0

我正在尝试以用户编辑的形式显示事件的元素。我希望输入或选择当前值,但我希望它以某种方式不必验证各种信息。我有一个日历选择器,想使用下拉菜单来显示时间。此代码挂起几分钟,然后返回一个完全空白的页面。我只是用所有查询使服务器超载还是我的代码有问题?

    $id = $_POST['id'];

        /* Edit Event Form */
        echo '<form action="edit-event-process.php" method="post">';
        echo '<center><table style="text-align:center">';

        /* Set up queries individually to allow for dropdowns for hour, minute, am/pm, category */
        /************* Query for Name *******************/  
        $queryName = mysqli_query($link, "SELECT Name FROM events WHERE id = " . $id);
        while($rowName = mysqli_fetch_assoc($queryName)){
            foreach($rowName as $keyName => $valName){
                echo '<tr><td>Name: </td><td><input type="text" id="Name" name="Name" value="' . $valName . '"></td></tr>';
            }
        }
        /************* Query for Description **************/
        $queryDesc = mysqli_query($link, "SELECT Description FROM events WHERE id = " . $id);
        while($rowDesc = mysqli_fetch_assoc($queryDesc)){
            foreach($rowDesc as $keyDesc => $valDesc){
                echo '<tr><td>Description: </td><td><input type="text" id="Description" name="Description" value="' . $valDesc . '"></td></tr>';
            }
        }
        /************* Query for Start Date ***************/
        $queryStDt = mysqli_query($link, "SELECT StartDate FROM events WHERE id = " . $id);
        while($rowStDt = mysqli_fetch_assoc($queryStDt)){
            foreach($rowStDt as $keyStDt => $valStDt){
                echo '<tr><td>Start Date: </td><td><input type="text" id="StartDate" name="StartDate" value="' . $valStDt . '"></td></tr>';
            }
        }
        /************* Query for All Day **************/
        $queryAllDay = mysqli_query($link, "SELECT AllDay FROM events WHERE id = " . $id);
        while($rowAllDay = mysqli_fetch_assoc($queryAllDay)){
            foreach($rowAllDay as $keyAllDay => $valAllDay){
                if ($valAllDay == '1'){
                    echo '<tr><td>All Day? </td><td><input type="checkbox" id="AllDay" name="AllDay" checked="checked"></td></tr>';
                }
                else {
                    echo '<tr><td>All Day? </td><td><input type="checkbox" id="AllDay" name="AllDay"></td></tr>';
                }
            }
        }

/************/
echo '<div id="dates">';
/************/
        /************* Query for Start Hour ****************/
        echo '<tr><td>Start Hour</td><td><select name="StartHour" id="StartHour">';
        $queryStHr = mysqli_query($link, "SELECT TIME_FORMAT(StartTime, '%h') AS StartHour WHERE id = " . $id);
        while ($rowStHr = mysqli_fetch_assoc($resultStHr)){
            foreach($rowStHr as $keyStHr => $valStHr){
                $selectedStHr = $valStHr;
            }
        }
        if ($valStHr == "" || $valStHr == "null"){
            echo '<option value="null">--</option>';
        }
        else {
            echo '<option value="'.$valStHr.'">' . $valStHr . '</option>';
            echo '<option value="null">--</option>';
        }
        $sthr = 0;
        while($sthr < 13){
            echo '<option value="'.$sthr.'">' . $sthr . '</option>';
            $sthr = $sthr++;
        }
        echo '</select></td></tr>';

        /************* Query for Start Min *****************/
        echo '<tr><td>Start Minute</td><td><select name="StartMin" id="StartMin">';
        $queryStMin = mysqli_query($link, "SELECT TIME_FORMAT(StartTime, '%m') AS StartMin WHERE id = " . $id);
        while ($rowStMin = mysqli_fetch_assoc($resultStMin)){
            foreach($rowStMin as $keyStMin => $valStMin){
                $selectedStMin = $valStMin;
            }
        }
        if ($valStMin == "" || $valStMin == "null"){
            echo '<option value="null">--</option>';
        }
        else{
            if ($valStMin < 10){
                echo '<option value="0'.$valStMin.'">0' . $valStMin . '</option>';
                echo '<option value="null">--</option>';
            }
            else {
                echo '<option value="'.$valStMin.'">' . $valStMin . '</option>';
                echo '<option value="null">--</option>';
            }
        }
        $stmin = 0;
        while($stmin < 60){
            if ($stmin < 10){
                echo '<option value="0'.$stmin.'">0' . $stmin . '</option>';
            }
            else {
                echo '<option value="'.$stmin.'">' . $stmin . '</option>';
            }
            $stmin = $stmin +5;
        }
        echo '</select></td></tr>';

        /************* Query for Start AMPM ****************/
        echo '<tr><td>Start AM/PM</td><td><select name="StAP" id="StAP">';
        $queryStAP = mysqli_query($link, "SELECT TIME_FORMAT(StartTime, '%p') AS StAP WHERE id = " . $id);
        while ($rowStAP = mysqli_fetch_assoc($resultStAP)){
            foreach($rowStAP as $keyStAP => $valStAP){
                $selected = $valStAP;
            }
        }
        if ($valStAP != ""){
            echo '<option selected name="StAP" value="' . $valStAP . '">' . $valStAP . '</option>';
        }
        echo '<option value="--">--</option>';
        echo '<option value="am">am</option>';
        echo '<option value="pm">pm</option>';
        echo '</select></td></tr>';

        /************* Query for End Date *****************/
        $queryEndDt = mysqli_query($link, "SELECT EndDate FROM events WHERE id = " . $id);
        while($rowEndDt = mysqli_fetch_assoc($queryEndDt)){
            foreach($rowEndDt as $keyDesc => $valEndDt){
                echo '<tr><td>Start Date: </td><td><input type="text" id="StartDate" name="StartDate" value="' . $valEndDt . '"></td></tr>';
            }
        }       
        /************* Query for End Hour *****************/
        echo '<tr><td>End Hour</td><td><select name="EndHour" id="EndHour">';
        $queryEndHr = mysqli_query($link, "SELECT TIME_FORMAT(EndTime, '%h') AS EndHour WHERE id = " . $id);
        while ($rowEndHr = mysqli_fetch_assoc($resultEndHr)){
            foreach($rowEndHr as $keyEndHr => $valEndHr){
                $selectedEndHr = $valSEndHr;
            }
        }
        if ($valEndHr == "" || $valEndHr == "null"){
            echo '<option value="null">--</option>';
        }
        else {
            echo '<option value="'.$valEndHr.'">' . $valEndHr . '</option>';
            echo '<option value="null">--</option>';
        }
        $endmin = 0;
        while($endmin < 13){
            echo '<option value="'.$endmin.'">' . $endmin . '</option>';
            $endmin = $endmin++;
        }
        echo '</select></td></tr>';

        /************* Query for End Min ******************/
        echo '<tr><td>Start Minute</td><td><select name="EndMin" id="EndMin">';
        $queryEndMin = mysqli_query($link, "SELECT TIME_FORMAT(EndTime, '%m') AS EndMin WHERE id = " . $id);
        while ($rowEndMin = mysqli_fetch_assoc($resultEndMin)){
            foreach($rowEndMin as $keyEndMin => $valEndMin){
                $selectedEndMin = $valEndMin;
            }
        }
        if ($valEndMin == "" || $valEndMin == "null"){
            echo '<option value="null">--</option>';
        }
        else{
            if ($valEndMin < 10){
                echo '<option value="0'.$valEndMin.'">0' . $valEndMin . '</option>';
                echo '<option value="null">--</option>';
            }
            else {
                echo '<option value="'.$valEndMin.'">' . $valEndMin . '</option>';
                echo '<option value="null">--</option>';
            }
        }
        $endmin = 0;
        while($endmin < 60){
            if ($endmin < 10){
                echo '<option value="0'.$endmin.'">0' . $endmin . '</option>';
            }
            else {
                echo '<option value="'.$endmin.'">' . $endmin . '</option>';
            }
            $endmin = $endmin +5;
        }
        echo '</select></td></tr>';

        /************* Query for End AMPM *****************/
        echo '<tr><td>End AM/PM</td><td><select name="EndAP" id="EndAP">';
        $queryStAP = mysqli_query($link, "SELECT TIME_FORMAT(StartTime, '%p') AS EndAP WHERE id = " . $id);
        while ($rowEndAP = mysqli_fetch_assoc($resultEndAP)){
            foreach($rowEndAP as $keyEndAP => $valEndAP){
                $selected = $valEndAP;
            }
        }
        if ($valEndAP != ""){
            echo '<option selected name="StAP" value="' . $valEndAP . '">' . $valEndAP . '</option>';
        }
        echo '<option name="EndAP" value="--">--</option>';
        echo '<option name="EndAP" value="am">am</option>';
        echo '<option name="EndAP" value="pm">pm</option>';
        echo '</select></td></tr>';
/*************/
echo '</div>';
/************/
        /************* Query for Place ********************/
        $queryPlace = mysqli_query($link, "SELECT Place FROM events WHERE id = " . $id);
        while($rowPlace = mysqli_fetch_assoc($queryPlace)){
            foreach($rowPlace as $keyPlace => $valPlace){
                echo '<tr><td>Place: </td><td><input type="text" id="Place" name="Place" value="' . $valPlace . '"></td></tr>';
            }
        }
        /************** Query for Category *****************/           
        echo '<tr><td>Category</td><td><select name="category" id="category">';
        $query2 = "SELECT Category FROM events WHERE id = " . $id;
        $result2 = mysqli_query($link, $query2);
        while ($row2 = mysqli_fetch_assoc($result2)){
            foreach($row2 as $key2 => $val2){
                $selected = $val2;
            }
        }
        echo '<option name="none" value="">none</option>';
        $queryCategory = "SELECT name FROM categories";
        $result = mysqli_query($link, $queryCategory);
        while($row1 = mysqli_fetch_assoc($result)){
            foreach($row1 as $key1 => $val1){
                if ($val1 != ""){
                    if ($val1 == $val2){
                        echo '<option selected name="' . $key . '" value="' . $val1 . '">' . $val1 . '</option>';
                    }
                    else {
                        echo '<option name="' . $key . '" value="' . $val1 . '">' . $val1 . '</option>';
                    }
                }
            }
        }
        echo '</select></td></tr>';

        echo '<input type="hidden" name="id" value="' . $id . '" />';
        echo '<tr><td><input type="submit" value="Save Changes" /></td></tr>';
        echo "</table>";
        echo "</form>";
4

1 回答 1

1

这不是一个完整的答案,但我建议你看看这个并修改你的代码。您正在运行不必要的查询,并且也存在安全错误。

//This needs to be casted here (assuming it is an int)
$id = (int) $_POST['id'];

/* Edit Event Form */
echo '<form action="edit-event-process.php" method="post">';
echo '<center><table style="text-align:center">';

/* Don't do queries individually */
$queryEvent = mysqli_query($link, "SELECT Name,Description,StartDate,AllDay FROM events WHERE id = " . $id);
if($row = mysqli_fetch_assoc($queryEvent)){
?>
    <tr>
        <td>Name: </td>
        <td><input type="text" id="Name" name="Name" value="<?php echo $row['Name']; ?>"></td>
    </tr>
    <tr>
        <td>Description: </td>
        <td><input type="text" id="Description" name="Description" value="<?php echo $row['Description']; ?>"></td>
    </tr>
    <tr>
        <td>Start Date: </td>
        <td><input type="text" id="StartDate" name="StartDate" value="<?php echo $row['StartDate']; ?>"></td>
    </tr>
    <tr>
        <td>All Day? </td>
        <td><input type="checkbox" id="AllDay" name="AllDay"<?php if($row['AllDay'] == '1') echo 'checked="checked"'; ?>></td></tr>';
    </tr>
<?php
}
于 2013-04-20T03:00:56.723 回答