登录表单,选择名称选项值
[英]Sign in form, select name option value
问题描述
I have three tables currently setup.
我目前设置了三个表。 I want when somebody signs in, they choose 1 of the options in the select dropdown and it goes into that separate database.我希望当有人登录时,他们在选择下拉列表中选择 1 个选项,然后进入该单独的数据库。
Eg Favourite color例如最喜欢的颜色
<select name="color">
<option value="Red">Red</option>
<option value="Blue">Blue</option>
<option value="White">White</option>
</select>
All reds picked, go into the red database, all blue into the blue database etc etc.所有红色被选中,进入红色数据库,所有蓝色进入蓝色数据库等等。
Thanks谢谢
1 个解决方案
解决方案1
0 2018-02-05 16:25:26
What you are trying to do is separate your data by a specific value.您要做的是按特定值分隔数据。 This is a pretty normal thing to do, but you are trying to go about it all wrong.这是很正常的事情,但你试图做的一切都是错误的。 There is nearly never a good reason to have a variable table name - instead, you should use columns to separate this data.拥有可变表名几乎从来都不是一个很好的理由——相反,您应该使用列来分隔这些数据。
The proper solution:正确的解决方法:
A better way to handle the situation is to create a single table (EG colors , with a column of color which you can assign the variable that was selected.处理这种情况的更好方法是创建一个表(EG colors ,带有一列color ,您可以将其分配给选定的变量。
EG:例如:
$query = "INSERT INTO colors (color) VALUES (?)";
Where the question mark is the variable in question (In a prepared statement).其中问号是所讨论的变量(在准备好的声明中)。
This way all of your variables are in a single table but still separated by the color the user chose and can be sorted as such.这样,您的所有变量都在一个表中,但仍由用户选择的颜色分隔,并且可以按此方式排序。
To answer your question:回答你的问题:
If you wish to ignore my multiple warnings above that you are going about this the wrong way (You are your own person after all and can make decisions for yourself), here is how you can do this the way you are asking (But again, I really really really really do NOT recommend this method).如果您想忽略我上面的多次警告,即您正在以错误的方式进行此操作(毕竟您是自己的人,可以为自己做出决定),那么您可以按照您的要求进行操作(但再次,我真的真的真的真的不推荐这种方法)。
If you do this, you should check to make sure that the option that was selected matches a list of possible selections:如果您这样做,您应该检查以确保所选的选项与可能的选择列表匹配:
$possible = ["Red", "Blue", "White"];
if(in_array($_POST['color'], $possible)) {
$query = "INSERT INTO {$_POST['color']} ...";
}
Doing it this way will prevent SQL Injection via the variable that is being concatenated into the string.这样做将防止通过连接到字符串中的变量进行 SQL 注入。
If you just insert the users variable without checking it first, the user can change the actual value of the drop-down on the client side, which could easily put your application at risk.如果直接插入 users 变量而不先检查它,用户可以在客户端更改下拉列表的实际值,这很容易使您的应用程序处于危险之中。
NOTE : I do not recommend doing it this way - it's harder to upkeep and it isn't the proper way to do such a thing.注意:我不建议这样做 - 它更难维护,而且这不是做这种事情的正确方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.