无法输出正确的表单提交

Question

我在获取以下下拉列表的实际结果时遇到麻烦，而不是我选择提交的表单数据是“ choseCharacter：selectedCharacter1”，因此我的SQL语句找不到任何内容。

        <form method="post" action="index.php">
    <div id="content">
    <label for='choseCharacter'>Please select a character </label> 
    <select name="choseCharacter" id='choseCharacter'>
    <?php 
    $sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid'") or die("Error: ". mysql_error(). " with query "); 

        while ($row = $sql->fetch_assoc()){
        echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";
        }

    ?>
    </select>  
            <input type="submit" value="Submit">
    </form>

PHP

     <?php

 $getCharacter = $_POST["choseCharacter"];
$sessionid = $_SESSION['user_id'];

    $sql = $database->query("SELECT `character_name`,`userid`,`character_class`,`level`,`health`,`max_health`,`mana`,`strength`,`constitution`,`wit`,`intelligence` FROM `character` WHERE `userid` = '$sessionid' and `character_name` = '$getCharacter'") or die("Error: ". mysql_error(). " with query "); 
            while ($row = $sql->fetch_assoc()){

                    echo "<br><label for='character_name'>Char Name: </label>" . $row['character_name'] . 
                        "<br><label for='character_class'> Class: </label>" . $row['character_class'] .
                        "<br><label for='level'> Level: </label>" . $row['level'] .
                        "<br><label for='health'> Health: </label>" . $row['health'] .
                        "<br><label for='mana'>Mana: </label>" . $row['mana'] .
                        "<br><label for='strength'>Strength: </label>" . $row['strength'] .
                        "<br><label for='constitution'>constitution: </label>" . $row['constitution'] .            
                        "<br><label for='wit'>wit: </label>" . $row['wit'] .
                        "<br><label for='intelligence'>intelligence :</label>" . $row['intelligence'] . "<br>";

                    }     

Answer 1

option value必须包含您要实际使用的值。

所以你的行：

echo "<option value=\"choseCharacter1\">" . $row['character_name'] . "</option>";

需要改为：

echo '<option value="'. htmlspecialchars($row['character_name']) .'">'. $row['character_name'] .'</option>';

---

作为补充说明（重要）：您应该使用prepare并绑定$_POST["choseCharacter"];上的值，以防止SQL注入攻击。