1. 首頁
  2. 問答
  3. 獲取選擇的值

獲取選擇的值

2017-03-05 86 views
0

這是我的代碼。我想獲取選定選項的值並在另一個SQL查詢中使用該值。獲取選擇的值

例如: SELECT * FROM section WHERE GradeLevel = '$GradeLevel' AND SectionName = '$GradeSection

<?php 

$servername = "localhost"; 
$username = "root"; 
$password = ""; 
$dbname = "sample"; 

// Create connection 
$conn = new mysqli($servername, $username, $password, $dbname); 
// Check connection 


if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 


$GradeLevel = $_GET['glevel']; 
$StudentID = $_GET['studentID']; 

$BirthCertificate = $_POST['BirthCertificate']; 
$GoodMoral = $_POST['GoodMoral']; 
$ReportCard = $_POST['ReportCard']; 

echo 'Grade Level : '.$GradeLevel.' <br/>'; 
//Section 


$sql = "SELECT * FROM section WHERE GradeLevel='$GradeLevel'"; 
$result = $conn->query($sql); 

if ($result->num_rows > 0) { ?> 

    Section Name: 
    <select name="GradeSection" id="GradeSection" style="width:30%;"> 

    <?php 
    while($row = $result->fetch_assoc()) { 
     $Section = $row["SectionName"]; 

     echo ' 
      <option value="'.$Section.'"> '.$Section.' </option> '; 
    } 

    echo "</select>"; 
} 

$GradeSection = $_POST['GradeSection']; 
?>

來源

2017-03-05 EuniseP

+1

**你是大開[SQL注入(http://php.net/manual/en/security.database.sql-injection.php)**,應該真正**使用方法制得。語句](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)**而不是串聯你的查詢。特別是因爲你沒有逃避用戶輸入! –

+2

那麼,你真正的問題是什麼?您向我們展示了一個示例查詢。你是否嘗試過這樣做?你卡在哪裏? –

+0

什麼是錯誤或問題? – user3526204

回答

0

嘗試這個 把它高於$ GradeSection = $ _POST [ 'GradeSection'];

if ($GradeSection != "" || $GradeSection != NULL) 
{ 
$sql += "AND SectionName = '$GradeSection'"; 
}

來源

2017-03-06 06:49:38 user3604643

相關問題

 相關問題