多输入表格不传递信息到mysql数据库

Question

我想创建一个表格为我的俱乐部，它需要从数据库中的信息，使从数据库中的学员的子选择。然后另外从事件列表中选择一个并将其插入到数据库中。它写入数据库确定，依次通过正确的次数，但犯规通$见习值到数据库 我认为失败是信息的传递从

print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' /> 

到$查询在if(isset($_POST['formSubmit'])) loop.

有人告诉我我要去哪里吗？下面列出的代码

<?php 

//Retrieve trainees of specified grade 

$data = mysql_query('SELECT * FROM membership WHERE grade = "Trainee" ') 
or die(mysql_error()); // select works 

// Writes to database OK, including Trainee if manual value entered into form like done in instrucot 
    $query = "INSERT INTO testtraining (trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ('{$_POST['Trainee']}', '{$_POST['activity']}', '{$_POST['instructor']}', '{$_POST['enteredBy']}', NOW())"; 

// Feedback and posting 
    if(isset($_POST['formSubmit'])) 

{ 
    $aTrainee = $_POST['data']; 
    $training = $_POST['activity']; 

    if(empty($aTrainee)) 
     { 
      echo("<p>You didn't select trainees.</p>\n");    
     } else { 
     $N = count($aTrainee); 
     echo("<p>You selected $N trainee(s): "); 

      for($i=0; $i < $N; $i++) // loop thru all selected checkbox adding 
       { 
        $trainee = $aTrainee[$i]; 
        // Execute the query. 
        if (@mysql_query ($query)) { 
         // lists OK on screen but does not pass to form for writing to database 
         print "<p>The $training added for $trainee.</p>"; 
            } 
       } 
     }         
} 
// end of posting 

// Start of form 
// Creates list with checkbox, cycles through info from membership database and makes a  multi select checkbox list 
while($info = mysql_fetch_array($data)) //repeat while there is still data from SELECT 
{ 
?> 
<form action ="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" > 
<input id= "<?= $info['no'] ?>" type="checkbox" name="data[]" value="<?= $info['no'] ?>" /> 
<label for="<?= $info['no'] ?>"><?= $info['_no'] ?></label> 
<br /> 
<? 
} 

// Training Activities checkbox, Displays training activity to be selected from 
print '<p><input type="radio" name="activity" value="Training1" /> Training1</p>';  //works 
print '<p><input type="radio" name="activity" value="Training2" /> Training2</p>'; //works 

print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' /> 
<input type="hidden" name="instructor" value= anInstructor /> 
<input type="hidden" name="enteredBy" value=' . ($_SESSION['username']) . ' /> 
<input type="submit" name="formSubmit" value="Add Training" /> 
</form>'; 

mysql_close(); // Close the database connection; 
?> 

Answer 1

您的查询不会从字符串中跳出来插入变量。 而是尝试：

$query = "INSERT INTO testtraining (trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ('".$_POST['Trainee']."', '".$_POST['activity']."', '".$_POST['instructor']."','".$_POST['enteredBy']."', NOW())"; 

虽然我建议首先将这些$ _ POST变量到$变量，并运行一些验证，以确保它是干净的。 addslashes()是确保不会弹出SQL错误的良好开端。但这不是关于安全地插入消毒用户输入的讲座。