php 的表单问题。动态选择的选项和复选框答案

【问题标题】：Form problems with php. dynamically selected options and check boxphp 的表单问题。动态选择的选项和复选框
【发布时间】：2010-11-06 21:12:36
【问题描述】：

我从一个 MySQL 表中提取了一个客户端名称列表作为下拉选择。数据将存储在单独的表中。如果已经有一个客户端分配给第二个表中的字段，我希望该选项被选中。

另外，我的单选按钮将它们的数据输入到错误的字段中，知道为什么会这样吗？

提前感谢您的任何建议。

代码如下：

<?php

if(isset($_GET['id']))
{
   $query  = "SELECT * ".
             "FROM studies ".
             "WHERE id = '".$_GET['id']."'";

   $result = mysql_query($query) or die('Error : ' . mysql_error());
      list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM);



}

if(isset($_POST['update1']))
{
   $id = $_POST['id'];
   $pagetitle = $_POST['pagetitle'];
   $title = $_POST['title'];
   $date = $_POST['date'];
   $copy = $_POST['copy'];
   $outputs = $_POST['outputs'];
   $strategies = $_POST['strategies'];
   $client = $_POST['client'];
   $niche = $_POST['niche'];
   $media = $_POST['media'];
   $thumbmedia = $_POST['thumbmedia'];
   $newfieldtitle = $_POST['newfieldtitle'];
   $newfieldcontent = $_POST['newfieldcontent'];

   if(!get_magic_quotes_gpc())
   {
      $pagetitle = addslashes($pagetitle);
      $title = addslashes($title);
      $date = addslashes($date);
      $copy = addslashes($copy);
      $outputs = addslashes($outputs);
      $strategies = addslashes($strategies);
      $client = addslashes($client);
      $niche = addslashes($niche);
      $media = addslashes($media);
      $thumbmedia = addslashes($thumbmedia);
      $newfieldtitle = addslashes($newfieldtitle);
      $newfieldcontent = addslashes($newfieldcontent);

   }

   // update the article in the database
   $query = "UPDATE studies
            SET pagetitle = '$pagetitle', title = '$title', date = '$date', copy = '$copy', outputs = '$outputs', strategies = '$strategies', client = '$client', niche = '$niche', media = '$media', thumbmedia = '$thumbmedia', newfieldtitle = '$newfieldtitle', newfieldcontent = '$newfieldcontent' ".
        "WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());

   // then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';

   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';

   @unlink($cacheFile);

   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');

   echo "<b>Article '$title' updated</b>";

   // now we will display $title & content
   // so strip out any slashes
      $pagetitle   = stripslashes($pagetitle);
      $title   = stripslashes($title);
      $date   = stripslashes($date);
      $copy = stripslashes($copy);
      $outputs = stripslashes($outputs);
      $strategies = stripslashes($strategies);
      $client = stripslashes($client);
      $niche = stripslashes($niche);
      $media = stripslashes($media);
      $thumbmedia = stripslashes($thumbmedia);
      $newfieldtitle = stripslashes($newfieldtitle);
      $newfieldcontent = stripslashes($newfieldcontent);

}


?>


<div class="container">
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">

<p class="subheadsmall">Browser Title</p>
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea>


<p class="subheadsmall">Story Title</p>
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea>

<p class="subheadsmall">Date</p>
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea>

<p class="subheadsmall">Story</p>
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea>

<p class="subheadsmall">Outputs</p>
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea>

<p class="subheadsmall">Strategies</p>


<p class="subheadsmall">Client</p>
<select type="text" name="client">
    <option value="empty">Select a Client...</option>
 <?php
            $result = mysql_query("SELECT * FROM clients");
                if (!$result) {
                    die("Database query failed: " . mysql_error());
                }


while($row = mysql_fetch_array($result)) {
    $clientlist = $row['name'];
    $clientname = htmlspecialchars($row['name']);


    if(isset($_POST['client'])){ 

    echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
    }
    else{
    echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}


?>
</select>

<?php



echo '<p class="subheadsmall">Core Classification</p>';
echo '<input type="radio" name="niche" value="brand"' . ($niche == "brand" ? " checked=\"checked\"" : "") . ' >Brand</input>';
echo '<input type="radio" name="niche" value="marketing"' . ($niche == "marketing" ? " checked=\"checked\"" : "") . ' >Marketing</input>';
echo '<input type="radio" name="niche" value="communication"' . ($niche == "communication" ? " checked=\"checked\"" : "") . ' >Communication</input>';


?>

<p class="subheadsmall">Add New Strategy</p>
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea>

【问题讨论】：

我只有一件事要说... "?id=';delete from studies where true" 哎呀...
这不是对您问题的回复，而是我快速阅读您的代码后的一些想法。认为它可能会有所帮助。您可能需要考虑使用 array_map() 而不是将相同的函数一一应用于您的 $_POST 变量。（例如：array_map('addslashes', $_POST);）你也是第一个查询使用未经验证的 $_GET 变量（并且没有必要把它放在引号之间）。您可能希望使用 intval() 来确保您的 ID 是整数。此外，在打印变量之前，您可能需要使用 htmlentites()。

标签： php mysql forms select

【解决方案1】：

您的if(isset($_POST['client'])) 条件根本没有引用$row，所以它要么对所有选项都为真，要么对所有选项都为假。我想您想在该声明中将 $_POST['client'] 与 $clientlist 进行比较：
```
if ($_POST['client'] == $clientlist)
```
<input> 元素不包含内容。而不是<input type="radio">Label</input>，它应该只是<input type="radio" /> Label，标签在输入标签之后，而不是在它里面。

【讨论】：

非常感谢您的帮助，很抱歉让您感到痛苦，但是在该语句中我如何将 $_POST['client'] 与 $clientlist 进行比较？感谢的提醒，这太愚蠢了！