我在获取以下下拉列表的实际结果时遇到麻烦,而不是我选择提交的表单数据是“ choseCharacter:selectedCharacter1”,因此我的SQL语句找不到任何内容。
<form method="post" action="index.php">
<div id="content">
<label for='choseCharacter'>Please select a character </label>
<select name="choseCharacter" id='choseCharacter'>
<?php
$sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid'") or die("Error: ". mysql_error(). " with query ");
while ($row = $sql->fetch_assoc()){
echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";
}
?>
</select>
<input type="submit" value="Submit">
</form>
PHP
<?php
$getCharacter = $_POST["choseCharacter"];
$sessionid = $_SESSION['user_id'];
$sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid' and `character_name` = '$getCharacter'") or die("Error: ". mysql_error(). " with query ");
while ($row = $sql->fetch_assoc()){
echo "<br><label for='character_name'>Char Name: </label>" . $row['character_name'] .
"<br><label for='character_class'> Class: </label>" . $row['character_class'] .
"<br><label for='level'> Level: </label>" . $row['level'] .
"<br><label for='health'> Health: </label>" . $row['health'] .
"<br><label for='mana'>Mana: </label>" . $row['mana'] .
"<br><label for='strength'>Strength: </label>" . $row['strength'] .
"<br><label for='constitution'>constitution: </label>" . $row['constitution'] .
"<br><label for='wit'>wit: </label>" . $row['wit'] .
"<br><label for='intelligence'>intelligence :</label>" . $row['intelligence'] . "<br>";
}
答案 0 :(得分:1)
option value
必须包含您要实际使用的值。
所以你的行:
echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";
需要改为:
echo '<option value="'. htmlspecialchars($row['character_name']) .'">'. $row['character_name'] .'</option>';
作为补充说明(重要):您应该使用prepare
并绑定$_POST["choseCharacter"];
上的值,以防止SQL注入攻击。