我在phpmyadmin中有一个称为Assets的表,其中有一个Responsible列。创建资产后,借助$ _SESSION [“ name”],我可以在该列中输入正确的值。
if($_SERVER["REQUEST_METHOD"] == "POST"){
$id = $_POST['id'];
$name=$_POST['Asset_name'];
$classification=$_POST['Classification'];
$tag=$_POST['Tag'];
$department=$_POST['Department'];
$reviewdate=$_POST['Review_date'];
$responsible=$_POST['Responsible'];
$createdby=$_POST['Created_by'];
// Making sure name is typed in and contains only letters
if (empty(trim($name))) {
$nameErr = "Name is required";
} else {
if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
$nameErr = "Only letters and white space allowed";
}
}
// Making sure tag is typed in and contains only letters
if (empty(trim($tag))) {
$tagErr = "Tag is required";
} else {
if (!preg_match("/^[a-zA-Z ]*$/", $tag)) {
$tagErr = "Only letters and white space allowed";
}
}
if (!empty($_POST) && ($nameErr == "") && ($tagErr == "")){
// Updating the table
$result = mysqli_query($conn, "UPDATE assets SET Asset_name='$name',Classification='$classification',Tag='$tag',Department='$department',Review_date='$reviewdate', Responsible='$responsible' WHERE id='$id'");
// Redirecting to assets.php
header("Location: assets.php");
}
但是,这些资产也应进行编辑。我使用以下形式使用此脚本循环访问用户表“名称”列:
mysqli_query($conn, "UPDATE assets SET Responsible='$responsible' WHERE id='$id'");
这是脚本(“ pdo”是数据库规范,但有效”)
$sql = "SELECT id,name FROM users";
// Prepare the select statement.
$stmt = $pdo->prepare($sql);
// Execute the statement.
$stmt->execute();
// Retrieve the rows using fetchAll.
$users = $stmt->fetchAll();
这是我使用的形式:
<?php if($_SESSION['user_type'] == "admin") {
echo "<div class='form-group form-inline'>";
echo "<p class='formLabel'>Responsible</p>";
echo "<select class = 'select' name = 'Responsible' class='form-control' value=".$responsible.">";
foreach($users as $user):
echo "<option value=".$user['name']."> ".$user['name']."</option>";
endforeach;
echo "</select>";
} else { echo "<input type='hidden' name = 'Responsible' value=".$_SESSION['name'].">";
}
?>
当我从此脚本创建的列表中选择值时,它们是正确的值,一切看起来都不错。但是,单击“更新”后,负责人栏中仅显示该人的名字,而不是全名(例如,John而不是John Williams),我也不明白为什么。用户“名称”和资产“负责”列均为长度为255的varchar。我怀疑我的问题与查询有关,但我不知道为什么。你能帮助我吗?谢谢!
答案 0 :(得分:1)
您的问题是您没有引用HTML属性。这使浏览器在第一个空格处破坏了该值。将您的代码更新为:
echo '<option value="' . $user['name']. '"> . $user['name']. '</option>';
这应该可以解决您的问题。您还应该查看XSS和SQL注入。这似乎对两者都很敏感。
How can I prevent SQL injection in PHP?
您的select也不应具有value属性。
每个
<option>元素应具有一个value属性,其中包含选择该选项后要提交给服务器的数据值;如果不包括value属性,则该值默认为元素内包含的文本。您可以在<option>元素上包含selected属性,以使其在页面首次加载时默认为选中状态。
-https://developer.mozilla.org/en-US/docs/Web/HTML/Element/select
所以改变:
echo "<select class = 'select' name = 'Responsible' class='form-control' value=".$responsible.">";
进入:
echo '<select class="select" name="Responsible" class="form-control">
<option value="' . $responsible. '" selected="selected">Unchanged</option>';