1

Let me start off that I have only been coding for the past few months. I know I've probably got a ton of mistakes or bad practices everywhere. I like constructive criticism, so please let me know what i can do better, along with how to address my current issue.

This code's purpose is to create a table of part numbers, and their associated location column data (storage type, Rack number, Shelf number) based on previously entered information. I've got the entry form working perfectly. I type in a number of parts I want to search for, and it posts that number back to itself. I'm then presented with that number of text input fields to put in part numbers.

    //this form is to submit the number of parts you're looking for,
    //and posts back to itself
    <form action=View2.php method="post">
    <input type="text" name="num">
    <button type="submit">Number of Parts</button>
    </form> 

    //This form takes the posted number, and creates that many text fields, 
    //populated with the number part you are entering.
    <form action="List.php" method="post">
    <?php while ($i<=$num){
    echo "<input type='text' name='part$i' value='part$i'><br><br>";$i++;}?><input type="hidden" name="num" value="<?php $num?>">
    <button type="submit">Submit</button>
    </form>

My problem comes with running a mysqli_query to populate the table. I'm stuck as to where to go from here. I know that i need to take each part number that gets posted, and use it as the criteria in a SELECT WHERE search, so i made this While loop:

    <?php 
    echo "<table border='1'>
        <tr>
        <th>Part Number</th>
        <th>Location</th>
        <th>Rack</th>
        <th>Shelf</th>
        </tr>";

    while($i<=$num){
          $x=$_POST["part$i"];
          $result = ($con,"SELECT * FROM parts WHERE pn ='$x'");
          $row = ($result);
          echo "<tr>";
          echo "<td>" . $x . "</td>";
          echo "<td>" . $row['rcb'] . "</td>";
          echo "<td>" . $row['ra'] . "</td>";
          echo "<td>" . $row['sh'] . "</td>";
          echo "</tr>";
          $i++;
          }

        echo "</table>";?>

The page crashes at this point, but if i comment out the $result line, i'll get the table with the part number fields populated with the values from the previous page.

Anyone have any idea what i'm doing wrong, or how i can do it better?

4

1 回答 1

1

This line doesn't do anything good :

$result = ($con,"SELECT * FROM parts WHERE pn ='$x'");

You need to actually query the DB.

$mysqli = new mysqli("localhost", "my_user", "my_password", "...");

...

$result = $mysqli->query("SELECT * FROM parts WHERE pn ='$x'");

You should use prepared statements so your code isn't open to sql injections though...

于 2013-07-12T17:44:27.450 回答