0

目前,如果数据库中存在,用户可以从菜单中选择他们的名字。如果他们的名字不存在,他们可以将他们的名字添加到表单中。

我希望表单检查是否选择了名称。如果尚未选择名称,则用户可以将其名称插入表单中。关于如何做到这一点的任何想法?提前致谢。

Form 

<html>  
<head>  
<title>Form Input Data</title> 
</head>
<table>  
<body><table border="1">
<table bgcolor="lightblue"></body>

     <form method="post" action="insert_ac.php"> 
    <br>
<tr><td align="left"><strong>Nurse Information</strong></td></tr>
<tr>
<td><font color="red">Please select your name</font></td>
</tr>
<tr>
<td>Fullname</td>
<td><select name="valuelist">;
<option value="valuelist" name="nurse_name" value='<?php echo $nurse_name;  ?>'></option>
<?php
$value=$_POST ["valuelist"];
$con = mysql_connect("localhost","root","") or die('Could not connect:'.mysql_error());
mysql_select_db("a&e", $con) or die('Could not select database.');

$fetch_nurse_name = mysql_query("SELECT DISTINCT Fullname FROM nurse");

while($throw_nurse_name = mysql_fetch_array($fetch_nurse_name)) {
echo '<option   value=\"'.$throw_nurse_name[0].'">'.$throw_nurse_name[0].'</option>';
 }
 echo "</select>";

?>
</td>
</tr>
<tr>
<td>Please register name here:</td>
<tr>  

        <td>Fullname</td>

       <td><input type="text" name="nurse_forename" size="30"> </td>

     </tr>
 </tr>

PHP 

  //get NURSE values from form
  $nurse_forename = $_POST['nurse_forename'];
//check ALL fields have values 
if($_POST['nurse_forename']==""){
die('ERROR: Please Register a Nurse');
 }
//insert 
$sql ="INSERT INTO Nurse(Fullname)
VALUES('$nurse_forename')";
mysql_query($sql,$con) or die('Error: ' . mysql_error());
echo "1 record added";
// close connection 
mysql_close($con);
?>
4

2 回答 2

0

我不太明白你在上面的 HTML 中获取 $nurse_name 的位置,但我认为它就在那里..

因此,请执行以下操作以选择当前护士姓名:

while($throw_nurse_name = mysql_fetch_array($fetch_nurse_name)) {
echo '<option '. ( $throw_nurse_name[0] === $nurse_name ? 'selected="selected"' : '' ) .'  value=\"'.$throw_nurse_name[0].'">'.$throw_nurse_name[0].'</option>';
 }
 echo "</select>";

哦,我敢肯定,如果您在存储数据库输入之前转义数据库输入,以及在输出数据库输入之前对其进行转义,护士们会很高兴的。

//insert 
$sql ="INSERT INTO Nurse(Fullname) VALUES('". mysql_real_escape_string( $nurse_forename ) ."')";

输出时至少使用htmlspecialchars()

<option value="valuelist" name="nurse_name" value='<?php echo htmlspecialchars( $nurse_name; )  ?>'></option>

还建议使用mysqli函数而不是 mysql,因为不推荐使用 mysql。

于 2013-02-16T23:42:29.563 回答
0

更新了一些代码(只是一个例子):

<?php

$nurses = array() ;
$nurse_found = false ;
//Get all nurses from the database and store them in the array before the next step


//Print your select input
echo "<select>" ;
foreach ($nurses as $nurse){
  $selected = "" ;  
  if (isset($_POST['nurse_forename']) && $nurse['name']===$_POST['nurse_forename']){
    $nurse_found = true ;
    $selected = "selected" ;
  }
  echo "<option value='{$nurse['name']}' {$selected}>{$nurse['name']}</option>" ;

}
echo "</select"> ;

//NEXT STEP:
//A nurse is not found. If form is submitted, we can add her into database.

if (!$nurse_found && !empty($_POST['nurse_forename'])){
  $name = mysql_real_escape_string($_POST['nurse_forename']) ;
  $query = "INSERT INTO `nurses` VALUES ('{$name}') ; " ;
  $result = mysql_query($query, $mysql_link) ;
  if (mysql_affected_rows($mysql_link) == 1){
    echo "A new nurse has been added" ;
  }
}
?>

一些提示:

  • 编写结构良好的代码并将逻辑操作与图形操作分开
  • 停止使用 mysql_* 扩展,因为它已被弃用。请改用mysqliPDO
  • 清理并检查用户输入的所有内容。否则,您的数据库容易受到SQL 注入攻击,您的网站也容易受到XSS攻击。

祝你好运!

于 2013-02-16T23:45:04.830 回答