<form method="post" action="insert.php" >
<p>Name:<input type="text" name="food_name" id="food_name"/>
<p>Price:<input type="text" name="food_price" id="food_price"/>
<?php
$query = "SELECT * FROM category";
// Execute it, or return the error message if there's a problem.
$result = mysql_query($query) or die(mysql_error());
//$options = "";
$dropdown = "<select name='cat_name'>";
while($row = mysql_fetch_assoc($result))
{
$dropdown .= "\r\n<option value='{$row['cat_id']}'>{$row['cat_name']}</option>";
}
$dropdown .= "\r\n</select>";
echo $dropdown;
?>
<input type="submit" value="Insert Price" />
<a href="show.php">Cancel
</form>
//這是形式插入在PHP的MySQL,從下拉菜單中取出數據和文本框數據不是在我的表where子句
X ============= ========= X
if(isset($_POST['cat_name'])!= '')
{
$cat_id=$_POST['cat_name'];
$food_name=$_POST['food_name'];
$foodPrice=$_POST['food_price'];
$query="INSERT INTO food (food_name,food_price) values($food_name,$foodPrice) where
cat_id= $cat_id";
if(mysql_query($query))
{
echo "new item added";
}
else
{
die(mysql_error());}
}
?>
這是錯誤 「您的SQL語法錯誤;檢查對應於你的MySQL服務器版本使用附近的「正確的語法手冊其中cat_id = 4'在第1行「
它應該通過選擇類別插入食物名稱和價格
我聞到SQL注入where子句。 – ThiefMaster 2012-07-19 11:46:33