</form>

显然,请在页面中插入&#39; your_page.php&#39;

您的代码容易受到SQL注入攻击。请查看如何为将来的项目实施PDO。