我有这段代码,它的作用是将数据插入数据库。我有两个叫自动箱,第二个房子箱。当我从下拉列表中选择自动时,自动框正文会显示一个下拉列表和一个文本输入。萨莫与房子盒子。我想要完成的是:当显示自动框并且隐藏了housebox时,我填写了表格然后提交,housebox将不会插入数据库。我希望我清楚这一点
此代码使用起来不安全:SQL 注入
<script>
function addSubject(){
selectedSubject = document.getElementById('subcategory').value
if (selectedSubject == 'auto'){
document.getElementById('autobox').style.display = 'block';
}else if (selectedSubject == 'house'){
document.getElementById('housebox').style.display = 'block';
}
}
</script>
<?php
if(isset($_POST['upload'])){
$title = $_POST['title'];
$description = $_POST['description'];
$price = $_POST['price'];
$subcategory = $_POST['subcategory'];
$mileage = $_POST['mileage'];
$make = $_POST['make'];
$query = "INSERT INTO classifieds (id, subcategory, title, description, mileage,
make, price, broom ) VALUES ('', $subcategory, '$title', '$description',
'$mileage', '$make', '$price', '$broom')";
mysql_query($query) or die(mysql_error());
}
?>
<form action="insert.php" method="post" name="insert" enctype="multipart/form-
data">
<select name="subcategory" id="subcategory" onchange="addSubject()" >
<option value="">Select Manufacturer</option>
<option value="auto">Auto</option>
<option value="house">House</option>
</select>
<span class="style64">Title</span>
<input type="text" name="title" class="input"/>
<table>
<tbody class="autobox" id="autobox" style="display: none;" >
<tr>
<td class="title">Enter mileage:</td>
<td class="field">
<input type="text" name="mileage" size="8" maxlength="7" /></td>
</tr>
<tr>
<td>
<span>Select Manufacturer : </span>
<select name="make">
<option value="Ford">Ford</option>
<option value="Chevrolet">Chevrolet</option>
<option value="Audi">Audi</option>
</select>
</td>
</tr>
</tbody>
<tbody class="housebox" id="housebox" style="display: none;" >
<tr>
<td class="title">Enter Price:</td>
<td class="field">
<input type="text" name="price" size="8" maxlength="7" /></td>
</tr>
<tr>
<td>
<select name="broom">
<option value="1b">1 broom</option>
<option value="2b">2 broom</option>
<option value="3b">3 broom</option>
</select>
</td>
</tr>
</tbody>
</table>
<textarea name="description" rows="5" class="input"></textarea>
<input type="submit" name="upload" value="Continue" />
</form>
谢谢
试试这个。希望这就是你想要的
代码未经过测试
<script>
function addSubject(){
selectedSubject = document.getElementById('subcategory').value
if (selectedSubject == 'auto'){
document.getElementById('autobox').style.display = 'block';
document.getElementById('housebox').style.display = 'none';
}else if (selectedSubject == 'house'){
document.getElementById('housebox').style.display = 'block';
document.getElementById('autobox').style.display = 'none';
}
}
</script>
<?php
if(isset($_POST['upload'])){
$title = $_POST['title'];
$description = $_POST['description'];
$price = $_POST['price'];
$subcategory = $_POST['subcategory'];
$mileage = $_POST['mileage'];
$make = $_POST['make'];
if($subcategory=='auto')
{
$query = "INSERT INTO classifieds (id, subcategory, title, description, mileage, make, price, broom ) VALUES ('', $subcategory, '$title', '$description',
'$mileage', '$make', '', '')";
}
else
{
$query = "INSERT INTO classifieds (id, subcategory, title, description, mileage, make, price, broom ) VALUES ('', $subcategory, '$title', '$description',
'', '', '$price', '$broom')";
}
mysql_query($query) or die(mysql_error());
}
?>
<form action="insert.php" method="post" name="insert" enctype="multipart/form-data">
<select name="subcategory" id="subcategory" onchange="addSubject()" >
<option value="">Select Manufacturer</option>
<option value="auto">Auto</option>
<option value="house">House</option>
</select>
<span class="style64">Title</span>
<input type="text" name="title" class="input"/>
<table>
<tbody class="autobox" id="autobox" style="display: none;" >
<tr>
<td class="title">Enter mileage:</td>
<td class="field">
<input type="text" name="mileage" size="8" maxlength="7" /></td>
</tr>
<tr>
<td>
<span>Select Manufacturer : </span>
<select name="make">
<option value="Ford">Ford</option>
<option value="Chevrolet">Chevrolet</option>
<option value="Audi">Audi</option>
</select>
</td>
</tr>
</tbody>
<tbody class="housebox" id="housebox" style="display: none;" >
<tr>
<td class="title">Enter Price:</td>
<td class="field">
<input type="text" name="price" size="8" maxlength="7" /></td>
</tr>
<tr>
<td>
<select name="broom">
<option value="1b">1 broom</option>
<option value="2b">2 broom</option>
<option value="3b">3 broom</option>
</select>
</td>
</tr>
</tbody>
</table>
<textarea name="description" rows="5" class="input"></textarea>
<input type="submit" name="upload" value="Continue" />
</form>
如果不是这个,请告诉我。
至少需要让它工作:
仅插入相关字段:
<?php
if(isset($_POST['upload'])){
$title = $_POST['title'];
$description = $_POST['description'];
$price = $_POST['price'];
$subcategory = $_POST['subcategory'];
if ($subcategory == 'auto'){
$mileage = $_POST['mileage'];
$make = $_POST['make'];
$query = "INSERT INTO classifieds (subcategory, title, description, mileage, make, price) VALUES ($subcategory, '$title', '$description', '$mileage', '$make', '$price')";
} elseif ($subcategory == 'house') {
$broom = $_POST['broom'];
$query = "INSERT INTO classifieds (subcategory, title, description, broom, price)
VALUES ($subcategory, '$title', '$description', '$price')";
}
mysql_query($query) or die(mysql_error());
}
?>
隐藏非活动字段:
<script>
function addSubject(){
selectedSubject = document.getElementById('subcategory').value;
if (selectedSubject == 'auto'){
document.getElementById('autobox').style.display = 'block';
document.getElementById('housebox').style.display = 'none';
}else if (selectedSubject == 'house'){
document.getElementById('housebox').style.display = 'block';
document.getElementById('autobox').style.display = 'none';
}
}
</script>