根据主键将html表单连接到php页面 [英] Connecting html form to php page according to primary key
问题描述
Ok基本上我想做的是在我的网站(第一个网站,所以我当前的php知识是最小的)添加一个组件。我有html页面,用户的输入被记录,并添加到数据库,但是我有麻烦从数据库中获取该特定信息。
我当前的php页面正在拉取信息 questiondetail = code>( detail ='$ detail'),但是如果两个用户输入与他们的问题详细信息相同的信息,但仍然可能,特别是如果同一个人意外地提交了两次问题)。我想做的是根据数据库的question_id(主键)加载页面,这是唯一始终唯一的。
HTML CODE:
< form id =question_outlineaction =process.phpmethod =get>
< p>< textarea name =titleid =title_layouttype =textplaceholder =问题标题>< / textarea& < / p>
< textarea name =detailid =detail_layouttype =textplaceholder =问题详细信息>< / textarea>
< div id =break> < / div>
< input id =submit_formname =submit_questionvalue =提交问题type =submit/>
< / form>
PROCESS.PHP代码:
$ name2 = $ _GET ['name2'];
$ title = $ _GET ['title'];
$ detail = $ _GET ['detail'];
$ query =INSERT INTO questions(title,detail)VALUES('$ title','$ detail');
$ result = mysql_query(SELECT * FROM questions where detail ='$ detail')
或die(mysql_error());
信息正确存储在数据库中,当details = $ detail ,但我要做的是它根据question_id拉出,因为这是唯一的值,将始终是唯一的。非常感谢任何回应!
更新版本
QUESTION_EXAMPLE.PHP代码
<?php
$ server_name =my_servername;
$ db_user_name =my_username;
$ db_password =my_password;
$ database =my_database;
$ submit = $ _GET ['submit'];
$ title = $ _GET ['title'];
$ detail = $ _GET ['detail'];
$ conn = mysql_connect($ server_name,$ db_user_name,$ db_password);
mysql_select_db($ database)或die(无法选择数据库);
$ result = mysql_query(SELECT title,detail FROM questions WHERE id =。
mysql_real_escape_string($ _ GET [id]),$ conn);
$ row = mysql_fetch_assoc($ result);
mysql_close($ conn);
?>
< h1><?php echo htmlspecialchars($ row [title]);?>< / h1>
< p><?php echo htmlspecialchars($ row [detail]);?>< / p>
首先,如果这是生产中使用的代码,请确保在将SQL参数插入到语句之前转义它们。没有人喜欢SQL注入攻击。我建议使用PDO,因为它支持预准备的语句和参数绑定,这是非常安全的。
a form ...
[title]
[详细]
[submit]
并将其插入到您的数据库...
INSERT INTO问题(标题,详情)VALUES(?,?)
您可以使用 mysql_insert_id , http://php.net/manual/en/function.mysql-insert-id.php 。
$ id = mysql_insert_id();
那么你可以得到记录...
SELECT title,details FROM questions WHERE id =?
并在预览页面输出。
form.php :
< form action =process.phpmethod =post>
< label for =question_title>标题< / label>
< input id =question_titlename =title/>
< label for =question_detail>详细信息< / label>
< input id =question_detailname =detail/>
< button type =submit>提交< / button>
< / form>
process.php :
<?php
//创建数据库连接
$ pdo = new PDO :dbname = test);
//准备插入语句和绑定参数
$ stmt = $ pdo-> prepare(INSERT INTO questions(title,detail)VALUES(?,?));
$ stmt-> bindValue(1,$ _POST [title],PDO :: PARAM_STR);
$ stmt-> bindValue(2,$ _POST [detail],PDO :: PARAM_STR);
//执行insert语句
$ stmt-> execute();
//检索id
$ id = $ stmt-> lastInsertId();
//准备一个select语句并绑定id参数
$ stmt = $ pdo-> prepare(SELECT title,detail FROM questions WHERE id =?
$ stmt-> bindValue(1,$ id,PDO :: PARAM_INT);
//执行select语句
$ stmt-> execute();
//以关联数组形式检索记录
$ row = $ stmt-> fetch(PDO :: FETCH_ASSOC);
?>
< h1><?php echo htmlspecialchars($ row [title]);?>< / h1>
< p><?php echo htmlspecialchars($ row [detail]);?>< / p>
没有PDO ...
code> form.php :
< form action =process.php method =post>
< label for =question_title>标题< / label>
< input id =question_titlename =title/>
< label for =question_detail>详细信息< / label>
< input id =question_detailname =detail/>
< button type =submit>提交< / button>
< / form>
process.php :
<?php
//创建数据库连接
$ conn = mysql_connect
//安全执行insert语句
mysql_query(INSERT INTO questions(title,detail)VALUES('。
mysql_real_escape_string($ _ POST [title])。', 。
mysql_real_escape_string($ _ POST [detail])。'),$ conn);
//检索id
$ id = mysql_insert_id($ conn);
//关闭连接
mysql_close($ conn);
header(Location:question_preview.php?id = $ id);
question_preview.php :
<?php
//创建数据库连接
$ conn = mysql_connect
//安全执行一个select语句
$ result = mysql_query(SELECT title,detail FROM questions WHERE id =。
mysql_real_escape_string($ _ GET [id]),$ conn) ;
//以关联数组形式获取记录
$ row = mysql_fetch_assoc($ result);
//关闭连接
mysql_close($ conn);
?>
< h1><?php echo htmlspecialchars($ row [title]);?>< / h1>
< p><?php echo htmlspecialchars($ row [detail]);?>< / p>
Ok so essentially what I'm trying to do is add a q&a component to my website (first website, so my current php knowledge is minimal). I have the html page where the user's input is recorded, and added to the database, but then I'm having trouble pulling that specific info from the database.
My current php page is pulling info where the questiondetail = the question detail (detail='$detail') in the database, but that could potentially present a problem if two users enter the same information as their question details (unlikely, but still possible, especially if the same person accidentally submits the question twice). What I want to do is have the page load according to the database's question_id (primary key) which is the only thing that will always be unique.
HTML CODE:
<form id="question_outline" action="process.php" method="get">
<p><textarea name="title" id="title_layout" type="text" placeholder="Question Title" ></textarea> </p>
<textarea name="detail" id= "detail_layout" type="text" placeholder="Question Details" ></textarea>
<div id="break"> </div>
<input id="submit_form" name="submit_question" value="Submit Question" type="submit" />
</form>
PROCESS.PHP CODE:
$name2 = $_GET['name2'];
$title = $_GET['title'];
$detail = $_GET['detail'];
$query= "INSERT INTO questions (title, detail) VALUES ('$title', '$detail')";
$result = mysql_query("SELECT * FROM questions where detail='$detail' ")
or die(mysql_error());
The info is being stored correctly in the database, and is being pulled out successfully when detail=$detail, but what I'm looking to do is have it pulled out according to the question_id because that is the only value that will always be unique. Any response will be greatly appreciated!
Updated Version
QUESTION_EXAMPLE.PHP CODE
<?php
$server_name = "my_servername";
$db_user_name ="my_username";
$db_password = "my_password";
$database = "my_database";
$submit = $_GET['submit'];
$title = $_GET['title'];
$detail = $_GET['detail'];
$conn = mysql_connect($server_name, $db_user_name, $db_password);
mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT title, detail FROM questions WHERE id =" .
mysql_real_escape_string($_GET["id"]), $conn);
$row = mysql_fetch_assoc($result);
mysql_close($conn);
?>
<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>
Firstly, if that is code to be used in production, please make sure you are escaping your SQL parameters before plugging them in to your statement. Nobody enjoys a SQL injection attack. I would recommend using PDO instead as it supports prepared statements and parameter binding which is much much safer.
Best way to prevent SQL injection in PHP?
So you have a form...
[title]
[details]
[submit]
And that gets inserted into your database...
INSERT INTO questions (title, details) VALUES (?, ?)
You can get the last insert id using mysql_insert_id, http://php.net/manual/en/function.mysql-insert-id.php.
$id = mysql_insert_id();
Then you can get the record...
SELECT title, details FROM questions WHERE id = ?
And output it in a preview page.
I have written an example using PDO instead of the basic mysql functions.
form.php:
<form action="process.php" method="post">
<label for="question_title">Title</label>
<input id="question_title" name="title"/>
<label for="question_detail">Detail</label>
<input id="question_detail" name="detail"/>
<button type="submit">Submit</button>
</form>
process.php:
<?php
// Create a database connection
$pdo = new PDO("mysql:dbname=test");
// Prepare the insert statement and bind parameters
$stmt = $pdo->prepare("INSERT INTO questions (title, detail) VALUES (?, ?)");
$stmt->bindValue(1, $_POST["title"], PDO::PARAM_STR);
$stmt->bindValue(2, $_POST["detail"], PDO::PARAM_STR);
// Execute the insert statement
$stmt->execute();
// Retrieve the id
$id = $stmt->lastInsertId();
// Prepare a select statement and bind the id parameter
$stmt = $pdo->prepare("SELECT title, detail FROM questions WHERE id = ?");
$stmt->bindValue(1, $id, PDO::PARAM_INT);
// Execute the select statement
$stmt->execute();
// Retrieve the record as an associative array
$row = $stmt->fetch(PDO::FETCH_ASSOC);
?>
<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>
Without PDO...
form.php:
<form action="process.php" method="post">
<label for="question_title">Title</label>
<input id="question_title" name="title"/>
<label for="question_detail">Detail</label>
<input id="question_detail" name="detail"/>
<button type="submit">Submit</button>
</form>
process.php:
<?php
// Create a database connection
$conn = mysql_connect();
// Execute the insert statement safely
mysql_query("INSERT INTO questions (title, detail) VALUES ('" .
mysql_real_escape_string($_POST["title"]) . "','" .
mysql_real_escape_string($_POST["detail"]) . "')", $conn);
// Retrieve the id
$id = mysql_insert_id($conn);
// Close the connection
mysql_close($conn);
header("Location: question_preview.php?id=$id");
question_preview.php:
<?php
// Create a database connection
$conn = mysql_connect();
// Execute a select statement safely
$result = mysql_query("SELECT title, detail FROM questions WHERE id = " .
mysql_real_escape_string($_GET["id"]), $conn);
// Retrieve the record as an associative array
$row = mysql_fetch_assoc($result);
// Close the connection
mysql_close($conn);
?>
<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>
这篇关于根据主键将html表单连接到php页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
