![](/img/trans.png)
[英]Codeigniter's form_dropdown to display category name in dropdown list but insert category id
[英]Pull ID for MySQL INSERT from Name List Dropdown Form
我有一个表格,员工可以在其中输入他们订购的零件,然后将这些零件显示在列表中,以供所有员工查看。 这是我的表格:
<form method="post" action="../libraries/addpart.php">
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="job_id">Job #</label>
<input type="text" class="form-control" name="job_id" placeholder="Job #">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="part_needed">Part Needed</label>
<input type="text" class="form-control" name="part_needed" placeholder="Part Needed">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="date_ordered">Date Ordered</label>
<input type="date" class="form-control" name="date_ordered">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="vendor_id">Ordered From</label>
<select class="form-control" name="vendor_id">
<option></option>
<?php
while ($row = mysqli_fetch_array($vendors)) {
// Print out the contents of the entry
echo '<option>' . $row['vendor_name'] . '</option>';
}
?>
</select>
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="part_needed">ETA</label>
<input type="date" class="form-control" name="part_eta">
</div>
<button type="submit" class="btn btn-primary col-lg-2 col-lg-offset-5" name="addbutton">Submit</button>
</form>
该表格利用一个下拉菜单,通过从vendors
表中查询来显示供应商名称而不是其ID。 提交表单后,我需要仅使用供应商ID(而不是名称)将记录插入ordered_parts
表中。 这是我(相当混乱)的尝试:
/*
* Get Vendor ID
*/
$vendorname = $_POST['vendor_id'];
$query = "SELECT * FROM `vendors`
WHERE vendor_name = $vendorname";
//Get results
$vendorid = $mysqli->query($query) or die($mysqli->error . __LINE__);
$job = $_POST['job_id'];
$part = $_POST['part_needed'];
$date = $_POST['date_ordered'];
$vendor = $vendorid['vendor_id'];
$eta = $_POST['part_eta'];
$partorder = "INSERT INTO `ordered_parts`
(job_id, part_needed, date_ordered, vendor_id, part_eta)
VALUES
('$job', '$part', '$date', '$vendor', '$eta')";
$result = mysqli_query($mysqli, $partorder);
if ($result) {
header('Location: ../views/ordered-parts.php');
} else {
echo("<br>Failed to add");
}
}
我得到的错误是:
“您的SQL语法有错误;请查看与您的MySQL服务器版本相对应的手册以使用正确的语法”
您可能会说,在进行此项目之前,我没有数据库方面的实际经验。 关于如何实现此目标的任何想法?
子查询将其在单个语句中删除; 无需先查询vendors
表:
INSERT INTO `ordered_parts`
(job_id, part_needed, date_ordered, part_eta, vendor_id)
VALUES
('$job', '$part', '$date', '$eta', SELECT `vendor_id` FROM `vendors` WHERE `vendor_name` = '$vendor')
也就是说,AD是正确的-以这种方式构建查询使您容易受到SQL Injection的攻击。 您可以利用mysqli
的“参数化”查询来避免这种情况,或者使用字符串转义函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.