无法输出正确的表单提交

时间:2018-07-12 17:25:01

标签: php

我在获取以下下拉列表的实际结果时遇到麻烦,而不是我选择提交的表单数据是“ choseCharacter:selectedCharacter1”,因此我的SQL语句找不到任何内容。

        <form method="post" action="index.php">
    <div id="content">
    <label for='choseCharacter'>Please select a character </label> 
    <select name="choseCharacter" id='choseCharacter'>
    <?php 
    $sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid'") or die("Error: ". mysql_error(). " with query "); 

        while ($row = $sql->fetch_assoc()){
        echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";
        }

    ?>
    </select>  
            <input type="submit" value="Submit">
    </form>

PHP

     <?php

 $getCharacter = $_POST["choseCharacter"];
$sessionid = $_SESSION['user_id'];

    $sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid' and `character_name` = '$getCharacter'") or die("Error: ". mysql_error(). " with query "); 
            while ($row = $sql->fetch_assoc()){

                    echo "<br><label for='character_name'>Char Name: </label>" . $row['character_name'] . 
                        "<br><label for='character_class'> Class: </label>" . $row['character_class'] .
                        "<br><label for='level'> Level: </label>" . $row['level'] .
                        "<br><label for='health'> Health: </label>" . $row['health'] .
                        "<br><label for='mana'>Mana: </label>" . $row['mana'] .
                        "<br><label for='strength'>Strength: </label>" . $row['strength'] .
                        "<br><label for='constitution'>constitution: </label>" . $row['constitution'] .            
                        "<br><label for='wit'>wit: </label>" . $row['wit'] .
                        "<br><label for='intelligence'>intelligence :</label>" . $row['intelligence'] . "<br>";

                    }     

1 个答案:

答案 0 :(得分:1)

option value必须包含您要实际使用的值。

所以你的行:

echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";

需要改为:

echo '<option value="'. htmlspecialchars($row['character_name']) .'">'. $row['character_name'] .'</option>';

作为补充说明(重要):您应该使用prepare并绑定$_POST["choseCharacter"];上的值,以防止SQL注入攻击。