douduocuima61392 2011-08-30 12:11
浏览 53
已采纳

根据表单输入过滤数据库查询

Hello I can't get my script fully operational.

I have it calculating properly but now need a query for fuel type. 

<?php

include 'mysql_connect.php';

$query = "SELECT * FROM fuel_price WHERE FuelType='Oil'" ;

$result = mysql_query($query);
$price= mysql_fetch_array($result);


if(isset($_POST['submit'])){

 echo "The Price Today is  ";

 echo "£"; echo $_POST['qtylitres'] * $price ['Price'];



 } else {

echo "Please select value";

}

?>

I need to to check fueltype selected on form and calculate total accordingly.

eg $query = "SELECT * FROM fuel_price WHERE FuelType='{$_POST['fueltype'];}'" ;

Please help anyone under pressure.

Thanks

  • 写回答

2条回答 默认 最新

  • douji4948 2011-08-30 12:19
    关注
    include 'mysql_connect.php';

if(isset($_POST['submit'])){
    if($_POST['inputEmail'] == ''){
        echo 'Please enter an email address';
    } else{
        // show price
        $fuelPriceQuery = sprintf("SELECT `Price` FROM fuel_price WHERE FuelType = '%s' LIMIT 1",
                    mysql_real_escape_string($_POST['fueltype']));

        $fuelPriceResult = mysql_query($fuelPriceQuery);
        $price           = mysql_fetch_array($fuelPriceResult, MYSQLI_ASSOC);
        echo 'The Price Today is £'.($_POST['qtylitres'] * $price['Price']);

        // insert email
        $addEmailQuery  = sprintf("INSERT INTO `subscribe`(`Email`) VALUES('%s')",
                            mysql_real_escape_string($_POST['inputEmail']));
        $addEmailResult = mysql_query($addEmailQuery);
        if($addEmailResult){
            echo 'You have successfully subscribed';
        } else{
            echo 'Sorry, we could not subscribe you at this time. Please try again.';
        }
    }
} else {
    echo "Please select value";
}

    A couple of things to note:

    1. Always make sure to escape the user input by using mysql_real_escape_string, if you are not using prepared statements such as PDO, MySQLi, etc...

    2. I added the LIMIT clause to the query so mysql_fetch_array will work, because if it returns more than one row, then you would have to handle it in a loop.

    3. It is not necessary to use multiple echos, in fact it is better if you use as few as possible.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。