gpt4 book ai didi

php mysql 基于用户输入表单

转载 作者:可可西里 更新时间:2023-11-01 07:33:00 28 4
gpt4 key购买 nike

我在使用复选框选择一个或多个数据字段供 PHP/AJAX 处理和显示时遇到问题。我的 PHP/AJAX 在我的 <select> 上运行良好s 但只要我尝试设置复选框,所有的 hell 打破都会丢失。

我也非常不确定如何进一步防止站点上的 SQL 注入(inject),所以如果有人可以向我提供更多相关信息,我将不胜感激!我阅读了提供给我的链接,只是不明白如何 bid_param或 PDO 正常工作。

ajax脚本:(我似乎无法插入 ajax/js,所以我会留下一个指向实时站点的链接)

Link to Agent search page

我的显示数据的 php 页面:

<div id="bodyA">
<h1>Find a Local OAHU Agent.</h1>
<!-- This is where the data is placed. -->
</div>
<div id="sideB">
<div class="sideHeader">
<em>Advanced Search</em>
</div>
<form class="formC">
<label for="last">Last Name</label><br />
<select id="last" name="Last_Name" onChange="showUser(this.value)">
<?php
include 'datalogin.php';

$result = mysqli_query($con, "SELECT DISTINCT Last_Name FROM `roster` ORDER BY Last_Name ASC;");
echo '<option value="">' . 'Select an Agent' .'</option>';
while ($row = mysqli_fetch_array($result)) {
echo '<option value="'.$row['Last_Name'].'">'.$row['Last_Name'].'</option>';
}
?>
</select>
<label for="company">Company</label><br />
<select id="company" name="users" onChange="showUser(this.value)">
<?php
include 'datalogin.php';

$result = mysqli_query($con, "SELECT DISTINCT Company FROM `roster` ORDER BY Company ASC;");
echo '<option value="">' . 'Select a Company' .'</option>';
while ($row = mysqli_fetch_array($result)) {
if ($row['Company'] == NULL) {
} else {
echo '<option value="'.$row['Company'].'">'.$row['Company'].'</option>';
}
}
?>
</select>
<label for="WorkCity">City</label><br />
<select id="WorkCity" name="WorkCity" onChange="showUser(this.value)" value="city">
<?php
include 'datalogin.php';

$result = mysqli_query($con, "SELECT DISTINCT WorkCity FROM `roster` ORDER BY WorkCity ASC;");
echo '<option value="">' . 'Select a City' .'</option>';
while ($row = mysqli_fetch_array($result)) {
echo '<option value="'.$row['WorkCity'].'">'.$row['WorkCity'].'</option>';
}
?>
</select>
<label for="WorkZipCode">Zip Code</label><br />
<select id="WorkZipCode" name="WorkZipCode" onChange="showUser(this.value)">
<?php
include 'datalogin.php';

$result = mysqli_query($con, "SELECT DISTINCT WorkZipCode FROM `roster` ORDER BY WorkZipCode + 0 ASC;");
echo '<option value="">' . 'Select a Zip Code' .'</option>';
while ($row = mysqli_fetch_array($result)) {
echo '<option value="'.$row['WorkZipCode'].'">'.$row['WorkZipCode'].'</option>';
}
?>
</select>
<label for="agent">Agent Expertise</label><br />
<label for="ancillary"><input type="checkbox" value="Ancillary" name="Ancillary[]" id="ancillary" />Ancillary</label><br />
<label for="smallgroup"><input type="checkbox" value="Smallgroup" name="Smallgroup[]" id="smallgroup" />Small Group</label><br />
<label for="largegroup"><input type="checkbox" value="LargeGroup" name="LargeGroup[]" id="largegroup" />Large Group</label><br />
<label for="medicare"><input type="checkbox" value="Medicare" name="Medicare[]" id="medicare" />Medicare</label><br />
<label for="longterm"><input type="checkbox" value="LongTerm" name="LongTerm[]" id="longterm" />Long Term Care</label><br />
<label for="individual"><input type="checkbox" value="Individual" name="Individual[]" id="individual" />Individual Plan</label><br />
<label for="tpa"><input type="checkbox" value="TPASelfInsured" name="TPASelfInsured[]" id="tpa" />TPA Self Insured</label><br />
<label for="ppaca"><input type="checkbox" value="CertifiedForPPACA" name="CertifiedForPPACA[]" id="ppaca" />Certified for PPACA</label><br />
</form>
</div>

我的 php 页面提取信息并将其放入页面上的容器中:

    $q = (isset($_GET['q'])) ? $_GET['q'] : false; // Returns results from user input

include 'datalogin.php'; // PHP File to login credentials

$sql="SELECT * FROM `roster` WHERE Company = '".$q."' OR Last_Name = '".$q."' OR WorkCity = '".$q."' OR WorkZipCode = '".$q."' ORDER BY Last_Name ASC";

$result = mysqli_query($con,$sql) // Connects to database or die("Error: ".mysqli_error($con));

echo "<h1>" . "Find a Local OAHU Agent." . "</h1>";

while ($row = mysqli_fetch_array($result)) { // Gets results from the database
echo "<div class='agentcon'>" . "<span class='agentn'>" . "<strong>".$row['First_Name'] . "&nbsp;" .$row['Last_Name'] . "</strong>" . "</span>" . "<a href=mailto:".$row['Email'] . ">" . "<span class='email'>".$row['Email'] . "</span>" . "</a>" ."<div class='floathr'></div>";
if ($row['Company'] == NULL) {
echo "<p>";
}
else {
echo "<p>" . "<strong>" .$row['Company'] . "</strong>" . "<br>";
}
echo $row['WorkAddress1'] . "&nbsp;" .$row['WorkCity'] . "," . "&nbsp;" .$row['WorkStateProvince'] . "&nbsp;" .$row['WorkZipCode'] . "<br>";
if ($row['Work_Phone'] !== NULL) {
echo "<strong>" . "Work" . "&nbsp;" . "</strong>" .$row['Work_Phone'] . "<br>";
}
if ($row['Fax'] !== NULL) {
echo "<strong>" . "Fax" . "&nbsp;" . "</strong>" .$row['Fax'] . "<br>";
}
echo "<strong>" . "Agent Expertise:" . "</strong>";
if ($row['Ancillary'] == 1) {
echo "&nbsp;" . "Ancillary" . "/";
}
if ($row['SmallGroup'] == 1) {
echo "&nbsp;" . "Small Group" . "/";
}
if ($row['IndividualPlans'] == 1) {
echo "&nbsp;" . "Individual Plans" . "/";
}
if ($row['LongTermCare'] == 1) {
echo "&nbsp;" . "Long Term Care" . "/";
}
if ($row['Medicare'] == 1) {
echo "&nbsp;" . "Medicare" . "/";
}
if ($row['LargeGroup'] == 1) {
echo "&nbsp;" . "LargeGroup" . "/";
}
if ($row['TPASelfInsured'] == 1) {
echo "&nbsp;" . "TPA Self Insured" . "/";
}
if ($row['CertifiedForPPACA'] == 1) {
echo "&nbsp;" . "Certified For PPACA";
}
echo "</p>" . "</div>";
}
mysqli_close($con);
?>

非常感谢有关此主题的所有帮助!每当我将复选框值添加到我的 php 文件时,它最终都会显示数据库中表单中所有字段的每个人。

我也在尝试防止对此进行 sql 注入(inject),但是如果我没有用户可以输入文本的字段,用户怎么能这样做呢?

编辑 从今天开始,我尝试使用 jQuery 来激活复选框,然后调用一些 AJAX。这是我写的脚本,它正在拉动一个代理,只是不是每个拥有这种“专业知识”的人。

$('input').click(function() {
$.ajax({
url: "process.php",
data: { value: 1},
success: function (data) {
$('#bodyA').html(data);
}
});
});

最佳答案

这是我最近处理的一个简单示例,我需要在其中遍历多个复选框并将这些值传递到 SQL 语句中。尽管此示例发生在单击按钮时,但希望它符合您要完成的任务,或者至少在开始时...:)

<?php
$array = array();
if (isset($_POST['medicare'])) {
foreach ($_POST['medicare'] as $value) {
array_push($array, $value);
}
}
// this will return the value of each selected checkbox, separating each with a comma
$result = implode(",", $array);

// if you want to loop through each individually (for example pass each into a SQL statement)
foreach ($_POST['medicare'] as $value) {
// Do your SQL here
// $value will be the value of each selected checkbox (Smallgroup, Largegroup, etc.)
$sql = "insert into tablename(fieldname) values ('$value')"; // just an example
}
?>

<input type="checkbox" name="medicare[]" id="smallgroup" value="Smallgroup" />
<label for="smallgroup">Small Group</label>
<br />
<input type="checkbox" name="medicare[]" id="largegroup" value="Largegroup" />
<label for="largegroup">Large Group</label>
<br />
<input type="checkbox" name="medicare[]" id="medicare" value="Medicare" />
<label for="medicare">Medicare</label>
<br />
<input type="checkbox" name="medicare[]" id="individualplan" value="IndividualPlan" />
<label for="individualplan">Individual Plan</label>
<br />
<input type="submit" value="Submit" id="btnSubmit" name="btnSubmit" />

更新

与其设置一个变量,不如尝试为每个 select 控件设置一个变量,并将您的 SQL 语句放入 foreach 循环中。我刚刚用一些虚拟数据对此进行了测试,没有遇到任何问题。

<?php
$lastname = (isset($_GET['Last_Name'])) ? $_GET['Last_Name'] : false;
$users = (isset($_GET['users'])) ? $_GET['users'] : false;
$workCity = (isset($_GET['WorkCity'])) ? $_GET['WorkCity'] : false;
$WorkZipCode = (isset($_GET['WorkZipCode'])) ? $_GET['WorkZipCode'] : false;

foreach ($_GET['medicare'] as $value) {
//echo $value;
$sql="SELECT * FROM roster WHERE Company = '$users' OR Last_Name = '$lastname' OR WorkCity = '$workCity' OR WorkZipCode = '$WorkZipCode' OR Ancillary = '$value' ORDER BY Last_Name ASC";
}
...continue as you were...
?>

关于php mysql 基于用户输入表单,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17998002/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com