需要提交选项 ID 作为表单的一部分,我该怎么做?



我需要将下面表格中的Choice_ID提交到我的数据库中,因为它用于另一个函数。我将如何将其传递给处理用户注册的 PHP 代码?我收到的错误消息是:

Notice: Undefined index: Choice_ID in /Users/philip/sites/feedmefit/Assets/register.php on line 16

Notice: Undefined index: Choice_ID in /Users/philip/sites/feedmefit/Assets/register.php on line 17

网页代码:

<div class="panel-group" id="accordion">
<div class="panel panel-default">
<div class="panel-heading">
<h4 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#collapse1">Personal Details</a></h4>
</div>
<div id="collapse1" class="panel-collapse collapse in">
<div class="panel-body">
<form action="Assets/register.php" method="post">
<label>Forename:</label><br><input type="text" id="f" name="Forename" placeholder="Forename" required><br/>
<label>Surname:</label><br><input type="text" id="s" name="Surname" placeholder="Surname" required><br/>
<label>House Number:</label><br><input type="text" id="h" name="House_No" placeholder="House Number" required><br/>
<label>Street Name:</label><br><input type="text" id="sn" name="Street_Name" placeholder="Street Name" required><br/>
<label>City:</label><br><input type="text" id="c" name="City" placeholder="Town/City" required><br/>
<label>Postcode:</label><br><input type="text" id="p" name="Postcode" placeholder="Postcode" required><br/>
<label>Username:</label><br><input type="text" id="u" name="Username" placeholder="Username" required><br/>
<label>Password:</label><br><input type="text" id="pd" name="Password" placeholder="Password" required><br/>
<label>Email:</label><br><input type="text" id="e" name="Email" placeholder="Email" required><br/>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h4 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#collapse2">Questionnaire</a>
</h4>
</div>
<div id="collapse2" class="panel-collapse collapse">
<div class="panel-body">
<?php
$sql = "SELECT Question_ID, Question FROM Questions;";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0):
while($row = mysqli_fetch_assoc($result)):
$questionid = (int)$row['Question_ID'];
echo '<label>'.$row['Question'].'</label><input type="hidden" value="'.$row['Question_ID'].'">';
$query = "SELECT Choice_ID, Choice FROM Choices WHERE Question_ID = '$questionid';";
$results = mysqli_query($conn, $query);
$resultsCheck = mysqli_num_rows($results);
if($resultsCheck > 0):
$string = '<br><select id="choice">';
while($rows = mysqli_fetch_assoc($results)):
$string .= '<option value="'.$rows['Choice_ID'].'">'.$rows['Choice'].'</option>';
endwhile;
$string .= '</select><br>';
echo $string;
endif;
endwhile;
endif;
?>
<br>
<input type="submit" value="Register"/>
</form>
</div>
</div>
</div>
</div>

以下是处理注册的 PHP:

<?php
session_start();
//Connect to DB
include 'DBConnection.php';
$Forename = mysqli_real_escape_string($conn, $_POST['Forename']);
$Surname = mysqli_real_escape_string($conn, $_POST['Surname']);
$House_No = mysqli_real_escape_string($conn, $_POST['House_No']);
$Street_Name = mysqli_real_escape_string($conn, $_POST['Street_Name']);
$City = mysqli_real_escape_string($conn, $_POST['City']);
$Postcode = mysqli_real_escape_string($conn, $_POST['Postcode']);
$Username = mysqli_real_escape_string($conn, $_POST['Username']);
$Password = mysqli_real_escape_string($conn, $_POST['Password']);
$Email = mysqli_real_escape_string($conn, $_POST['Email']);
$choice = $_POST['Choice_ID'];
print_r($_POST['Choice_ID']);
exit();
$sql = "INSERT INTO Customers (Forename, Surname, House_No, Street_Name, City, Postcode, Username, Password, Email) 
VALUES ('$Forename', '$Surname', '$House_No', '$Street_Name', '$City', '$Postcode', '$Username', '$Password', '$Email')";
$query = "INSERT INTO Results (Result_ID, Cust_ID, Choice_ID) 
VALUES(,,'$choice')";
$result = $conn->query($sql);
$results = $conn->query($query);
header("Location: ../index.php");

你没有给你<select>输入命名。 您必须将<select id="choice">更改为<select id="choice" name="Choice_ID'.$i.'">

现在,您必须更改将以下代码添加到每个问题的$i中。

$sql = "SELECT Question_ID, Question FROM Questions;";

$i=0;
$sql = "SELECT Question_ID, Question FROM Questions;";

endif;
endwhile;
endif;

endif;
$i++;
endwhile;
endif;

现在,在您的注册php上,您必须读取$choice0 = $_POST['Choice_ID0'];$choice1 = $_POST['Choice_ID10'];等,并为每个插入查询。

此外,您的代码对SQL注入攻击也非常开放。mysqli_real_escape_string不能完全保护您,则应使用预准备语句。

相关内容

  • 没有找到相关文章

最新更新