從按鈕點擊將數據從MySQL數據庫加載到HTML文本框

Question

我有一個用於更新現有記錄的小表單。

我使用PHP加載服務ID s到下拉框。當用戶點擊按鈕時，應該在下面的文本框中顯示與該ID相關的其他詳細信息。 這是我到目前爲止的代碼。

<html> 
<head> 
</head> 
<body> 

<?php 
//Database initialization 
require_once("db_handler.php"); 

$conn = iniCon(); 
$db = selectDB($conn); 

$query = "SELECT * FROM taxi_services ORDER BY SID"; 
$result2 = mysql_query($query, $conn); 

?> 

<div id="upserv"> 
<b id="caption2">Update location</b> 
<br/><br/> 
    <form name="upServForm" action="<?php echo $PHP_SELF; ?>" method="post" > 
     <?php 
     $dropdown = "<select name='codes'>"; 
     while($row = mysql_fetch_assoc($result2)) 
     { 
      $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>"; 
     } 
     $dropdown .= "\r\n</select>"; 
    ?> 
    Service ID <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn"> 
     <table width="300" border="0"> 
      <tr> 
      <td>Name</td> 
      <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Cost</td> 
      <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Active</td> 
      <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td> 
      </tr> 
     </table> 
</div> 
<br/> 
<div id="buttons"> 
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" /> 
</div> 
    </form> 

<?php 

if(isset($_POST["loadbtn"])) 
{ 
    $id = $_POST["codes"]; 

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' "; 
    $result = mysql_query($query, $conn); 
    $details = mysql_fetch_array($result); 

    $savedName = $details["Name"]; 
    $savedCost = $details["Cost"]; 
    $savedActive = $details["Active"]; 
} 

?> 

</body> 
</html> 

該查詢執行得很好，但數據沒有顯示在文本框中。任何人都可以告訴我我在這裏失蹤了什麼？

謝謝。

Answer 1

您的查詢必須是在輸出之前：

還要注意的id類型轉換(integer)來抵禦SQL注入。

還要注意的安全問題$PHP_SELFhttp://php.about.com/od/learnphp/qt/_SERVER_PHP.htm 我改變了代碼$_SERVER['SCRIPT_NAME']

還要注意不要使用register_globals並在配置禁用它，如果你可以（使用$_SERVER['SCRIPT_NAME'] instead of $ SCRIPT_NAME`）：http://www.php.net/manual/en/security.globals.php

如果你從一本書學習了PHP，並且這是基於本書的源代碼，那麼你應該馬上扔掉它。

<?php 

//Database initialization 
require_once("db_handler.php"); 

$conn = iniCon(); 
$db = selectDB($conn); 

$query = "SELECT * FROM taxi_services ORDER BY SID"; 
$result2 = mysql_query($query, $conn); 

if(isset($_POST["loadbtn"])) 
{ 
    $id = (integer) $_POST["codes"]; 

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' "; 
    $result = mysql_query($query, $conn); 
    $details = mysql_fetch_array($result); 

    $savedName = $details["Name"]; 
    $savedCost = $details["Cost"]; 
    $savedActive = $details["Active"]; 
} 

?> 

<html> 
<head> 
</head> 
<body> 

<div id="upserv"> 
<b id="caption2">Update location</b> 
<br/><br/> 
    <form name="upServForm" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" > 
     <?php 
     $dropdown = "<select name='codes'>"; 
     while($row = mysql_fetch_assoc($result2)) 
     { 
      $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>"; 
     } 
     $dropdown .= "\r\n</select>"; 
    ?> 
    Service ID <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn"> 
     <table width="300" border="0"> 
      <tr> 
      <td>Name</td> 
      <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Cost</td> 
      <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Active</td> 
      <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td> 
      </tr> 
     </table> 
</div> 
<br/> 
<div id="buttons"> 
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" /> 
</div> 
    </form> 

</body> 
</html>