我有一个表格,其中有两个部分,每个部分从一行开始,并且可以使用脚本添加更多行。你可以在this page的底部看到表格。如何防止默认值提交到MySQL数据库的行
该表格使用默认值,我正在寻找一种不提交包含默认值(对MySQL数据库和通过电子邮件)的行的方式。因为人们只能填写一行(即Waged或Unwaged费率),所以我通常只需要提交一行信息。下面是表单的当前代码。
感谢提前任何帮助,
尼克
HTML:
<form method="post" name="booking" action="bookingengine.php">
<fieldset>
<h2>Waged/Organisation Rate</h2>
<p>
<input type="text" name="name[]">
<input type="text" name="email[]">
<input type="text" name="organisation[]">
<input type="text" name="position[]">
</p>
<p><span class="add">Add person</span></p>
</fieldset>
<fieldset>
<h2>Unwaged Rate</h2>
<p>
<input type="text" name="name2[]">
<input type="text" name="email2[]">
</p>
<p><span class="add">Add person</span></p>
</fieldset>
<p><input type="submit" name="submit" id="submit" value="Submit and proceed to payment page" class="submit-button" /></p>
</form>
脚本:
<script>
$(function() {
var defaults = {
'name[]': 'Name',
'name2[]': 'Name',
'email[]': 'Email',
'email2[]': 'Email',
'organisation[]': 'Organisation',
'position[]': 'Position'
};
// separating set and remove
// note that you could add "defaults" as an arg if you had different
// defaults for different fieldsets
var setDefaults = function(inputElements) {
$(inputElements).each(function() {
var d = defaults[this.name];
if (d) {
// set with jQuery
// we don't need the data - just check on the class
$(this).val(d)
.addClass('default_value');
}
});
};
var removeDefaults = function(inputElements) {
$(inputElements).each(function() {
if ($(this).hasClass('default_value')) {
$(this).val('')
.removeClass('default_value');
}
});
};
setDefaults(jQuery('form[name=booking] input'));
$("span.add").click(function() {
// get the correct fieldset based on the current element
var $fieldset = $(this).closest('fieldset');
var $inputset = $('p', $fieldset)
.first()
.clone()
.insertBefore($('p', $fieldset).last());
// add a remove button
$inputset.append('<span class="remove">Remove</span>');
setDefaults($('input', $inputset));
// return false; (only needed if this is a link)
});
// use delegate here to avoid adding new
// handlers for new elements
$('fieldset').delegate("span.remove", {
'click': function() {
$(this).parent().remove();
}
});
// Toggles
$('form[name=booking]').delegate('input', {
'focus': function() {
removeDefaults($(this));
},
'blur': function() {
// switch to using .val() for consistency
if (!$(this).val()) setDefaults(this);
}
});
});
</script>
PHP:
<?php
$emailFrom = "****";
$emailTo = "****";
$subject = "****";
$body = "****" . "\n\n";
$row_count = count($_POST['name']);
$row_count2 = count($_POST['name2']);
$values = array();
for($i = 0; $i < $row_count; $i++) {
// variable sanitation...
$name = trim(stripslashes($_POST['name'][$i]));
$email = trim(stripslashes($_POST['email'][$i]));
$organisation = trim(stripslashes($_POST['organisation'][$i]));
$position = trim(stripslashes($_POST['position'][$i]));
// this assumes name, email, and telephone are required & present in each element
// otherwise you will have spurious line breaks.
$body .= "Name: " . $name . " Email: " . $email . " Organisation: " . $organisation . " Position: " . $position . "\n\n";
//prepare the values for MySQL
$values[] = '(\'' . $name . '\',\'' . $email . '\',\'' . $organisation . '\',\'' . $position . '\')';
}
mysql_select_db($database, $connection);
$query1 = "INSERT INTO conference (Name, Email, Organisation, Position) VALUES " . implode(',', $values);
$result1 = mysql_query($query1);
if (!$result1) {
die('Invalid query: ' . mysql_error());
}
$body .= "****" . "\n\n";
$values = array();
for($i = 0; $i < $row_count; $i++) {
// variable sanitation...
$name = trim(stripslashes($_POST['name2'][$i]));
$email = trim(stripslashes($_POST['email2'][$i]));
// this assumes name, email, and telephone are required & present in each element
// otherwise you will have spurious line breaks.
$body .= "Name: " . $name . " Email: " . $email . "\n\n";
//prepare the values for MySQL
$values2[] = '(\'' . $name . '\',\'' . $email . '\')';
}
$query2 = "INSERT INTO conference (Name, Email) VALUES " . implode(',', $values2);
$result2 = mysql_query($query2);
if (!$result2) {
die('Invalid query: ' . mysql_error());
}
// send email
$success = mail($emailTo, $subject, $body, "From: <$emailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=/conference/payment.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
警告 - 您的代码易受SQL注入影响! –
谢谢。你能告诉我我需要做些什么来使它更安全吗? – Nick
使用准备好的语句。 –