我正在尝试为我的俱乐部创建一个表单,该表单从数据库中获取信息,以便从数据库中选择受训人员。然后另外从事件列表中选择一个并将INSERT返回到数据库中。它写入数据库确定并循环正确的次数但没有将$ trainee值传递给数据库 我认为失败的是从
传递信息print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />
到if(isset($_POST['formSubmit'])) loop.
有谁告诉我哪里出错了?代码如下:
<?php
//Retrieve trainees of specified grade
$data = mysql_query('SELECT * FROM membership WHERE grade = "Trainee" ')
or die(mysql_error()); // select works
// Writes to database OK, including Trainee if manual value entered into form like done in instrucot
$query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '{$_POST['Trainee']}', '{$_POST['activity']}', '{$_POST['instructor']}', '{$_POST['enteredBy']}', NOW())";
// Feedback and posting
if(isset($_POST['formSubmit']))
{
$aTrainee = $_POST['data'];
$training = $_POST['activity'];
if(empty($aTrainee))
{
echo("<p>You didn't select trainees.</p>\n");
} else {
$N = count($aTrainee);
echo("<p>You selected $N trainee(s): ");
for($i=0; $i < $N; $i++) // loop thru all selected checkbox adding
{
$trainee = $aTrainee[$i];
// Execute the query.
if (@mysql_query ($query)) {
// lists OK on screen but does not pass to form for writing to database
print "<p>The $training added for $trainee.</p>";
}
}
}
}
// end of posting
// Start of form
// Creates list with checkbox, cycles through info from membership database and makes a multi select checkbox list
while($info = mysql_fetch_array( $data )) //repeat while there is still data from SELECT
{
?>
<form action ="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" >
<input id= "<?= $info['no'] ?>" type="checkbox" name="data[]" value="<?= $info['no'] ?>" />
<label for="<?= $info['no'] ?>"><?= $info['_no'] ?></label>
<br />
<?
}
// Training Activities checkbox, Displays training activity to be selected from
print '<p><input type="radio" name="activity" value="Training1" /> Training1</p>'; //works
print '<p><input type="radio" name="activity" value="Training2" /> Training2</p>'; //works
print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />
<input type="hidden" name="instructor" value= anInstructor />
<input type="hidden" name="enteredBy" value=' . ($_SESSION['username']) . ' />
<input type="submit" name="formSubmit" value="Add Training" />
</form>';
mysql_close(); // Close the database connection;
?>
答案 0 :(得分:0)
您的查询不会从字符串中突破以插入变量。 而是尝试:
$query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '".$_POST['Trainee']."', '".$_POST['activity']."', '".$_POST['instructor']."','".$_POST['enteredBy']."', NOW())";
虽然我建议先将这些$ _POST变量添加到$ variables中并运行一些验证以确保它是干净的。 addslashes()是确保不会弹出SQL错误的良好开端。但这不是关于安全插入已清理的用户输入的讲座。