0

我构建表单数据的方式是在 while 循环中创建它们,但每次创建它们时,表单都会采用唯一的 id。所以我的问题是,我如何单独访问它们并将指定的数据更新到 MYSQL 服务器。我试图在脚本末尾的代码中执行此操作,但我不确定如何单独访问表单

<?php 
        include 'user_data.php';
        include 'core.inc.php';

        $query = mysql_query("SELECT `post_text` FROM `posts`,`sub_posts` WHERE sub_posts.post_id = posts.id AND                sub_posts.user_id='$user_id'");

        while($row = mysql_fetch_array($query)){

          ?><a href="#" class="askedClick"><?php echo $row[post_text].'<br>'?></a>

          <form action="<?php $curent_file ?>" method="POST">
            <textarea name="answer_field" > </textarea><br />
            <input type="submit" value="Submit Answer">
            <input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />
         </form>

    <?php
        }//While Loop
    if (isset($_POST['answer_field']) && !empty($_POST['answer_field'])){   
        $answer = mysql_real_escape_string($_POST['answer_field']);
        $id = intval($_POST ['post_id']);
        $query = "UPDATE `sub_posts` SET `sub_answer`='$answer' WHERE `post_id`='$id'";
    }


?>
4

1 回答 1

2

单击“提交”字段时,只会发布一个表单。表单名称不会自行提交。相反,您可以将表单对应的帖子 ID 放置为隐藏字段:

<input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />

然后后来:

$answer = mysql_real_escape_string ($_POST ['answer']);
$id = intval ($_POST ['post_id']);
$query = "UPDATE `sub_posts` SET `sub_answer`='{$answer}' WHERE `post_id`={$id}";

请注意,您肯定需要在将答案放入查询之前对其进行转义,并确保 ID 是一个数字。否则,您将向 SQL 注入攻击开放您的代码。

于 2013-02-16T00:55:38.447 回答