mysql如何输入字段内使用选择的选项的当前值

发布时间: 2016/10/23 6:42:13
注意事项: 本文中文内容可能为机器翻译,如要查看英文原文请点击上面连接.

我使用 phpmyadmin 在 Xampp,已经作出两个表; 表 1︰ 类别以其属性为 cat_id 和 cat_name (其中 cat_id 是主键) 表 2︰ 项目与它的属性为 item_id,生成 item_name,item_price...cat_id (item_id 是一个主键,cat_id 是一个外键) 我还在 phpmyadmin 的正确关系。 问题是在 php 中选择标记中使用值的选定 cat_name 即 cat_id。 附言我意识到自己是受 SQL 注入。

PHP

<?php  
require ('config.php'); 
if(isset($_POST['check']))
{
if(isset($_POST['button'])) 
{
$catname = $_POST['cat'];

$que1 = "SELECT * FROM category WHERE cat_name = '$catname'";
$res1 = mysql_query($que1);
$row = mysql_fetch_array($res1);
$cat_db = $row['cat_name'];

if($catname == $cat_db || $catname == "")
{   
    echo "Catergory: $catname already exits. Failed to be inserted.";
}
else
{
    $que = "INSERT INTO category (cat_name) VALUES('$catname')";
    $res = mysql_query($que);
    echo "Catergory: $catname inserted successfully.";

}
die();
}


  if(isset($_POST['item_name']))
  {
      $i_id = $_POST['item_id'];
      $i_name = $_POST['item_name'];
      $i_quan = $_POST['item_quantity'];
      $i_size = $_POST['item_size'];
      $i_price = $_POST['item_price'];
      $cat_id = $_POST['cat_id'];

$que = "INSERT INTO item(item_name, item_quantity, item_size, item_price, cat_id) VALUES('$i_name','$i_quan','$i_size','$i_price', '$cat_id')";
$run = mysql_query($que);
if(!$run)
   echo "Item Details failed to Update.";       
  }
}
?>

HTML

<!DOCTYPE html>
<html>
<head>
<link rel = "stylesheet" href = "login.css">
</head>
<body>
<form action = "" method = "POST">

<p><label class = "field">Add Category:</label></p>
<input type = "text" name = "cat" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"  title = "Please enter your Category Name">
<button type=  "submit" onclick = "location.href = '';" id = "savebutton" name = "button">Add Now</button>
<p><label class = "field">Add Item:</label></p>


<select name="cate">
<?php 
$que1 = "SELECT * FROM category";
$res1 = mysql_query($que1);
while($row = mysql_fetch_array($res1))
{    
$cat_id_db = $row['cat_id'];                 //use array over here
$cat_db = $row['cat_name'];                  //use array over here
?>

<option value="<?php echo $cat_id_db; ?>" ><?php echo $cat_db;?></option>

<?php } ?>
</select>


<?php 
$que1 = "SELECT * FROM category WHERE cat_name = '$cat_db'";      //yahan masla hai bhai, how do i set '$cat_db' into a static variable?
$res1 = mysql_query($que1);
$row = mysql_fetch_array($res1);
$cat_db_id = $row['cat_id'];
?>

<p><label class = "field">Category ID:</label></p>
<input type = "text" name = "cat_id" value = "<?php echo $cat_id_db; ?>" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"> <!-- this is the PROBLEM how do i use the value of a selected option ONLY? -->
 <p><label class = "field">Item ID:</label></p>
 <input type = "text" name = "item_id" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"title = "Please enter your Item ID">
 <p><label class = "field">Item Name:</label></p>
 <input type = "text" name = "item_name" class = "textbox-300" pattern = "[a-zA-Z ]+"title = "Please enter your Item Name">
 <p><label class = "field">Item Quantity:</label></p>
 <input type = "text" name = "item_quantity" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"title = "Please enter your Item Quantity">
 <p><label class = "field">Item Size:</label></p>
 <input type = "text" name = "item_size" class = "textbox-300" pattern = "[a-zA-Z0-9\.\, ]+"title = "Please enter your Item Size">
 <p><label class = "field">Item Price:</label></p>
 <input type = "text" name = "item_price" class = "textbox-300" pattern = "[a-zA-Z0-9\.\, ]+"title = "Please enter your Item Price">


 <input type = "hidden" name = "check">
 <input type = "submit" class = "button" name = "sub"  value = "Save">

 </form> 
 </body>
 </html>

解决方法 1:

由于这里的会员发现了答案所以 im 发在这里,万一有人来这里寻找同样的事情。

<select name="cate" onchange="changeInput(this.value);">
    <?php //your php code here ?>
</select>

<p><label class = "field">Category ID:</label></p>
<input type = "text" name = "cat_id" id="cat_id" value = "change select to see me change" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"  title = "Please enter your Item Price">
</form>

<script>
var changeInput = function (val){
    var input = document.getElementById("cat_id");
    input.value = val;
}
</script> 
赞助商