html select php处理问题?
我有这个选择框,用户可以使用它来选择一个选项,但我坚持如何使用 php 处理它并将值插入 mysql :
<select name="vote[]">
<option value="support">I support this</option>
<option value="against">Im against this</option>
<option value="dont">I want the audience to decide!</option>
$insert=mysql_query("INSERT INTO topic (topic, founder, choice, date) VALUES('".$course."', '".$user_id."', '".$_POST['vote[]']."',NOW())");
i have this select box that users can use to choose an option, but im stuck on how i can process it with php and insert the value in mysql:
<select name="vote[]">
<option value="support">I support this</option>
<option value="against">Im against this</option>
<option value="dont">I want the audience to decide!</option>
$insert=mysql_query("INSERT INTO topic (topic, founder, choice, date) VALUES('".$course."', '".$user_id."', '".$_POST['vote[]']."',NOW())");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
除了 Ben 已经说过的内容之外,您还想删除
name属性中的括号。当您要检索该值时,只需使用
$_POST["vote"]即可。仅当您打算拥有多个同名字段时才使用方括号(即:允许用户即时动态生成字段)。您不需要将它与全面的下拉菜单一起使用。编辑
另外,作为您常驻的 PHP 专家,根据合同,我有义务提醒您始终转义插入 SQL 查询中的任何数据。这意味着每次都大力使用
mysql_real_escape_string()。只有您可以防止森林火灾、VD,天知道还有什么,但只有在转义 SQL 参数时才能做到这一点。In addition to what Ben has already said, you want to drop the brackets from the
nameattribute.When you go to retrieve the value, just use
$_POST["vote"]. The use of square brackets is only if you intend to have multiple fields with the same name (i.e.: allowing the user to dynamically generate fields on the fly). You don't need to use it with dropdowns across the board.EDIT
Also, as your resident PHP guru, I am contractually obligated to remind you to ALWAYS escape ANY data that is inserted into a SQL query. This means vigorously using
mysql_real_escape_string()every time. Only you can prevent forest fires, VD, and god knows what else, but you can only do it if you're escaping your SQL parameters.首先,请务必关闭您的选择标签。 ;)
其次,您可能想要做的是将 select 标记包含在
然后,当用户提交表单时,他们将被重定向到 somepage.php。在 somepage.php 上的 PHP 代码中,您将有一个名为
$_POST的数组变量,其中将有一个名为vote的条目,您可以在其中看到在 select 中选择了哪个元素盒子。然后,您可以使用此信息来更改 somepage.php 的处理方式。在此处<查看有关使用
$_POST与表单的更多信息< /a>.然后,要在数据库中获取该信息,您需要访问
$_POST变量中的信息并制定查询字符串(谨防 SQL 注入!)。然后按预期使用 mysql_query() 发送查询。First, be sure to close your select tag. ;)
</select>Second, what you'll probably want to do is include the select tag inside a
<form>withmethod="post"andaction="somepage.php".Then when the user submits the form, they will be redirected to somepage.php. In your PHP code on somepage.php, you will have an array variable called
$_POSTwhich will have an entry calledvotewhere you can see what element was selected in the select box. You can then use this information to change how somepage.php is processed.Check out more information on using
$_POSTwith forms here.To then get that information in a database, you'll need to access the information in the
$_POSTvariable and formulate your query string (beware of SQL injection!). Then send the query usingmysql_query()as expected.使用 mysql_real_escape_string 在您的数据库输入中,或者我将使用 HTML 编辑器并更改其中一个
您应该阅读SQL 注入,这样您就知道您要做什么在这里对抗。我确信除了有关此事的 PHP 指南之外,还有其他内容需要阅读,但我不知道应该将您链接到哪些具体内容。
Use mysql_real_escape_string on your database inputs, or I'll use a HTML editor and change the value of one of those
<option>s to'); DROP TABLE *; --and hit submit.You ought to read about SQL Injection so you know what you're up against here. I am sure there are other things to read apart from just the PHP guide on the matter, but I don't know of any in particular that I should link you to.