我有两个表单,都以id为主键,我希望在第一个表单中输入的id供下一个表单使用。当前表单不更新id。第一个表单用于患者登记,主键为id,第二个表单用于输入更多的患者详细信息,如诊断和开药,第二个表单应该使用第一个表单中的id,并拒绝输入除第一个表单保存在数据库中的id之外的任何id。代码片段中包括两个表单addpatient.php和addprescription.php
<?php
session_start()
?>
<?php
$id=$_POST['id'];
$name=$_POST['name'];
$age=$_POST['age'];
$gender=$_POST['gender'];
$occupation=$_POST['occupation'];
$mobile=$_POST['mobile'];
$address=$_POST['address'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into patients values('$id','$name','$age','$gender','$occupation','$mobile','$address')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Patient added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>
//end of first form addpatient//
//start of second form addprescription
<?php
session_start()
?>
<?php
$id=$_POST['id'];
$medicine=$_POST['medicine'];
$diagnosis=$_POST['diagnosis'];
$instructions=$_POST['instructions'];
$doc_name=$_POST['doc_name'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into prescription values('$id','$medicine','$diagnosis','$instructions','$doc_name')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Prescription added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>
//this is the html for the addpatient.html//
<html>
<head>
<title>Patient Registration Form</title>
<script type="text/javascript" src="validate.js"></script>
<script>
function validate()
{
if( document.PatientRegistration.id.value == "" )
{
alert( "Please provide valid ID!" );
document.PatientRegistration.id.focus() ;
return false;
}
if ( document.PatientRegistration.name.value == "" )
{
alert( "Please provide your Name!" );
document.PatientRegistration.name.focus() ;
return false;
}
if( document.PatientRegistration.address.value == "" )
{
alert( "Please provide your Postal Address!" );
document.PatientRegistration.address.focus() ;
return false;
}
if ( ( PatientRegistration.sex[0].checked == false ) && ( PatientRegistration.sex[1].checked == false ) )
{
alert ( "Please choose your Gender: Male or Female" );
return false;
}
if( document.PatientRegistration.occupation.value == "" )
{
alert( "Please provide your Occupation!" );
document.PatientRegistration.occupation.focus() ;
return false;
}
if( document.PatientRegistration.age.value == "" )
{
alert( "Please provide your age!" );
document.PatientRegistration.age.focus() ;
return false;
}
}
</script>
</head>
<body>
<form action="addpatient.php" method="post" name="PatientRegistration" onsubmit="return(validate());">
<table cellpadding="2" width="20%" bgcolor="99FFFF" align="center"
cellspacing="2">
<tr>
<td colspan=2>
<center><font size=4><b>Patient Registration Form</b></font></center>
</td>
</tr>
<tr>
<td>ID</td>
<td><input type="text" name="id" id="id" size="30"></td>
</tr>
<tr>
<td>Name</td>
<td><input type="text" name="name" id="name"
size="30" ></td>
</tr>
<tr>
<td>Postal Address</td>
<td><input type="text" name="address" id="address" size="30"></td>
</tr>
<tr>
<td>Sex</td>
<td>
<input type="radio" name="gender" value="male" size="10">Male
<input type="radio" name="gender" value="Female" size="10">Female
</td>
</tr>
<tr>
<td>Occupation</td>
<td><input type="text" name="occupation" id="occupation" size="30"></td>
</tr>
<tr>
<td>Age</td>
<td><input type="text" name="age" id="age" size="30"></td>
</tr>
<tr>
<td>Mobile</td>
<td><input type="text" name="mobile" id="mobile" size="30"></td>
</tr>
<tr>
<td>
<input type="reset">
</td>
<td colspan="2">
<input type="submit" value="Register" />
</td>
</tr>
</table>
</form>
</body>
</html>
//this is the html for the addprescription.html//
<html>
<head>
<title>Patient Registration Form</title>
<script type="text/javascript" src="validate.js"></script>
</head>
<body>
<form action="addprescription.php" method="post" name="PatientPrescription" onsubmit="return(validate());">
<table cellpadding="2" width="20%" bgcolor="99FFFF" align="center"
cellspacing="2">
<tr>
<td colspan=2>
<center><font size=4><b>Patient Prescription Form</b></font></center>
</td>
</tr>
<tr>
<td>ID</td>
<td><input type="text" name="id" id="id" size="30"></td>
</tr>
<tr>
<td>Medicine</td>
<td><input type="text" name="medicine" id="medicine"
size="30"></td>
</tr>
<tr>
<td>Diagnosis</td>
<td><input type="text" name="diagnosis" id="diagnosis" size="30"></td>
</tr>
<tr>
<td>Instructions</td>
<td><input type="text" name="instructions" id="instructions" size="30"></td>
</tr>
<tr>
<td>Doc Name</td>
<td><input type="text" name="doc_name" id="doc_name" size="30"></td>
</tr>
<tr>
<td>
<input type="reset">
</td>
<td colspan="2">
<input type="submit" value="Enter" />
</td>
</tr>
</table>
</form>
</body>
</html>
不知道用户是如何从表单一移动到表单二的(自动重定向或手动导航),也看不到表单元素(它们似乎不包含在代码中)。我建议使用会话。
<?php
session_start()
?>
<?php
$id=$_POST['id'];
$name=$_POST['name'];
$age=$_POST['age'];
$gender=$_POST['gender'];
$occupation=$_POST['occupation'];
$mobile=$_POST['mobile'];
$address=$_POST['address'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into patients values('$id','$name','$age','$gender','$occupation','$mobile','$address')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Patient added !!<br>';
$_SESSION['patientid'] = $id;
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
</body></html>
//end of first form addpatient//
//start of second form addprescription
<?php
session_start()
?>
<?php
$id=$_POST['id'];
$medicine=$_POST['medicine'];
$diagnosis=$_POST['diagnosis'];
$instructions=$_POST['instructions'];
$doc_name=$_POST['doc_name'];
$con=@mysql_connect("localhost","root","") or die(mysql_error());
$db=@mysql_select_db("hms",$con)or die(mysql_error());
$str="insert into prescription values('$id','$medicine','$diagnosis','$instructions','$doc_name')";
$res=@mysql_query($str)or die(mysql_error());
if($res>=0)
{
echo'<br><br><b>Prescription added !!<br>';
}
?>
<html>
<body style="background-image:url(background4.jpg)">
<br>
<a href="home.html"><b>Click here to return to the home page</b></a>
<form>
<input type = "text" name = "id" value = "<?php echo $_SESSION['patientid']; ?>" />
</form>
</body></html>
此外,使用"root"帐户登录mysql是一个很大的安全风险。再加上您正在使用提交的值直接插入数据库,您很容易受到SQL注入攻击(https://www.owasp.org/index.php/SQL_Injection)。
我强烈建议使用权限有限的新用户帐户,并在将值插入查询字符串之前对其进行资格验证。