0
這是我的代碼。我想獲取選定選項的值並在另一個SQL查詢中使用該值。獲取選擇的值
例如: SELECT * FROM section WHERE GradeLevel = '$GradeLevel' AND SectionName = '$GradeSection
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "sample";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$GradeLevel = $_GET['glevel'];
$StudentID = $_GET['studentID'];
$BirthCertificate = $_POST['BirthCertificate'];
$GoodMoral = $_POST['GoodMoral'];
$ReportCard = $_POST['ReportCard'];
echo 'Grade Level : '.$GradeLevel.' <br/>';
//Section
$sql = "SELECT * FROM section WHERE GradeLevel='$GradeLevel'";
$result = $conn->query($sql);
if ($result->num_rows > 0) { ?>
Section Name:
<select name="GradeSection" id="GradeSection" style="width:30%;">
<?php
while($row = $result->fetch_assoc()) {
$Section = $row["SectionName"];
echo '
<option value="'.$Section.'"> '.$Section.' </option> ';
}
echo "</select>";
}
$GradeSection = $_POST['GradeSection'];
?>
**你是大開[SQL注入(http://php.net/manual/en/security.database.sql-injection.php)**,應該真正**使用方法制得。語句](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)**而不是串聯你的查詢。特別是因爲你沒有逃避用戶輸入! –
那麼,你真正的問題是什麼?您向我們展示了一個示例查詢。你是否嘗試過這樣做?你卡在哪裏? –
什麼是錯誤或問題? – user3526204