从按钮点击将数据从MySQL数据库加载到HTML文本框

Question

我有一个用于更新现有记录的小表单。

我使用PHP加载服务ID s到下拉框。当用户点击按钮时，应该在下面的文本框中显示与该ID相关的其他详细信息。 这是我到目前为止的代码。

<html> 
<head> 
</head> 
<body> 

<?php 
//Database initialization 
require_once("db_handler.php"); 

$conn = iniCon(); 
$db = selectDB($conn); 

$query = "SELECT * FROM taxi_services ORDER BY SID"; 
$result2 = mysql_query($query, $conn); 

?> 

<div id="upserv"> 
<b id="caption2">Update location</b> 
<br/><br/> 
    <form name="upServForm" action="<?php echo $PHP_SELF; ?>" method="post" > 
     <?php 
     $dropdown = "<select name='codes'>"; 
     while($row = mysql_fetch_assoc($result2)) 
     { 
      $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>"; 
     } 
     $dropdown .= "\r\n</select>"; 
    ?> 
    Service ID <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn"> 
     <table width="300" border="0"> 
      <tr> 
      <td>Name</td> 
      <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Cost</td> 
      <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Active</td> 
      <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td> 
      </tr> 
     </table> 
</div> 
<br/> 
<div id="buttons"> 
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" /> 
</div> 
    </form> 

<?php 

if(isset($_POST["loadbtn"])) 
{ 
    $id = $_POST["codes"]; 

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' "; 
    $result = mysql_query($query, $conn); 
    $details = mysql_fetch_array($result); 

    $savedName = $details["Name"]; 
    $savedCost = $details["Cost"]; 
    $savedActive = $details["Active"]; 
} 

?> 

</body> 
</html> 

该查询执行得很好，但数据没有显示在文本框中。任何人都可以告诉我我在这里失踪了什么？

谢谢。

Answer 1

您的查询必须是在输出之前：

还要注意的id类型转换(integer)来抵御SQL注入。

还要注意的安全问题$PHP_SELFhttp://php.about.com/od/learnphp/qt/_SERVER_PHP.htm 我改变了代码$_SERVER['SCRIPT_NAME']

还要注意不要使用register_globals并在配置禁用它，如果你可以（使用$_SERVER['SCRIPT_NAME'] instead of $ SCRIPT_NAME`）：http://www.php.net/manual/en/security.globals.php

如果你从一本书学习了PHP，并且这是基于本书的源代码，那么你应该马上扔掉它。

<?php 

//Database initialization 
require_once("db_handler.php"); 

$conn = iniCon(); 
$db = selectDB($conn); 

$query = "SELECT * FROM taxi_services ORDER BY SID"; 
$result2 = mysql_query($query, $conn); 

if(isset($_POST["loadbtn"])) 
{ 
    $id = (integer) $_POST["codes"]; 

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' "; 
    $result = mysql_query($query, $conn); 
    $details = mysql_fetch_array($result); 

    $savedName = $details["Name"]; 
    $savedCost = $details["Cost"]; 
    $savedActive = $details["Active"]; 
} 

?> 

<html> 
<head> 
</head> 
<body> 

<div id="upserv"> 
<b id="caption2">Update location</b> 
<br/><br/> 
    <form name="upServForm" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" > 
     <?php 
     $dropdown = "<select name='codes'>"; 
     while($row = mysql_fetch_assoc($result2)) 
     { 
      $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>"; 
     } 
     $dropdown .= "\r\n</select>"; 
    ?> 
    Service ID <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn"> 
     <table width="300" border="0"> 
      <tr> 
      <td>Name</td> 
      <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Cost</td> 
      <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td> 
      </tr> 
      <tr> 
      <td>Active</td> 
      <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td> 
      </tr> 
     </table> 
</div> 
<br/> 
<div id="buttons"> 
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" /> 
</div> 
    </form> 

</body> 
</html>