问题在于在下拉列表中执行INSERT。我能够将DB中的数据填充到下拉列表中。问题是从下拉列表插入表格。
HTML (从数据库生成的下拉列表)
<div class="group">
<label>Subject</label>
<input type="text" name="subject">
</div>
<div class="group">
<label>Group</label>
<select id="ministry" name="group">
<option style="font-family: century gothic">---Select Ministry---</option>
<?php // populate dropdown ?>
<?php foreach($groups as $group): ?>
<option value="<?= $group['group_id'] ?>"><?= $group['groupname'] ?></option>
<?php endforeach; ?>
</select>
</div>
PHP (插入数据库的代码)
<?php
$date = "";
$subject = "";
$group = "";
$message = "";
$sql= "SELECT * FROM groups";
$stmt = $db->prepare($sql);
$stmt->execute();
$groups = $stmt->fetchAll();
if (isset($_POST['sendSMS'])) {
$date = (isset($_POST['date']));
$subject = $_POST['subject'];
$group = $_POST['group'];
$message = $_POST['message'];
$sql = "INSERT INTO message (date, subject, group, message)
VALUES
(:date, :subject, :group, :message)";
$stmt->execute(array(
':date' => $_POST['date'],
':subject' => $_POST['subject'],
':group' => $_POST['group'],
':message' => $_POST['message']));
$result = $sql->execute();
echo "SMS sent successfully";
}
?>
答案 0 :(得分:0)
我将您的第一个查询移至页面顶部。在我看来,这将是用组数据填充你的html。
我清理了你的HTML。格式良好的代码更容易阅读,并且在遇到问题时更容易排除故障。我喜欢避免进出php。
您的插入查询已关闭,但我为您提供了一个非常明确的示例。这应该向您展示未来的发展方向。记住:准备,绑定和执行。
<?php
//DB select statement - This should probably go before your select html
$sql= "SELECT * FROM groups";
$stmt = $db->prepare($sql); //Prepare
//Nothing to bind
$stmt->execute(); //Execute
$groups = $stmt->fetchAll();
echo
'<div class="group">
<label>Subject</label>
<input type="text" name="subject">
</div>
<div class="group">
<label>Group</label>
<select id="ministry" name="group">
<option style="font-family: century gothic">---Select Ministry---</option>';
foreach($groups as $group){
echo
'<option value="' . $group['group_id'] . '">' . $group['groupname'] . '</option>';
}
echo
'</select>
</div>';
if(isset($_POST['sendSMS'])){
//insert into database
$query = "INSERT INTO `message`
(
`date`,
`subject`,
`group`,
`message`
)
VALUES
(
:date,
:subject,
:group,
:message
)";
//Remember these three steps. 1.)Prepare, 2.)Bind, 3.)Execute
$stmt = $db->prepare($query); //Prepare
//Bind
$stmt->bindParam(":date", $_POST['date']);
$stmt->bindParam(":subject", $_POST['subject']);
$stmt->bindParam(":group", $_POST['group']);
$stmt->bindParam(":message", $_POST['message']);
//Execute
$stmt->execute();
echo "SMS sent successfully";
}
?>
以下是您在PDO上阅读的两个来源。我强烈建议您查看它们并将它们加入书签,以便在需要时进行参考。
https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection
答案 1 :(得分:0)
<?php
//---session start---
session_start();
//---variables iniatiated and set to empty---
$date = "";
$subject = "";
$group = "";
$message = "";
//--try begins here---
//---include db connection---
require 'db.php';
$sql= "SELECT * FROM groups";
$stmt = $db->prepare($sql);
$stmt->execute();
$groups = $stmt->fetchAll();
if(isset($_POST['sendSMS'])){
//insert into database
$query = "INSERT INTO member(date, subject, group, message) VALUES (:date, :subject, :group, :message)";
$stmt = $db->prepare($query);
$stmt->bindParam(":date", $_POST['date']);
$stmt->bindParam(":subject", $_POST['subject']);
$stmt->bindParam(":group", $_POST['group']);
$stmt->bindParam(":message", $_POST['message']);
$stmt->execute();
echo "SMS sent successfully";
header('location: SMSsent.php');
}
//--close connection---
unset($db); <form>
<div class="group">
<label>Group</label>
<select id="ministry" name="group">
<?php
foreach($groups as $group){
echo '<option value="' . $group['group_id'] . '">' . $group['groupname'] . '</option>';
}
?>
</select>
</div>
<div class="group">
<label>Message</label>
<textarea
style="text-align: left; vertical-align: middle;"
cols="25" rows="7" name="message" id="clear">
</textarea>
</div>
<button type="submit" class="btn" name="sendSMS">Send SMS</button>
</div>
</form>