我的代碼是這樣的如何獲得在MySQL又將值到一個變量
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
require("db.php");
$datetoday = date("Y-m-d");
if (isset($_POST['submit']))
{
include 'db.php';
$loginid =$_REQUEST['loginid'];
$result = mysql_query("SELECT * FROM info WHERE id = '$loginid'");
$test = mysql_fetch_array($result);
$testid=$test['id'];
$fnameloginsuccess1=$test['firstname'];
$mnameloginsuccess1=$test['middlename'];
$lnameloginsuccess1=$test['lastname'];
$departmentloginsuccess1=$test['department'];
echo'<input type="text" name="fname" value="<?php echo $fnameloginsuccess1 ?>"/></td>';
if (!$loginid)
{header("location:../index.php"); }
$natureofleave =$_POST['group1'];
$datestart=$_POST['startofleave'];
$dateend=$_POST['endofleave'];
$reason=$_POST['reason'];
$status= 'pending';
$fname = $_GET[$fnameloginsuccess1];
$mname = $test['middlename'];
$lname = $test['lastname'];
$dept = $test['department'];
mysql_query("INSERT INTO `request`(id,natureofleave,dateofleavestart,dateofleaveend,reasons,datesubmitted,department,status,firstname,middlename,lastname)
VALUES('$log','$natureofleave','$datestart','$dateend','$reason','$datetoday','$dept','$status','$fname','$mname','$lname')");
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<table width="532" height="237" border="1">
<tr>
<td width="176"><input type="button" value="Notification" name="notification" />
<br /><p>logged in as <label>'user'</label><input type ="button" value="Sign Out" name="buttonout" /> </p></td>
</tr>
<tr>
<td width="161"><p><a href="index.php?loginid=<?php echo $loginid; ?>">Home Page</a></p>
<p><a href="requestleave.php?loginid=<?php echo $loginid ?>">Request for a Leave</a></p>
<p><a href="leavehistory.php?loginid=<?php echo $loginid ?>">Leave History</a></p>
<p><a href="leavestatus.php?loginid=<?php echo $loginid ?>">Leave Status</a></p>
<p><a href="viewprofile.php?loginid=<?php echo $loginid ?>">View Profile</a></p>
<p><a href="editemployee.php?loginid=<?php echo $loginid ?>">Update/Search Personnel Info</a></p>
<p><a href="addemployee.php?loginid=<?php echo $loginid ?>">Add Personnel</a></p>
<p><a href="postannouncement.php?loginid=<?php echo $loginid ?>">Post Announcements</a></p>
<p><a href="reports.php?loginid=<?php echo $loginid ?>">Reports</a></p>
<p> </p>
<p> </p></td>
<td colspan="2"><p>Application for Leave</p>
<p><form action='requestleave.php' method='post'>Name:
<?php echo $fnameloginsuccess1,' ',$mnameloginsuccess1,' ', $lnameloginsuccess1; ?>
<label name="name1"></label>
</p>
<p>Department:<?php echo $departmentloginsuccess1; ?>
<label name="department1"> </label>
</p>
<p>Date<?php echo $datetoday; ?></p>
我不能插入名字,中間名,姓氏,部門和ID。在MYSQL_QUERY但我可以「回聲「他們。我已經嘗試在MSQL_QUERY中放置$ departmentloginsuccess1等,但它不起作用。我已經打電話給分貝。
我想插入到我的數據庫。怎麼樣? helpp!
旁註:請使用prepaird語句進行這樣的查詢,或者您只是要求進行mysql注入。使用POD或mysqli ... – Dominik