1. 首頁
  2. 問答
  3. 處理多個選擇選項中的數據(使用$ _POST)

處理多個選擇選項中的數據(使用$ _POST)

2017-08-03 64 views
-1

我有來自數據庫的多選字段。例如我在頁面中選擇申請(storeform.php):

<select name="store[]" multiple="multiple"> 
<option value=1>Outlet 1</option> 
<option value=2>Outlet 2</option> 
<option value=3>Outlet 3</option> 
<option>.......</option> 
</select>

我想從上面的選擇字段值使用PHP崗位數據庫,並把值放入Query.This是我寫的其他頁面調用(storetable.php):

<?php 
$storenum=$_POST['store']; 
foreach($storenum as $snumber) 
{ 
    //this part i need to get the values and put the values into Query. 
    //for example the $storenum hold values $1 and $2, so $1,$2 i need to put in Query. 
} 

$query="SELECT sum(a.netamt) as netamt, b.store_name, 
    c.monusage,c.monusage/sum(a.netamt)*1000 as duh 
    FROM site_sales a JOIN site_store b ON b.storenum = a.storenum 
    JOIN site_salmonusage c ON b.storenum = c.storenum 
    WHERE c.month = '$date211' AND (a.storenum='$1' OR a.storenum='$2') AND a.busidate >= '$date1' AND a.busidate <='$date2' 
    GROUP BY a.storenum order by duh" 

/* code continue */

來源

2017-08-03 Azim Azman

+0

你到目前爲止嘗試過什麼? – arielnmz

+0

我只是使用['IN'條件](https://www.techonthenet.com/sql/in.php),例如'a.storenum IN(?)'並將該參數綁定到'implode(' ,',$ _POST ['store'])''。您應該確保所有'$ _POST ['store']'值都是數字,我想是 – Phil

+0

您使用MySQLi或PDO與數據庫進行交互嗎? – Phil

回答

0

嘗試一下這樣的事情。

<?php 
$storenum=implode(",",$_POST['store']); 


$query="SELECT sum(a.netamt) as netamt, b.store_name, 
    c.monusage,c.monusage/sum(a.netamt)*1000 as duh 
    FROM site_sales a JOIN site_store b ON b.storenum = a.storenum 
    JOIN site_salmonusage c ON b.storenum = c.storenum 
    WHERE c.month = '$date211' AND a.storenum IN ($storenum) AND a.busidate >= '$date1' AND a.busidate <='$date2' 
    GROUP BY a.storenum order by duh"

來源

2017-08-03 02:34:22

+0

無法容忍對SQL注入開放的答案 – Phil

+0

感謝Zaid回答我的問題。你的代碼工作。但如何防止此代碼打開到SQL注入? –

+0

@AzimAzman請查看以瞭解SI https://www.w3schools.com/sql/sql_injection.asp –

相關問題

 相關問題