php - Can't search href in form upon clicking button
问题描述
When I click the borrow button, it should execute my borrowing.php but it just returns to itself. It's not executing the action. Is there some way I can solve this?
<form id = "myform" action="includes/borrowing.php" method = "POST" enctype ="multipart/form-data">
<div class = "form-group pull-left">
<label>Student Name:</label>
<br />
<select name = "fIDNumber" id = "student">
<option value = "" selected = "selected" disabled = "disabled">Select an option</option>
<?php
$qborrow = $con->query("SELECT * FROM `tblstudents` ORDER BY `fLastName`") or die(mysqli_error());
while($fborrow = $qborrow->fetch_array()){
?>
<option value = "<?php echo $fborrow['fIDNumber']?>"><?php echo $fborrow['fFirstName']." ".$fborrow['fMiddleName']." ".$fborrow['fLastName']?></option>
<?php
}
?>
</select>
</div>
<div class = "form-group pull-right">
<button name = "save_borrow" class = "btn btn-primary"><span class = "glyphicon glyphicon-thumbs-up"></span> Borrow</button>
</div>
<table id = "table" class = "table table-bordered">
<thead>
<th>Select</th>
<th> Code </th>
<th> Title </th>
<th> Author </th>
<th> Category </th>
<th> Shelf Location </th>
<th> Edition </th>
</thead>
<tbody>
<?php
$sql = $con->query("SELECT * FROM `tblbooks`") or die(mysqli_error());
while($row = $sql->fetch_array()){
$q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$row[fBookCode]' and `fStatus` = '$row[fStatus]'") or die(mysqli_error());
$status = $q_borrow->fetch_array();
?>
<tr>
<td>
<?php
if($status == 'Borrowed'){
echo "<center><label class = 'text-danger'>Not Available</label></center>";
}else{
echo '<input type = "hidden" name = "fBookCode[]" value = "'.$row['fBookCode'].'"><center><input type = "checkbox" name = "selector[]" value = "1"></center>';
}
?>
</td>
<td><center> <?php echo $row['fBookCode']; ?>  </center></td>
<td> <?php echo $row['fTitle']; ?> </td>
<td> <?php echo $row['fAuthor']; ?>  </td>
<td> <?php echo $row['fCategory']; ?>  </td>
<td> <?php echo $row['fShelfLocation']; ?>   </td>
<td> <?php echo $row['fEdition']; ?>  </td>
</tr>
<?php
}
?>
</tbody>
</table>
</form>
Here's my borrowing.php This is not yet fully finished but atleast it should be able to read this. I tried using a link but it won't read my fields anymore. I want to use the form method but it really is not seeing this.
<?php
require_once 'connection_db.php';
if(!ISSET($_POST['fIDNumber'])){
echo '
<script type = "text/javascript">
alert("Select student name first");
window.location = "../borrow.php";
</script>
';
}else{
if(!ISSET($_POST['selector'])){
echo '
<script type = "text/javascript">
alert("Selet a book first!");
window.location = "../borrow.php";
</script>
';
}else{
foreach($_POST['selector'] as $key=>$value){
$fIDNumber = $_POST['fIDNumber'];
$fBookCode = $_POST['fBookCode'][$key];
$date = date("Y-m-d", strtotime("+8 HOURS"));
$conn->query("INSERT INTO `tbltransactions` VALUES('', '$fBookCode', '$fIDNumber', '$book_qty', '$date', 'Borrowed')") or die(mysqli_error());
echo '
<script type = "text/javascript">
alert("Successfully Borrowed");
window.location = "../borrow.php";
</script>
';
}
}
}
解决方案
看起来您试图以不正确的方式访问 $row。尝试这个:
$fBookCodeVal = $row['fBookCode'];
$fStatus = $row['fStatus'];
$q_borrow = $con->query("SELECT * FROM `tblbooks` WHERE `fBookCode` = '$fBookCodeVal' and `fStatus` = '$fStatus'") or die(mysqli_error());
我还注意到您没有使用准备好的语句(带有绑定参数)。似乎 $row 是通过查询填充的,当然如果一行的 fBookCode 值包含恶意代码,则可以执行 SQL 注入。
也改变:
$status = $q_borrow->fetch_array();
至
$status = $q_borrow->mysqli_fetch_assoc();
然后更新:
if($status['status'] == 'Borrowed')
推荐阅读
- localhost - 如何在另一台 PC 上访问 Wamp Web 应用程序
- java - 是否可以以编程方式更改 android 应用程序的分辨率?
- c# - 如何停止重复添加浮点数并生成非常大的数字但仍希望代码更新浮点数
- javascript - 从 Material UI 表和模态中理解内存泄漏 - React
- c - 静态链接中的静态函数与非静态?
- c# - 如何使用chart.js堆积条形mvc(使用.net mvc)显示标签中的值总和
- oauth - Firebase 身份验证:切换提供程序
- html - 如何使用 Ampscripts 使 N/A 值不可点击
- c# - .net 标准 x509 操作系统差异
- javascript - 拦截函数调用或改变函数行为的方法有哪些?