需要提交选择ID作为表单的一部分,我该怎么做?

时间:2018-05-23 12:10:37

标签: php html mysql sql registration

我需要在下面的表单中将Choice_ID提交到我的数据库,因为它在另一个函数中使用。我如何将其传递给处理用户注册的PHP代码?我得到的错误信息是:

Notice: Undefined index: Choice_ID in /Users/philip/sites/feedmefit/Assets/register.php on line 16

Notice: Undefined index: Choice_ID in /Users/philip/sites/feedmefit/Assets/register.php on line 17

HTML code:

<div class="panel-group" id="accordion">
    <div class="panel panel-default">
      <div class="panel-heading">
        <h4 class="panel-title">
          <a data-toggle="collapse" data-parent="#accordion" href="#collapse1">Personal Details</a></h4>
      </div>
      <div id="collapse1" class="panel-collapse collapse in">
        <div class="panel-body">
                <form action="Assets/register.php" method="post">
                    <label>Forename:</label><br><input type="text" id="f" name="Forename" placeholder="Forename" required><br/>
                    <label>Surname:</label><br><input type="text" id="s" name="Surname" placeholder="Surname" required><br/>
                    <label>House Number:</label><br><input type="text" id="h" name="House_No" placeholder="House Number" required><br/>
                    <label>Street Name:</label><br><input type="text" id="sn" name="Street_Name" placeholder="Street Name" required><br/>
                    <label>City:</label><br><input type="text" id="c" name="City" placeholder="Town/City" required><br/>
                    <label>Postcode:</label><br><input type="text" id="p" name="Postcode" placeholder="Postcode" required><br/>
                    <label>Username:</label><br><input type="text" id="u" name="Username" placeholder="Username" required><br/>
                    <label>Password:</label><br><input type="text" id="pd" name="Password" placeholder="Password" required><br/>
                    <label>Email:</label><br><input type="text" id="e" name="Email" placeholder="Email" required><br/>
            </div>
      </div>
    </div>
    <div class="panel panel-default">
      <div class="panel-heading">
        <h4 class="panel-title">
          <a data-toggle="collapse" data-parent="#accordion" href="#collapse2">Questionnaire</a>
        </h4>
      </div>
      <div id="collapse2" class="panel-collapse collapse">
        <div class="panel-body">
            <?php
            $sql = "SELECT Question_ID, Question FROM Questions;";

            $result = mysqli_query($conn, $sql);
            $resultCheck = mysqli_num_rows($result);

            if($resultCheck > 0):
                while($row = mysqli_fetch_assoc($result)):
                    $questionid = (int)$row['Question_ID'];
                    echo '<label>'.$row['Question'].'</label><input type="hidden" value="'.$row['Question_ID'].'">';

                    $query = "SELECT Choice_ID, Choice FROM Choices WHERE Question_ID = '$questionid';";
                    $results = mysqli_query($conn, $query);
                    $resultsCheck = mysqli_num_rows($results);
                    if($resultsCheck > 0):
                        $string = '<br><select id="choice">';
                        while($rows = mysqli_fetch_assoc($results)):
                            $string .= '<option value="'.$rows['Choice_ID'].'">'.$rows['Choice'].'</option>';
                    endwhile;
                    $string .= '</select><br>';
                    echo $string;
                endif;
            endwhile;
        endif;
        ?>
        <br>
        <input type="submit" value="Register"/>
        </form>
      </div>
  </div>
</div>
</div>

以下是处理注册的PHP:

<?php
session_start();
//Connect to DB
include 'DBConnection.php';

$Forename = mysqli_real_escape_string($conn, $_POST['Forename']);
$Surname = mysqli_real_escape_string($conn, $_POST['Surname']);
$House_No = mysqli_real_escape_string($conn, $_POST['House_No']);
$Street_Name = mysqli_real_escape_string($conn, $_POST['Street_Name']);
$City = mysqli_real_escape_string($conn, $_POST['City']);
$Postcode = mysqli_real_escape_string($conn, $_POST['Postcode']);
$Username = mysqli_real_escape_string($conn, $_POST['Username']);
$Password = mysqli_real_escape_string($conn, $_POST['Password']);
$Email = mysqli_real_escape_string($conn, $_POST['Email']);

$choice = $_POST['Choice_ID'];
print_r($_POST['Choice_ID']);
exit();

$sql = "INSERT INTO Customers (Forename, Surname, House_No, Street_Name, City, Postcode, Username, Password, Email) 
VALUES ('$Forename', '$Surname', '$House_No', '$Street_Name', '$City', '$Postcode', '$Username', '$Password', '$Email')";
$query = "INSERT INTO Results (Result_ID, Cust_ID, Choice_ID) 
VALUES(,,'$choice')";
$result = $conn->query($sql);
$results = $conn->query($query);

header("Location: ../index.php");

1 个答案:

答案 0 :(得分:0)

您没有给出<select>输入的名称。 您必须将<select id="choice">更改为<select id="choice" name="Choice_ID'.$i.'">

现在您必须更改添加以下代码,以便为每个问题增加$i

$sql = "SELECT Question_ID, Question FROM Questions;";


$i=0;
$sql = "SELECT Question_ID, Question FROM Questions;";


                endif;
        endwhile;
    endif;


                endif;
                $i++;
        endwhile;
    endif;

现在,在您的注册php上,您必须阅读$choice0 = $_POST['Choice_ID0']; $choice1 = $_POST['Choice_ID10'];等,并为每个人进行不同的插入查询。

此外,您的代码对SQL注入攻击持开放态度。 mysqli_real_escape_string并不能完全保护你,你应该使用准备好的陈述。

相关问题
最新问题