0

我有这段代码,它的作用是将数据插入数据库。我有两个,一个叫autobox,第二个housebox。当我从下拉列表中选择自动时,自动框 tbody 会显示一个下拉列表和一个文本输入。与housebox 的萨摩。我想要完成的是:当显示自动框并且隐藏housebox,我填写表格然后提交它时,housebox 不会被插入到数据库中。我希望我清楚这一点

此代码按原样使用并不安全:SQL INJECTION

  <script>
    function addSubject(){
   selectedSubject = document.getElementById('subcategory').value
   if (selectedSubject == 'auto'){
    document.getElementById('autobox').style.display = 'block';

}else if (selectedSubject == 'house'){
    document.getElementById('housebox').style.display = 'block';
   } 
   }
   </script>

   <?php    
   if(isset($_POST['upload'])){
   $title = $_POST['title'];
   $description = $_POST['description'];
   $price = $_POST['price'];
   $subcategory = $_POST['subcategory'];
   $mileage = $_POST['mileage'];
   $make = $_POST['make'];


   $query = "INSERT INTO classifieds (id, subcategory, title, description, mileage, 

   make, price, broom ) VALUES ('', $subcategory, '$title', '$description', 

   '$mileage', '$make', '$price', '$broom')";
    mysql_query($query) or die(mysql_error());

   } 
   ?>

   <form action="insert.php"  method="post" name="insert" enctype="multipart/form-

  data">

  <select name="subcategory" id="subcategory" onchange="addSubject()"  >
   <option value="">Select Manufacturer</option>
  <option value="auto">Auto</option>
  <option value="house">House</option>
  </select>
  <span class="style64">Title</span> 
      <input type="text" name="title" class="input"/>

  <table>
  <tbody class="autobox"  id="autobox" style="display: none;" >
  <tr>
   <td class="title">Enter mileage:</td>
  <td class="field">
  <input type="text" name="mileage" size="8" maxlength="7"  /></td>
   </tr>
  <tr>
  <td>
   <span>Select Manufacturer : </span>

  <select name="make">
  <option value="Ford">Ford</option>
  <option value="Chevrolet">Chevrolet</option>
  <option value="Audi">Audi</option>
      </select>

 </td>
 </tr>
 </tbody>

 <tbody class="housebox"  id="housebox" style="display: none;" >
 <tr>
 <td class="title">Enter Price:</td>
 <td class="field">
  <input type="text" name="price" size="8" maxlength="7"  /></td>
   </tr>
   <tr>
   <td>

  <select name="broom">
<option value="1b">1 broom</option>
<option value="2b">2 broom</option>
<option value="3b">3 broom</option>
      </select>

   </td>
   </tr>
  </tbody>
  </table>

   <textarea name="description" rows="5" class="input"></textarea>
   <input type="submit" name="upload" value="Continue" />
                    </form>

谢谢

4

2 回答 2

1

试试这个。希望这是你想要的

代码未经测试

<script>
    function addSubject(){
   selectedSubject = document.getElementById('subcategory').value
   if (selectedSubject == 'auto'){
    document.getElementById('autobox').style.display = 'block';
     document.getElementById('housebox').style.display = 'none';
}else if (selectedSubject == 'house'){
    document.getElementById('housebox').style.display = 'block';
     document.getElementById('autobox').style.display = 'none';
   } 
   }
   </script>

   <?php    
   if(isset($_POST['upload'])){
   $title = $_POST['title'];
   $description = $_POST['description'];
   $price = $_POST['price'];
   $subcategory = $_POST['subcategory'];
   $mileage = $_POST['mileage'];
   $make = $_POST['make'];
    if($subcategory=='auto')
    {
               $query = "INSERT INTO classifieds (id, subcategory, title, description, mileage, make, price, broom ) VALUES ('', $subcategory, '$title', '$description', 

       '$mileage', '$make', '', '')";
    }
    else
    {
       $query = "INSERT INTO classifieds (id, subcategory, title, description, mileage, make, price, broom ) VALUES ('', $subcategory, '$title', '$description', 

       '', '', '$price', '$broom')";
    }
    mysql_query($query) or die(mysql_error());
   } 
   ?>

   <form action="insert.php"  method="post" name="insert" enctype="multipart/form-data">

  <select name="subcategory" id="subcategory" onchange="addSubject()"  >
   <option value="">Select Manufacturer</option>
  <option value="auto">Auto</option>
  <option value="house">House</option>
  </select>
  <span class="style64">Title</span> 
      <input type="text" name="title" class="input"/>

  <table>
  <tbody class="autobox"  id="autobox" style="display: none;" >
  <tr>
   <td class="title">Enter mileage:</td>
  <td class="field">
  <input type="text" name="mileage" size="8" maxlength="7"  /></td>
   </tr>
  <tr>
  <td>
   <span>Select Manufacturer : </span>

  <select name="make">
  <option value="Ford">Ford</option>
  <option value="Chevrolet">Chevrolet</option>
  <option value="Audi">Audi</option>
      </select>

 </td>
 </tr>
 </tbody>

 <tbody class="housebox"  id="housebox" style="display: none;" >
 <tr>
 <td class="title">Enter Price:</td>
 <td class="field">
  <input type="text" name="price" size="8" maxlength="7"  /></td>
   </tr>
   <tr>
   <td>

  <select name="broom">
<option value="1b">1 broom</option>
<option value="2b">2 broom</option>
<option value="3b">3 broom</option>
      </select>

   </td>
   </tr>
  </tbody>
  </table>

   <textarea name="description" rows="5" class="input"></textarea>
   <input type="submit" name="upload" value="Continue" />
                    </form>

如果不是这个,请告诉我。谢谢你

于 2012-05-26T05:43:39.483 回答
0

至少你需要让它工作:

仅插入相关字段:

 <?php    
 if(isset($_POST['upload'])){
    $title = $_POST['title'];
    $description = $_POST['description'];
    $price = $_POST['price'];
    $subcategory = $_POST['subcategory'];

    if ($subcategory == 'auto'){
      $mileage = $_POST['mileage'];
      $make = $_POST['make'];
      $query = "INSERT INTO classifieds (subcategory, title, description, mileage, make, price) VALUES ($subcategory, '$title', '$description', '$mileage', '$make', '$price')";
    } elseif ($subcategory == 'house') {
      $broom = $_POST['broom'];
      $query = "INSERT INTO classifieds (subcategory, title, description, broom, price) 
                VALUES ($subcategory, '$title', '$description', '$price')";
    }

    mysql_query($query) or die(mysql_error());
 } 
 ?>

隐藏非活动字段:

<script>
function addSubject(){
  selectedSubject = document.getElementById('subcategory').value;
  if (selectedSubject == 'auto'){
    document.getElementById('autobox').style.display = 'block';
    document.getElementById('housebox').style.display = 'none';
  }else if (selectedSubject == 'house'){
    document.getElementById('housebox').style.display = 'block';
    document.getElementById('autobox').style.display = 'none';
  } 
}
</script>
于 2012-05-26T05:57:02.977 回答