我有一個可以轉儲到MySQL表中的php表單。我使用php創建了一個從Product表中填充的數組。將MySQL表列數組插入到新的MySQL表中
查詢表以獲取數組的值 - 正常工作。
<?php
function getProducts ($id)
{
$sql =("SELECT * FROM products where products.CAT_ID = $id AND DISABLED ='NO'");
$result = mysql_query($sql);
if ($result > 0)
{
$products = array();
$x=0;
while($row = mysql_fetch_array($result))
{
$products[$x]= $row;
$x += 1;
}
return $products;
}
else return false;
}
function newProd(){
global $products;
}
?>
然後我使用上面的數組在javascript手風琴中創建標籤。在標籤旁邊 - 是選擇框。 (刪除不必要的頁面元素..)下面的HTML/PHP表單顯示上面的數組。
<?php include('includes/query.php');?>
庫存
<body onload="toggleField()">
<div id="container" class="container_16">
<form name="form1" id="form1" action="insert.php" method="post" enctype="multipart/form-data" style="height: inherit">
<div id="Info" class="grid_16">
<fieldset>
<label id="Label1">
<span class="Labels">Store Information</span> <br>
</label>
<div>
<label for="name">
<span class="Labels"> Name :</span> </label>
<input id="name" name="name" type="text">
</div>
</fieldset>
</div>
<hr id="SpacePadding">
<hr class="SpacePadding">
<div class="clear"></div>
<!-- Start of the Accordion Container-->
<!-- Start array, make sure Category Array isn't false -->
<?php if($categoryArray !=false):?>
<!-- create the variables for modulus -->
<!-- Start the foreach loop for the category Array -->
<?php $cataCounter = 0; ?>
<?php $closeSection = false; ?>
<?php foreach($categoryArray as $row):?>
<?php if($cataCounter % 2 == 0): ?>
<div class="push_1 grid_8">
<?php $closeSection = false; ?>
<?php else: ?>
<div class="grid_8">
<?php $closeSection = true; ?>
<?php endif; ?><!-- insert modulus-->
<div class="AccordionTitle"><?php echo $row['CATEGORY_NAME'];?></div>
<div class="AccordionContent">
<table>
<?php foreach(getProducts($row['CAT_ID']) as $row):?>
<tr>
<th class="boldLabels"><?php echo $row['PRODUCT_NAME'];?>
<span class="label"></span></th>
<th><span class="Labels">Count:</span></th>
<td>
<select name="selCount[]" onChange="toggleField(this.value);" class="Listbox">
<option value="Select">Select One</option>
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="Other">Other(Specify)</option>
</select>
<input type="text" name="otherCount[]" class ="Listbox" style="display: none;">
</td>
<td><span class="Labels">Need:</span></td>
<td>
<select name="selNeed[]" onChange="toggleField2(this.value);" class="Listbox">
<option value="Select">Select One</option>
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="Other">Other(Specify)</option>
</select>
<input type="text" name="otherNeed[]" class ="Listbox" style="display: none;">
</td>
</tr>
<?php endforeach;?>
</table>
</div>
</div>
<?php if($closeSection): ?>
<div class="clear"></div>
<?php endif; ?>
<?php $cataCounter += 1; ?>
<?php endforeach;?>
<?php endif;?>
<input name="Submit" type="submit" value="submit">
</div>
</form>
<br>
</div>
<footer>
<div align="center">
<ul>
<li><a href="#">Home</a></li>
<li><a href="#">Daily Inventory Counts</a></li>
<li><a href="#">Contact System Admin</a></li>
</ul>
</div>
</footer>
</body>
交房時,我希望PRODUCT_NAME去一個新的表內與相關的選擇選項。 (我拿出數據庫連接信息了。)
<?php
//Assign array
$SelCount = $_POST['selCount'];
$SelNeed = $_POST['selNeed'];
$otherNeed = $_POST['otherNeed'];
$otherCount = $_POST['otherCount'];
$limit = count($SelCount);
for($i=0;$i<$limit;$i++) {
$SelCount[$i] = mysql_real_escape_string($SelCount[$i]);
$SelNeed[$i] = mysql_real_escape_string($SelNeed[$i]);
$otherNeed[$i] = mysql_real_escape_string($otherNeed[$i]);
$otherCount[$i] = mysql_real_escape_string($otherCount[$i]);
if (($SelCount[$i]) !="Select") {
$sql = ("INSERT INTO inventory (STORE_ID, REQUESTOR, ITEM_COUNT, ITEM_NEED, NEED_COUNT, OTHER_COUNT)
VALUES ('$_POST[store]', '$_POST[name]', '".$SelCount[$i]."', '".$SelNeed[$i]."', '".$otherNeed[$i]."', '".$otherCount[$i]."')");
if(mysql_query($sql ,$db))
echo "$i successfully inserted.<br/>";
else
echo "$i encountered an error. <br/>";
}
}
?>
你有一個SQL注入漏洞!,更改違規行像這樣:'$ sql =(「SELECT * FROM products where products.CA T_ID ='$ id'和DISABLED ='NO'「);'注意額外的單個'''引號。他們至關重要! – Johan 2011-06-06 21:11:20