我有两个下拉列表,其中的值从2个不同的表中选择。
如何确保在点击提交按钮后,下拉列表orden会转到norm
<?php
$servername = "localhost";
$username = "root";
$password = "Iamthebest1009";
$dbname = "dktp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$normSql = 'SELECT * FROM norm WHERE orden_id IS NULL';
$normResult = $conn->query($normSql);
$ordenSql = 'SELECT * FROM orden';
$ordenResult = $conn->query($ordenSql);
function html($string) {
return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
?>
<!DOCTYPE html>
<html>
<body>
<form method="POST" action"">
<select name="normID">
<option selected disabled>Choose norm</option>
<?php while ($result = $normResult->fetch_assoc()): ?>
<option value="<?= html($result['id']); ?>"><?= html($result['norm_name']); ?></option>
<?php endwhile; ?>
</select>
<select name="ordenID">
<option selected disabled>Choose orden</option>
<?php while ($result = $ordenResult->fetch_assoc()): ?>
<option value="<?= html($result['id']); ?>"><?= html($result[ 'orden_name']); ?></option>
<?php endwhile; ?>
</select>
<input type="submit" value="Insert">
</form>
</body>
</html>
<?php
if(isset($_POST["submit"]))
{
$ordening=$_POST["ordenID"];
$query = mysqli_query("INSERT INTO norm (orden_id)VALUES ('$ordening')");
if($query)
{
echo "Thank You! you are now registered.";
}
}
?>
答案 0 :(得分:0)
您的查询设置应如下所示,使用绑定参数进行安全性并执行查询:
只选择ID,而不是所有内容,您不需要所有内容:
<?php
$servername = "localhost";
$username = "root";
$password = "Iamthebest1009";
$dbname = "dktp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$normSql = 'SELECT id FROM norm WHERE orden_id IS NULL';
$normResult = $conn->query($normSql);
$ordenSql = 'SELECT id FROM orden';
$ordenResult = $conn->query($ordenSql);
function html($string) {
return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
?>
<!DOCTYPE html>
<html>
<body>
<form method="POST" action"">
/* Not entirely sure why you need two selects? There's no reason you're not even using the value from this select? */
/* <select name="normID">
<option selected disabled>Choose norm</option>
<?php while ($result = $normResult->fetch_assoc()): ?>
<option value="<?= html($result['id']); ?>"><?= html($result['norm_name']); ?></option>
<?php endwhile; ?>
</select>*/
<select name="ordenID">
<option selected disabled>Choose orden</option>
<?php while ($result = $ordenResult->fetch_assoc()): ?>
<option value="<?= html($result['id']); ?>"><?= html($result[ 'orden_name']); ?></option>
<?php endwhile; ?>
</select>
<input type="submit" value="Insert">
</form>
</body>
</html>
Then, change your insert to be more secure:
if(isset($_POST["submit"]))
{
$ordening= $_POST["ordenID"]; // get the order ID from your submitted from <select>
$query = mysqli_query("INSERT INTO norm (orden_id) VALUES (?)");
$stmt = $conn->prepare($query);
if($stmt){
$stmt->bind_param("s",$ordening"); // Bind the id
$stmt->execute(); // Execute query
$affected = $stmt->affected_rows; // Get the affected rows (inserted)
$stmt->close(); // Close the statement
}
if($affected > 0 {
echo "Successful Entry";
}
}