单击按钮后无法在表单中搜索href

时间:2019-02-17 02:11:52

标签: php html mysql forms bootstrap-4

当我单击借阅按钮时,它应该执行我的rowing.php,但它只会返回自身。它没有执行动作。有什么办法可以解决这个问题?

<form id = "myform" action="includes/borrowing.php" method = "POST" enctype ="multipart/form-data">
                        <div class = "form-group pull-left">    
                            <label>Student Name:</label>
                            <br />
                            <select name = "fIDNumber" id = "student">
                                <option value = "" selected = "selected" disabled = "disabled">Select an option</option>
                                <?php
                                    $qborrow = $con->query("SELECT * FROM `tblstudents` ORDER BY `fLastName`") or die(mysqli_error());
                                    while($fborrow = $qborrow->fetch_array()){
                                ?>
                                    <option value = "<?php echo $fborrow['fIDNumber']?>"><?php echo $fborrow['fFirstName']." ".$fborrow['fMiddleName']." ".$fborrow['fLastName']?></option>
                                <?php
                                    }
                                ?>
                            </select>
                        </div>
                        <div class = "form-group pull-right">   
                            <button name = "save_borrow" class = "btn btn-primary"><span class = "glyphicon glyphicon-thumbs-up"></span> Borrow</button>
                        </div>
                        <table id = "table" class = "table table-bordered">
                <thead>
                    <th>Select</th>
                    <th> Code </th>
                    <th> Title </th>
                    <th> Author </th>
                    <th> Category </th>
                    <th> Shelf Location </th>
                    <th> Edition </th>
                </thead>
                <tbody>
                    <?php
                                    $sql = $con->query("SELECT * FROM `tblbooks`") or die(mysqli_error());
                                    while($row = $sql->fetch_array()){
                                    $q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$row[fBookCode]' and `fStatus` = '$row[fStatus]'") or die(mysqli_error());
                                    $status = $q_borrow->fetch_array();

                    ?>
                    <tr>

                        <td>
                        <?php
                        if($status == 'Borrowed'){
                        echo "<center><label class = 'text-danger'>Not Available</label></center>";
                        }else{
                        echo '<input type = "hidden" name = "fBookCode[]" value = "'.$row['fBookCode'].'"><center><input type = "checkbox" name = "selector[]" value = "1"></center>';
                        }
                        ?>
                        </td>
                        <td><center> <?php echo $row['fBookCode']; ?> &emsp;</center></td>
                        <td> <?php echo $row['fTitle']; ?>&emsp;</td>
                        <td> <?php echo $row['fAuthor']; ?> &emsp;</td>
                        <td> <?php echo $row['fCategory']; ?> &emsp;</td>
                        <td> <?php echo $row['fShelfLocation']; ?> &emsp;&emsp;</td>
                        <td> <?php echo $row['fEdition']; ?> &emsp;</td>

                    </tr>
                    <?php
                        }   
                    ?>
                </tbody>

            </table>
                    </form>

这是我的借款。php尚未完全完成,但至少应该可以阅读。我尝试使用链接,但不再读取我的字段。我想使用form方法,但实际上并没有看到它。

<?php
    require_once 'connection_db.php';
    if(!ISSET($_POST['fIDNumber'])){    
        echo '
            <script type = "text/javascript">
                alert("Select student name first");
                window.location = "../borrow.php";
            </script>
        ';
    }else{
        if(!ISSET($_POST['selector'])){
            echo '
                <script type = "text/javascript">
                    alert("Selet a book first!");
                    window.location = "../borrow.php";
                </script>
            ';
        }else{
            foreach($_POST['selector'] as $key=>$value){
                $fIDNumber = $_POST['fIDNumber'];
                $fBookCode = $_POST['fBookCode'][$key];
                $date = date("Y-m-d", strtotime("+8 HOURS"));
                $conn->query("INSERT INTO `tbltransactions` VALUES('', '$fBookCode', '$fIDNumber', '$book_qty', '$date', 'Borrowed')") or die(mysqli_error());
                echo '
                    <script type = "text/javascript">
                        alert("Successfully Borrowed");
                        window.location = "../borrow.php";
                    </script>
                ';
            }
        }   
    }   

1 个答案:

答案 0 :(得分:0)

好像您试图以不正确的方式访问$ row。试试这个:

$fBookCodeVal = $row['fBookCode'];
$fStatus = $row['fStatus'];
$q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$fBookCodeVal' and `fStatus` = '$fStatus'") or die(mysqli_error());

我还注意到您没有使用准备好的语句(具有绑定的参数)。似乎$ row正在通过查询填充,当然,如果一行的fBookCode值包含恶意代码,则可以执行SQL注入。

也要更改:

$status = $q_borrow->fetch_array();

$status = $q_borrow->mysqli_fetch_assoc();    

然后更新:

if($status['status'] == 'Borrowed')