我有两个表单，都以id作为主键，我希望在第一个表单中输入的id在下一个表单中更新

我有两个表单，都以id为主键，我希望在第一个表单中输入的id供下一个表单使用。当前表单不更新id。第一个表单用于患者登记，主键为id，第二个表单用于输入更多的患者详细信息，如诊断和开药，第二个表单应该使用第一个表单中的id，并拒绝输入除第一个表单保存在数据库中的id之外的任何id。代码片段中包括两个表单addpatient.php和addprescription.php

<?php
session_start()
?>
<?php
$id=$_POST['id'];
$name=$_POST['name'];
$age=$_POST['age'];
$gender=$_POST['gender'];
$occupation=$_POST['occupation'];
$mobile=$_POST['mobile'];
$address=$_POST['address'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into patients values('$id','$name','$age','$gender','$occupation','$mobile','$address')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Patient added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>

//end of first form addpatient//
//start of second form addprescription

<?php
session_start()
?>
<?php
$id=$_POST['id'];
$medicine=$_POST['medicine'];
$diagnosis=$_POST['diagnosis'];
$instructions=$_POST['instructions'];
$doc_name=$_POST['doc_name'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into prescription values('$id','$medicine','$diagnosis','$instructions','$doc_name')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Prescription added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>

//this is the html for the addpatient.html//
<html>
    <head>
        <title>Patient Registration Form</title>
        <script type="text/javascript" src="validate.js"></script>
        <script>
        function validate()
    { 
       if( document.PatientRegistration.id.value == "" )
       {
         alert( "Please provide valid ID!" );
         document.PatientRegistration.id.focus() ;
         return false;
       }
       if ( document.PatientRegistration.name.value == "" ) 
       {
         alert( "Please provide your  Name!" );
         document.PatientRegistration.name.focus() ;
         return false;
       }
       if( document.PatientRegistration.address.value == "" )
       {
         alert( "Please provide your Postal Address!" );
         document.PatientRegistration.address.focus() ;
         return false;
       }
       if ( ( PatientRegistration.sex[0].checked == false ) && ( PatientRegistration.sex[1].checked == false ) )
       {
       alert ( "Please choose your Gender: Male or Female" );
       return false;
       }   
       if( document.PatientRegistration.occupation.value == "" )
       {
         alert( "Please provide your  Occupation!" );
         document.PatientRegistration.occupation.focus() ;
         return false;
       }
     if( document.PatientRegistration.age.value == "" )
       {
         alert( "Please provide your age!" );
         document.PatientRegistration.age.focus() ;
         return false;
       }
    }
        </script>
    </head>
    <body>
    <form action="addpatient.php" method="post" name="PatientRegistration" onsubmit="return(validate());">
        <table cellpadding="2" width="20%" bgcolor="99FFFF" align="center"
        cellspacing="2">
            <tr>
                <td colspan=2>
                <center><font size=4><b>Patient Registration Form</b></font></center>
                </td>
            </tr>
            <tr>
                <td>ID</td>
                <td><input type="text" name="id" id="id" size="30"></td>
            </tr>
            <tr>
                <td>Name</td>
                <td><input type="text" name="name" id="name"
                size="30" ></td>
            </tr>
            <tr>
                <td>Postal Address</td>
                <td><input type="text" name="address" id="address" size="30"></td>
            </tr>
            <tr>
                <td>Sex</td>
                <td>
                    <input type="radio" name="gender" value="male" size="10">Male
                    <input type="radio" name="gender" value="Female" size="10">Female
                </td>
            </tr>
    <tr>
                <td>Occupation</td>
                <td><input type="text" name="occupation" id="occupation" size="30"></td>
            </tr>
            <tr>
                <td>Age</td>
                <td><input type="text" name="age" id="age" size="30"></td>
            </tr>
            <tr>
                <td>Mobile</td>
                <td><input type="text" name="mobile" id="mobile" size="30"></td>
            </tr>
            <tr>
                <td>
                    <input type="reset">
                </td>
                <td colspan="2">
                    <input type="submit" value="Register" />
                </td>
            </tr>
        </table>
    </form>
    </body>
    </html>
//this is the html for the addprescription.html//
<html>
<head>
	<title>Patient Registration Form</title>
	<script type="text/javascript" src="validate.js"></script>
</head>
<body>
<form action="addprescription.php" method="post" name="PatientPrescription" onsubmit="return(validate());">
	<table cellpadding="2" width="20%" bgcolor="99FFFF" align="center"
	cellspacing="2">
	
		<tr>
			<td colspan=2>
			<center><font size=4><b>Patient Prescription Form</b></font></center>
			</td>
		</tr>
		<tr>
			<td>ID</td>
			<td><input type="text" name="id" id="id" size="30"></td>
		</tr>
		<tr>
			<td>Medicine</td>
			<td><input type="text" name="medicine" id="medicine"
			size="30"></td>
		</tr>
	
		<tr>
			<td>Diagnosis</td>
			<td><input type="text" name="diagnosis" id="diagnosis" size="30"></td>
		</tr>
	<tr>
			<td>Instructions</td>
			<td><input type="text" name="instructions" id="instructions" size="30"></td>
		</tr>
	<tr>
			<td>Doc Name</td>
			<td><input type="text" name="doc_name" id="doc_name" size="30"></td>
		</tr>
		
		
		<tr>
			<td>
				<input type="reset">
			</td>
			<td colspan="2">
				<input type="submit" value="Enter" />
			</td>
		</tr>
		
	</table>
	
</form>
</body>
</html>

不知道用户是如何从表单一移动到表单二的（自动重定向或手动导航），也看不到表单元素（它们似乎不包含在代码中）。我建议使用会话。

<?php
session_start()
?>
<?php
$id=$_POST['id'];
$name=$_POST['name'];
$age=$_POST['age'];
$gender=$_POST['gender'];
$occupation=$_POST['occupation'];
$mobile=$_POST['mobile'];
$address=$_POST['address'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into patients values('$id','$name','$age','$gender','$occupation','$mobile','$address')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
    echo'<br><br><b>Patient added !!<br>';
    $_SESSION['patientid'] = $id;
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>


//end of first form addpatient//
//start of second form addprescription


<?php
session_start()
?>
<?php
$id=$_POST['id'];
$medicine=$_POST['medicine'];
$diagnosis=$_POST['diagnosis'];
$instructions=$_POST['instructions'];
$doc_name=$_POST['doc_name'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into prescription values('$id','$medicine','$diagnosis','$instructions','$doc_name')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Prescription added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
<form>
    <input type = "text" name = "id" value = "<?php echo $_SESSION['patientid']; ?>" />
</form>
</body></html>

此外，使用"root"帐户登录mysql是一个很大的安全风险。再加上您正在使用提交的值直接插入数据库，您很容易受到SQL注入攻击(https://www.owasp.org/index.php/SQL_Injection)。

我强烈建议使用权限有限的新用户帐户，并在将值插入查询字符串之前对其进行资格验证。

相关内容

最新更新

热门标签：