从复选框获取值

时间:2019-09-10 07:00:07

标签: php html mysql

我正在尝试使用复选框更新表格。流程是这样的,在每一行中都有一个复选框,如果我选中其中一个复选框,然后单击“提交”按钮,则选中的行将使用特定值更新一列。

这就是我所做的。

<tbody>

  <?php
  while ($fetch = mysqli_fetch_array($query,MYSQLI_BOTH)) {
   ?>
  <tr>

    <td><input type="checkbox" name="approveArr[]" value=" <?php $prsid = $fetch['prsid']; ?>"></td>
    <?php echo "<td>". $prsno = $fetch['prsno'] ."</td>" ;?>
    <?php echo "<td>". $qty = $fetch['qty'] ."</td>" ;?>
    <?php echo "<td>". $productcode = $fetch['productcode'] ."</td>" ;?>
    <?php echo "<td>". $productdescription = $fetch['productdescription'] ."</td>" ;?>
    <?php echo "<td>". $vendors = $fetch['vendors'] ."</td>" ;?>
    <?php echo "<td>". $prsdate = $fetch['prsdate'] ."</td>" ;?>
    <?php echo "<td>". $status = $fetch['status'] ."</td>"; ?>
  </tr>

<?php } ?>

<?php
  if(isset($_POST['submits'])){
    print_r($_POST);
    $update = "UPDATE prs set status='Approved' where id='$prsid'";
    $query = mysqli_query($conn,$update);
  }

?>
</tbody>

1 个答案:

答案 0 :(得分:0)

我使用以下代码进行了假设,即我添加了表单和表格元素来完成图片-但是在您的原始代码中,您使数据库容易受到sql注入的攻击,我尝试在此处进行纠正。

<form method='post'>
    <table>
        <tbody>

        <?php

            while ( $fetch = mysqli_fetch_array( $query,MYSQLI_BOTH ) ) {
                /* assign row values to variables... */
                $prsid = $fetch['prsid'];
                $prsno = $fetch['prsno'];
                $qty = $fetch['qty'];
                $productcode = $fetch['productcode'];
                $productdescription = $fetch['productdescription'];
                $vendors = $fetch['vendors'];
                $prsdate = $fetch['prsdate'];
                $status = $fetch['status'];

                /* use placeholders to represetn each variable in the output html and assign relevant value for printing */
                printf('
                    <tr>
                        <td><input type="checkbox" name="approveArr[]" value="%s>"></td>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                        <td>%s</td>
                    </tr>',
                    /* the variables */
                    $prsid,
                    $prsno,
                    $qty,
                    $productcode,
                    $productdescription,
                    $vendors,
                    $prsdate,
                    $status
                );
            }

        ?>
        </tbody>
    </table>
    <input name='submits' type='submit' />
</form>


<?php
    if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submits'] ) ){

        $approveArr=$_POST['approveArr'];

        $sql='update prs set status='approved' where id=?';
        $stmt=$conn->prepare($sql);

        $stmt->bind_param( 'i', $status );
        foreach( $approveArr as $status ) $stmt->execute();
    }
?>
相关问题
最新问题