当我单击借阅按钮时,它应该执行我的rowing.php,但它只会返回自身。它没有执行动作。有什么办法可以解决这个问题?
<form id = "myform" action="includes/borrowing.php" method = "POST" enctype ="multipart/form-data">
<div class = "form-group pull-left">
<label>Student Name:</label>
<br />
<select name = "fIDNumber" id = "student">
<option value = "" selected = "selected" disabled = "disabled">Select an option</option>
<?php
$qborrow = $con->query("SELECT * FROM `tblstudents` ORDER BY `fLastName`") or die(mysqli_error());
while($fborrow = $qborrow->fetch_array()){
?>
<option value = "<?php echo $fborrow['fIDNumber']?>"><?php echo $fborrow['fFirstName']." ".$fborrow['fMiddleName']." ".$fborrow['fLastName']?></option>
<?php
}
?>
</select>
</div>
<div class = "form-group pull-right">
<button name = "save_borrow" class = "btn btn-primary"><span class = "glyphicon glyphicon-thumbs-up"></span> Borrow</button>
</div>
<table id = "table" class = "table table-bordered">
<thead>
<th>Select</th>
<th> Code </th>
<th> Title </th>
<th> Author </th>
<th> Category </th>
<th> Shelf Location </th>
<th> Edition </th>
</thead>
<tbody>
<?php
$sql = $con->query("SELECT * FROM `tblbooks`") or die(mysqli_error());
while($row = $sql->fetch_array()){
$q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$row[fBookCode]' and `fStatus` = '$row[fStatus]'") or die(mysqli_error());
$status = $q_borrow->fetch_array();
?>
<tr>
<td>
<?php
if($status == 'Borrowed'){
echo "<center><label class = 'text-danger'>Not Available</label></center>";
}else{
echo '<input type = "hidden" name = "fBookCode[]" value = "'.$row['fBookCode'].'"><center><input type = "checkbox" name = "selector[]" value = "1"></center>';
}
?>
</td>
<td><center> <?php echo $row['fBookCode']; ?>  </center></td>
<td> <?php echo $row['fTitle']; ?> </td>
<td> <?php echo $row['fAuthor']; ?>  </td>
<td> <?php echo $row['fCategory']; ?>  </td>
<td> <?php echo $row['fShelfLocation']; ?>   </td>
<td> <?php echo $row['fEdition']; ?>  </td>
</tr>
<?php
}
?>
</tbody>
</table>
</form>
这是我的借款。php尚未完全完成,但至少应该可以阅读。我尝试使用链接,但不再读取我的字段。我想使用form方法,但实际上并没有看到它。
<?php
require_once 'connection_db.php';
if(!ISSET($_POST['fIDNumber'])){
echo '
<script type = "text/javascript">
alert("Select student name first");
window.location = "../borrow.php";
</script>
';
}else{
if(!ISSET($_POST['selector'])){
echo '
<script type = "text/javascript">
alert("Selet a book first!");
window.location = "../borrow.php";
</script>
';
}else{
foreach($_POST['selector'] as $key=>$value){
$fIDNumber = $_POST['fIDNumber'];
$fBookCode = $_POST['fBookCode'][$key];
$date = date("Y-m-d", strtotime("+8 HOURS"));
$conn->query("INSERT INTO `tbltransactions` VALUES('', '$fBookCode', '$fIDNumber', '$book_qty', '$date', 'Borrowed')") or die(mysqli_error());
echo '
<script type = "text/javascript">
alert("Successfully Borrowed");
window.location = "../borrow.php";
</script>
';
}
}
}
答案 0 :(得分:0)
好像您试图以不正确的方式访问$ row。试试这个:
$fBookCodeVal = $row['fBookCode'];
$fStatus = $row['fStatus'];
$q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$fBookCodeVal' and `fStatus` = '$fStatus'") or die(mysqli_error());
我还注意到您没有使用准备好的语句(具有绑定的参数)。似乎$ row正在通过查询填充,当然,如果一行的fBookCode值包含恶意代码,则可以执行SQL注入。
也要更改:
$status = $q_borrow->fetch_array();
到
$status = $q_borrow->mysqli_fetch_assoc();
然后更新:
if($status['status'] == 'Borrowed')