php - 使用下拉菜单将主 ID 传递给使用 MYSQLi 的 PHP 表单不起作用
问题描述
使用 AddTeamPlayer.php 页面通过隐藏字段将表单下拉列表中的选定值传递给另一个 AddPlayer.php。该值未发送。代码将从所有三个页面发布。结果,错误,在尝试发送选定的隐藏值时显示一个空值。
添加TeamPlayer.php
<select name="myselectbox">
<option>Select</option>
<?php
$sql = "SELECT TeamName, TeamID FROM Team ORDER BY TeamName";
$result = mysqli_query($link, $sql);
while ($row = mysqli_fetch_array($result)) {
echo '<option>' . $row['TeamName'] .' '. $row['TeamID'] . ' </option>';
'<input type="hidden" name="hiddenTeamID" value="('. $row['TeamID'] . ')" >';
}
?>
</select>
添加播放器.php
//Team from the dropdown on AddTeamPlayerData.php page - hidden variable
$TeamID = mysqli_real_escape_string($link, $_REQUEST['hiddenTeamID']);
echo "hiddenteamid is $TeamID";
// insert PLAYER table data from form
$sql1 = "INSERT INTO Player (FirstName, LastName, Number, TeamID) VALUES ('$PlayerFirstName', '$PlayerLastName', '$PlayerNumber', '$TeamID')";
收到错误
hiddenteamid 是
错误:无法执行球员数据...插入球员(名字、姓氏、号码、团队ID)值('pfn'、'pln'、'3'、'')。
无法添加或更新子行:外键约束失败 (
playmak3_pitchcountstats
.Player
, CONSTRAINTPlayer_ibfk_1
FOREIGN KEY (TeamID
) REFERENCESTeam
(TeamID
))
解决方案
注意正如@Phil 正确指出的那样,您实际上已经将您的hidden
领域放在里面,select
因此这个初始修复将不起作用。不过,我还是要把它留在这里......
您的PHP
代码中有错误:
1> $sql = "SELECT TeamName, TeamID FROM Team ORDER BY TeamName";
2> $result = mysqli_query($link, $sql);
3> while ($row = mysqli_fetch_array($result)) {
4> echo '<option>' . $row['TeamName'] .' '. $row['TeamID'] . ' </option>';
5>
6> '<input type="hidden" name="hiddenTeamID" value="('. $row['TeamID'] . ')" >';
7>
8> }
在线上4
,您在行尾有一个分号,终止echo
. 这意味着该行6
永远不会回显。因此,从前端的角度来看,它看起来与您期望的一样,但隐藏字段不存在,因此不会被传递。
删除分号并将其替换为.
。
修复代码
基本修复
添加TeamPlayer.php
<select name="myselectbox">
<option disabled hidden selected>Select a team...</option>
<?php
$sql = "SELECT TeamName, TeamID FROM Team ORDER BY TeamName";
$result = mysqli_query($link, $sql);
while ($row = mysqli_fetch_array($result)) {
$teamid = $row["TeamID"];
$teamname = $row["TeamName"];
echo "<option value=\"{$teamid}\">{$teamname}</option>";
}
?>
</select>
添加播放器.php
//Team from the dropdown on AddTeamPlayerData.php page
$teamid = (int)$_POST["myselectbox"]; // Assuming that TeamID is an integer... Casting it to int is the only escaping you need
echo "Team ID is: ".$teamid;
// Insert PLAYER table data from form
$sql1 = "INSERT INTO Player (FirstName, LastName, Number, TeamID) VALUES ('{$PlayerFirstName}', '{$PlayerLastName}', '{$PlayerNumber}', {$teamid})";
但是,即使这样,您也可能会遇到问题。它经常被引用(在这个网站上)“逃避你的输入是不够的”来保护你免受恶意行为。
因此,我强烈建议您使用mysqli
或PDO
改进代码
mysqli
$data= [
$_POST["FirstName"], // First name from form
$_POST["LastName"], // Last name from form
$_POST["Number"], // Number from form
$_POST["myselectbox"] // Team id from select box
];
$sql = "INSERT INTO Player (FirstName, LastName, Number, TeamID) VALUES (?, ?, ?, ?)"; // SQL statement using `?` as place holders
$query = $mysqli->prepare($sql); // Prepare query
$query->bind_param("ssii", ...$data); // Bind parameters, setting data type, using PHPs unpacking operator ...
$query->execute(); // Execute the query
PDO
$data= [
$_POST["FirstName"], // First name from form
$_POST["LastName"], // Last name from form
$_POST["Number"], // Number from form
$_POST["myselectbox"] // Team id from select box
];
$sql = "INSERT INTO Player (FirstName, LastName, Number, TeamID) VALUES (?, ?, ?, ?)"; // SQL statement using `?` as place holders
$query = $pdo->prepare($sql); // Prepare query
$query->execute($data); // Bind parameters and execute query
推荐阅读
- static-analysis - 通过静态代码分析工具获取方法层次结构
- java - 有什么方法可以知道使用的最佳端口
- javascript - 函数在 searchText 字段中显示为文本
- apache - 使用 htaccess 阻止 URL
- android - 以编程方式复制到 Android 系统文件夹
- ios - DJI SDK 航点任务 - swift, IOS
- java - JSON 解析错误:反序列化属性“taxLevels”时出现问题(预期类型:[map
- visual-studio-code - pytest 无法加载 pytest-mock | VSCode pytest GUI 与 pytest-mock 配合得很好
- javascript - 测验中的 Strapi 关系
- r - How to mutate several columns by column index rather than column name using across?