为什么不将这个隐藏字段发送到数据库? MySQL的/ PHP

时间:2011-05-08 15:32:53

标签: php mysql

HTML / PHP 

            <?php if(!empty($_GET['pID'])) $the_pID = mysql_real_escape_string($_GET['pID']);
                       if(!empty($_POST['cID'])) $the_cID = mysql_real_escape_string($_POST['cID']);

            ?>

            <form action="inc/q/prof.php?pID=<?php echo $the_pID; ?>" method="post">            
        <select id="courseInfoDD" name="courseInfoDD" tabindex="1">
                        <?php while($row3 = $sth3->fetch(PDO::FETCH_ASSOC))
                                {echo "<option>".$row3['prefix']." ".$row3['code']."</option>";}
                        ?>
                </select>       
        <select id="commQuarter" name="commQuarter" tabindex="2">
                         <option value="Fall">Fall</option>
                         <option value="Winter">Winter</option>
                         <option value="Spring">Spring</option>
                         <option value="Summer">Summer</option>
                </select>  
 <select id="commYr" name="commYr" tabindex="3">
                        <?php
                        $startdate = 2000;$enddate = date("Y");$years = range ($startdate,$enddate);foreach($years as $year){echo "<option value='$year'>$year</option>";}?>
          </select>  

        <textarea type="text" id="addComment" name="addComment" tabindex="3" value="Enter comment"> </textarea>
    <input type="hidden" name="pID" value="<?php echo $the_pID; ?>" />
    <?php if($sth3->rowCount() > 0) {
                $row3 = $sth3->fetch(PDO::FETCH_ASSOC);
            echo "<input type='hidden' name='cID' value='<?php echo $the_cID; ?>' />";
    } else {
                echo "<h1>poop</h1>.";
            }
            unset($sth3);
    ?>
    <input type="submit" name="submit" id="submit" />
    </form> 



**PHP/MYSQL**

<?php // Get select box options 
$pID3 = filter_input(INPUT_GET, 'pID', FILTER_SANITIZE_NUMBER_INT);
        $pdo3 = new PDO('mysql:host=##;dbname=###', $u, $p);
        $pdo3->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sth3 = $pdo3->prepare('
    SELECT pID, cID, C.prefix, C.code
    FROM Department D, Course C, Professor P
    WHERE pID = ?
    AND D.dID = C.dID
    AND D.dID = P.dID; 
');
        $sth3->execute(array(
            $pID3
        ));
?>

    <?php

    $connect = mysql_connect("###", $u, $p) 
      or die ("Error , check your server connection.");
    mysql_select_db("##");

    //Get data in local variable
    if(!empty($_POST['addComment']))
        $INFOO=mysql_real_escape_string($_POST['addComment']);
    if(!empty($_POST['commQuarter']))
        $QTRR=mysql_real_escape_string($_POST['commQuarter']);
    if(!empty($_POST['commYr']))
        $YRR=mysql_real_escape_string($_POST['commYr']);
    if(!empty($_POST['pID']))
        $PIDD=mysql_real_escape_string($_POST['pID']);
    if(!empty($_POST['cID']))
        $CIDD=mysql_real_escape_string($_POST['cID']);
    if(!empty($_POST['courseInfoDD']))
        $COURSEE=mysql_real_escape_string($_POST['courseInfoDD']);

    #print_r($_POST);
    echo $the_pID;
    echo $the_cID;

    // check for null values
    if (isset($_POST['submit'])) {
    $query="INSERT INTO Comment (info, Qtr, Yr, pID, cID, CName) 
            VALUES ('$INFOO', '$QTRR', '$YRR', '$PIDD', '$CIDD','$COURSEE')";
    mysql_query($query)  or die(mysql_error());
    echo "Your message has been received";
    }
    #else if(!isset($_POST['submit'])){echo "No blank entries";}
    #else{echo "Error!";}
    ?>

提交的内容示例: img1

结尾显示的零是cID字段,为什么不提交?它没有给出错误。

另外,这有什么问题:

<?php if($sth3->rowCount() > 0) {
                    $row3 = $sth3->fetch(PDO::FETCH_ASSOC);
                        echo "<input type='hidden' name='cID' id='cID' value='$row3['cID']' />";
                } else {
                    echo "<h1>poop</h1>.";
                }
                unset($sth3);
                ?>

这是说:syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in

2 个答案:

答案 0 :(得分:0)

您的代码看起来很好,实际上您可能正在接收参数值。我认为您使用empty会导致问题。来自http://php.net/manual/en/function.empty.php

Returns FALSE if var has a non-empty and non-zero value.

The following things are considered to be empty:

    * "" (an empty string)
    * 0 (0 as an integer)
    * 0.0 (0 as a float)
    * "0" (0 as a string)
    * NULL
    * FALSE
    * array() (an empty array)
    * var $var; (a variable declared, but without a value in a class)

换句话说即使cID正确地从浏览器发送到服务器,如果该值是上面列表中的任何值,则空检查将失败

我建议这样做:

if(isset($_POST['cID']))
    $CIDD=mysql_real_escape_string($_POST['cID']);

您可能仍然会收到垃圾,但它至少会验证您是否正在接收参数。

答案 1 :(得分:0)

在我看来,cId从未真正初始化:您在开始时从$ _POST数组中读取它,这意味着必须在访问此页面之前设置它,否则将被视为空。

检查浏览器中的html输出,您可能会看到它显示为

<input type="hidden" name="cID" value="" />

- &GT;没有价值。

我认为你的意思是在数据库端创建它(自动增量)然后你必须得到像mysql_last_insert_id / PDO :: lastInsertId()

这样的值
相关问题
最新问题