我有一個表單,員工可以輸入他們已經訂購的部分,然後顯示在列表中供所有員工查看。這是我的表格:從名稱列表下拉表單中爲MySQL INSERT提取ID
<form method="post" action="../libraries/addpart.php">
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="job_id">Job #</label>
<input type="text" class="form-control" name="job_id" placeholder="Job #">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="part_needed">Part Needed</label>
<input type="text" class="form-control" name="part_needed" placeholder="Part Needed">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="date_ordered">Date Ordered</label>
<input type="date" class="form-control" name="date_ordered">
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="vendor_id">Ordered From</label>
<select class="form-control" name="vendor_id">
<option></option>
<?php
while ($row = mysqli_fetch_array($vendors)) {
// Print out the contents of the entry
echo '<option>' . $row['vendor_name'] . '</option>';
}
?>
</select>
</div>
<div class="form-group col-lg-4 col-lg-offset-4">
<label for="part_needed">ETA</label>
<input type="date" class="form-control" name="part_eta">
</div>
<button type="submit" class="btn btn-primary col-lg-2 col-lg-offset-5" name="addbutton">Submit</button>
</form>
的形式利用了顯示供應商的名稱,而不是從vendors
表查詢自己的身份證下拉。提交表格時,我需要將記錄插入ordered_parts
表格中,但僅使用供應商ID而不是名稱。這是我(相當混亂)的嘗試:
/*
* Get Vendor ID
*/
$vendorname = $_POST['vendor_id'];
$query = "SELECT * FROM `vendors`
WHERE vendor_name = $vendorname";
//Get results
$vendorid = $mysqli->query($query) or die($mysqli->error . __LINE__);
$job = $_POST['job_id'];
$part = $_POST['part_needed'];
$date = $_POST['date_ordered'];
$vendor = $vendorid['vendor_id'];
$eta = $_POST['part_eta'];
$partorder = "INSERT INTO `ordered_parts`
(job_id, part_needed, date_ordered, vendor_id, part_eta)
VALUES
('$job', '$part', '$date', '$vendor', '$eta')";
$result = mysqli_query($mysqli, $partorder);
if ($result) {
header('Location: ../views/ordered-parts.php');
} else {
echo("<br>Failed to add");
}
}
我得到的錯誤是:
「您的SQL語法錯誤;檢查 相當於你的MySQL服務器手冊版本爲正確的語法使用「
正如你可能會說,我沒有真正的經驗與數據庫之前,此項目。任何想法如何我可以做到這一點?
嘗試用引號括起變量名稱。我在第一個查詢中討論_ $ vendorname_。 – 2015-02-09 21:15:58
與您的問題無關,但在使用查詢之前,您不應該信任用戶輸入並轉義_ $ vendorname_的值。欲瞭解更多信息,請查看__SQL injection__ – 2015-02-09 21:17:04
偉大的建議,謝謝你們! – 2015-02-09 21:27:14