根据我们的输入从其他表中选择数据

时间:2017-05-21 08:02:48

标签: php sql

这是我的PHP文件。我无法从fyp1中选择fyp1.code = $tcode(即我们输入的输入)的截止日期。请帮忙。

<?php
include('inc/db.php');

if (isset($_POST['submit'])) {

$tcode = $_POST['tcode'];
$idno = $_POST['idno'];
$sname = $_POST['sname'];
$datesub = date("Y-m-d");

$sql = "SELECT * FROM fyp1";
$select = mysql_query($sql,"SELECT deadline from fyp1 where fyp1.code = '$tcode'");

$name   = $_FILES['file']['name'];
$tmp_name = $_FILES['file']['tmp_name'];

if ($name && $tcode){
    $Location = "S.File/$name";
    move_uploaded_file($tmp_name, $Location);
    $query = mysql_query("INSERT INTO submission (taskcode,idno,name,file,time,dead) VALUES ('$tcode','$idno','$sname','$name','$datesub','$select')");
    header('Location:DisplayNews.php');
}else
    die("Please select a file");
}

?>

1 个答案:

答案 0 :(得分:0)

请看一下php devdocs!

mixed mysql_query ( string $query [, resource $link_identifier = NULL ] )

您必须删除以下行... 

$sql = "SELECT * FROM fyp1";
$select = mysql_query($sql,"SELECT deadline from fyp1 where fyp1.code = '$tcode'");

并用有效的电话替换它们:

$sql = "SELECT deadline ".
       "FROM fyp1 ".
       "WHERE code = '".mysql_real_escape_string($tcode)."' ");

出于安全原因,请不要直接在SQL语句中插入$ _POST变量!

相关问题
最新问题