我的3条件下拉中出现错误

时间:2011-02-16 03:23:58

标签: php javascript mysql forms

下拉框(填充MySQL数据)和第二个下拉框数据(填充MySQL数据)将基于第一个下拉框和第三个下拉框数据(填充MySQL数据)将基于第二个下拉框..

我创建了2个下拉列表,但是当我尝试第三个下拉列表时,我无法使其工作。这是我的完整源代码

您可以在此处找到它的示例:http://www.plus2net.com/php_tutorial/dd3.php

  <?php

require "config.php"; // Your Database details 
?>

<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>

<SCRIPT language=JavaScript>
function reload(form)
{
var val=form.cat.options[form.cat.options.selectedIndex].value; 
self.location='aw.php?cat=' + val ;
}
function reload3(form)
{
var val=form.cat.options[form.cat.options.selectedIndex].value; 
var val2=form.subcat.options[form.subcat.options.selectedIndex].value; 

self.location='aw.php?cat=' + val + '&cat3=' + val2 ;
}

</script>
</head>

<body>
<?

///////// Getting the data from Mysql table for first list box//////////
$quer2=mysql_query("SELECT DISTINCT StudNo,LName,FName,MName,Course FROM students"); 
///////////// End of query for first list box////////////

/////// for second drop down list we will check if category is selected else we will display all the subcategory///// 
$cat=$_GET['cat']; // This line is added to take care if your global variable is off
if(isset($cat) and strlen($cat) > 0){
$quer=mysql_query("SELECT DISTINCT GSCode,GStudNo,GSem,GYear,Grade FROM grade WHERE GStudNo='$cat' order by GSCode"); 
}else{$quer=mysql_query("SELECT DISTINCT GSCode,GStudNo,GSem,GYear,Grade FROM grade order by GSCode"); } 
////////// end of query for second subcategory drop down list box ///////////////////////////
$quer2=mysql_query("SELECT DISTINCT GSCode,GStudNo,GSem,GYear,Grade FROM grade"); 

/////// for Third drop down list we will check if sub category is selected else we will display all the subcategory3///// 
$cat3=$_GET['subcat']; // This line is added to take care if your global variable is off
if(isset($cat3) and strlen($cat3) > 0){
$quer3=mysql_query("SELECT DISTINCT GSem,GYear,Grade FROM grade where GSCode='$cat3'"); 
}else{$quer3=mysql_query("SELECT DISTINCT GSem,GYear,Grade FROM grade"); } 
////////// end of query for third subcategory drop down list box ///////////////////////////


echo "<form method=post name=f1 action='dd3ck.php'>";
//////////        Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select one</option>";
while($noticia2 = mysql_fetch_array($quer2)) { 
if($noticia2['StudNo']==@$cat){echo "<option selected value='$noticia2[StudNo]'>$noticia2[StudNo]</option>"."<BR>";}
else{echo  "<option value='$noticia2[StudNo]'>$noticia2[StudNo]</option>";}
}
echo "</select>";
//////////////////  This will end the first drop down list ///////////

//////////        Starting of second drop downlist /////////
echo "<select name='subcat' onchange=\"reload3(this.form)\"><option value=''>Select one</option>";
while($noticia = mysql_fetch_array($quer)) { 
if(empty($noticia['Grade']) AND $noticia['GSCode']==@$cat3){echo "<option selected value='$noticia[GSCode]'>$noticia[GSCode]</option>"."<BR>";}
else{echo  "<option value='$noticia[GSCode]'>$noticia[GSCode]</option>";}
}
echo "</select>";
//////////////////  This will end the second drop down list ///////////


//////////        Starting of third drop downlist /////////
echo "<select name='subcat3' ><option value=''>Select one</option>";
while($noticia = mysql_fetch_array($quer3)) { 
echo  "<option value='$noticia[GSem]'>$noticia[GSem]</option>";
}
echo "</select>";
//////////////////  This will end the third drop down list ///////////


echo "<input type=submit value='Submit the form data'></form>";
?>

</body>

</html

&GT;

1 个答案:

答案 0 :(得分:0)

该代码非常混乱,没有检查返回。无法防止sql注入。

乍一看,我相信你的路线:

$cat3=$_GET['subcat'];

应该是

$cat3=$_GET['cat3'];