侧面html中的Php下拉选择

时间:2011-10-06 10:45:51

标签: php mysql html sql

我正在尝试将结果添加到html下拉列表中 如果我把它放在html表单之外,php就可以工作:它显示了结果,但我需要在表单中

<form><form method="post" action="selldo.php">
<label><br /><br /><br /><br />What slot do you want to Sell?</label>
<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php 
$result = mysql_query("SELECT * FROM user_pokemon 
                       WHERE belongsto='$_SESSION[username]'");

while($row = mysql_fetch_array($result))
{
  echo $row['id'] . " " . $row['pokemon'];
  echo "<br />";
}
?>

</select><br/><br/>
<label>Price You Would Like For The Pokemon?</label>
<input type="int" name="cost" id="cost" maxlength="30"/><br/><br/>
<button name="submit" type="submit" id="Submit_But">Sell</button>
<p>&nbsp;</p><p>&nbsp;</p>
</form>

当我查看下拉菜单时,没有什么,但是如果它将SQL从表单中删除,它会将结果发布到页面,所以它工作正常我只需要在下拉html表单旁边

p.s我有页面的连接顶部

5 个答案:

答案 0 :(得分:2)

您需要echo HTML option元素:

while($row = mysql_fetch_array($result)) {
    echo "<option>" . $row['id'] . " " . $row['pokemon'] . "</option>";
}

您可能希望将option元素设为value,以便在提交表单时正确传递所选选项。

答案 1 :(得分:1)

您是否看过此代码生成的来源? 你会发现你的选择都在那里,但只是在虚空中的某个地方,没有被任何html标签包裹。你会看到类似的东西:

<form>
<select>
<option></option>
your first option
your second option
your third option
your n'th option
</select>
</form>

但是你真正需要的是,标记是正确的,是:

<option>your first option</option>
<option>your second options</option>

等等......这应该足以让你做对了!如果不是...... 

echo '<option value="' . $row['id'] . '">' . $row['pokemon'] . '</option>';

答案 2 :(得分:1)

你有一个SQL注入漏洞和一个可能的XSS安全漏洞:

通过将php代码更改为:

来纠正此问题 
<?php  
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon  
                       WHERE belongsto = '$username' "); 

while($row = mysql_fetch_array($result)) 
{ 
  $id = htmlentities($row['id']);
  $pokemon = htmlentities($row['pokemon']);
  echo '<option value = "$id"> $pokemon </option>'; 
} 
?>

请参阅:What are the best practices for avoiding xss attacks in a PHP site
How does the SQL injection from the "Bobby Tables" XKCD comic work?

答案 3 :(得分:0)

你没有创造一个选择!你需要<option></option>标签,而不仅仅是回显你的结果...... 

<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php 
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto='$username'");
while($row = mysql_fetch_array($result)) : ?>
<option value="<?php echo htmlentities($row['id']);?>"><?php echo htmlentities($row['pokemon']);?></option>
<?php endwhile;?>
</select>

答案 4 :(得分:-2)

这应该可以解决问题:

<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<?php 
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto = '$_SESSION[username]'");
while($row = mysql_fetch_array($result)) {    
echo "<option value=\"\">" . $row['id'] . " " . $row['pokemon'] . "</option>
?>
</select>
相关问题
最新问题