dphnn333971 2017-01-03 05:06
浏览 7
已采纳

PHP不读取MySQL更新的<select>名称

I'm working on a fantasy football database just for fun and I have made some progress with a PHP page but am stuck with an issue in getting data from my html data to be read by my php update script (update.php)

Here's my code for the form: 

  $servername = "localhost";
  $username = "root";
  $password = "nottelling";
  $dbname = "Football";

  // Create connection

  $conn = new mysqli($servername, $username, $password, $dbname);

  // Check connection

  if ($conn->connect_error){
    die("Connection failed: " . $conn->connect_error);
  } 

  $sqlqb = "SELECT Name_Team_Position FROM Football.2016_Players_QB;";
  $resultqb = $conn->query($sqlqb);
  echo " <form method=\"post\" action=\"update.php\"> <br> Enter Passcode:";
  echo " <input name = \"Passcode\" type = \"text\"> </input> <br><br> ";
  echo " Pick your QB: <select name='QB'> </option> "; // list box select command
  foreach ($conn->query($sqlqb) as $row){         
    // Array or records stored in $row
    echo " <option value=$row[id]>$row[Name_Team_Position]</option> "; 
    /* Option values are added by looping through the array */ 
  }  
  echo " </select> ";// Closing of list box
  echo " <br><br> <input type=\"submit\" value=\"Submit\"> </input> ";
  echo " </form> ";
  $conn->close();
 ?>

And here's update.php 

  $servername = "localhost";
  $username = "root";
  $password = "nottelling";
  $dbname = "Football";

  // Create connection

  $conn = new mysqli($servername, $username, $password, $dbname);

  // Check connection

  if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
  } 

  $value1 = $_POST['Passcode'];
  $value2 = $_POST['QB'];

  $sql = "UPDATE Football.PlayerTeams SET QB = '$value2' WHERE Password = '$value1';";

   if ($conn->query($sql) === TRUE) {
     echo "New record created successfully";
   } else {
     echo "Error: " . $sql . "<br>" . $conn->error;
   }

  $conn->close();

?>

My problem as concisely as I can put it:

This script is definitely connecting properly to the DB and executing the update query successfully. The problem is that $value1 is not receiving any value from the html form. If I insert the string "test" into the row corresponding with the passcode, and then I use the form this code producing, it runs successfully but then when I check the db "test" is gone and instead its just blank - "". Can someone help me figure out what I'm doing wrong in trying to get the drop-down value to my action script?

  • 写回答

4条回答 默认 最新

  • dpmfur2635 2017-01-03 05:23
    关注

    This is wrong:

    echo " Pick your QB: <select name='QB'> </option> ";

    The </option> are wrong placed

    Replace: echo " Pick your QB: <select name='QB'>";

    Replace: echo " <br><br> <input type=\"submit\" value=\"Submit\">";

    The $row['id'] is the value that you become in your QB if your POST.

    echo " <option value='TheValueYouNeededHere'>Display Name</option> ";

    And for POST use filter_input — Gets a specific external variable by name and optionally filters it:

    filter_input(INPUT_POST, QB, filter);

    The filters you find here: http://php.net/manual/de/filter.filters.php

    Copy from User:

    $sql = "UPDATE Football.PlayerTeams SET QB = '".$value2."' WHERE Password = '".$value1."'";

    Is more beautiful for the eyes, you must not use ".$Value." In php works without i mean, correct me when i'm wrong

    Security:

    Your MySQL query can easy injected. And your passwort is Visible. It gives multiple choices to avoid this.

    MySQL injecton: You can replace some char's. (Char are single character) The most dangerous things you can replace with other characters. Filter Input have nice filters like htmlspecialchars. I Think you find much things if you search little :)

    Password: First make <input type='password'>. Then Hash your password or pick MD5 or something to make it "unreadeble". You can set it on MySQL. With PHP u build the "secure" value. MD5 is not the best option. Its only easy to implement for beginning.

    Hope this helps :)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c