php - 将数据库项目添加到 php 表单

Question

我是 php 和 mysql 的新手，我想要一些有关如何将数据从数据库字段传输到 php 表单的帮助。我已将数据显示在表格上，并且在最后一列上我有一个按钮(赞助商)，其中您可以选择该行，特定字段将显示在选择按钮(赞助商)后打开的表单上。我有三个显示数据的脚本(needy.php)，其中按钮发送 id/No 字段选择(add.php)，然后将要发送数据的表单(details.php)下面是代码。请帮助了解如何进行操作。

      needy.php

<?php

$username = "egesachi_baby";
$password = "babyclass" ;
$database = "egesachi_babyclass";
$server = "localhost";

$db_handle = mysql_connect($server,$username,$password);

$db_found = mysql_select_db($database)or die ("cannot connect");


if ($db_found) {

$sql = "SELECT * FROM needy";
$result= mysql_query($sql);

echo "<table border='1'>
<tr>

<th>Photo</th>
<th>Name</th>
<th>Age</th>
</tr>";

while($db_field = mysql_fetch_assoc($result)) {

echo "<tr>";

echo "<td>" . '<img src="data:image/jpeg;base64,' . 
base64_encode(     $db_field['Photo'])  .   
'"      width="280" height="280" />'; "</td>";

echo "<td>" . $db_field['Name']."</td>";
echo "<td>" . $db_field['Age']."</td>";
echo "<td>";
echo "<form action='add.php' method='post'>";
echo "<input type='hidden' name='pupilno' value='".$db_field['No']."'>";
echo "<input type='submit' value='sponsor' />";
echo "</form>";
echo "</td>";
echo "</tr>";  

}
echo "</table>";
 mysql_close($db_handle);

}


else {
   print "database not found";

 mysql_close($db_handle);
}

?>

 add.php

 <?php
     session_start();

   $username = "egesachi_baby";
   $password = "babyclass" ;
   $database = "egesachi_babyclass";
   $server = "localhost";

  $db_handle = mysql_connect($server,$username,$password);

  $db_found = mysql_select_db($database)or die ("cannot connect");


if ($db_found) {

 if(isset($_POST['sponsor'])) {
   $id = $_POST['pupilno'];

     $sql = "SELECT Name FROM needy WHERE No= '$_POST['pupilno']'";
     $result= mysql_query($sql);

 while ( $db_field = mysql_fetch_assoc($result) ) {

          $sponsored = $db_field['Name'] . "<BR>";


 }
mysql_close($db_handle);

 }

 else {

  print "Database NOT Found ";
  mysql_close($db_handle);

  }




 }


?> 

 details.php

 <html>
 <body>

      <form action="paypal.php" method="post">

      Pupil No:   <input type="text" name="pupilid"><p/>

      pupil Name: <input type="text" name="sponsored"><p/>

      Your Name:  <input type="text" name="name"><p/>

      Your Email :<input type="text" name="email"><p/>

      Phone No:   <input type="text" name="phone"><p/r>

      Country:    <input type="text" name="country"><p/>

      Contribution:<input type="text" name="con"><p/>



    <input type="submit" value="Send it!">
    </form>

</body>
</html> 

Answer 1

试试这个:

add.php

...
 while ( $db_field = mysql_fetch_assoc($result) ) {

          $sponsored = $db_field['Name'];


 }
header('Location: add.php?pupil='.$_POST['pupilno'].'&name='.$sponsored );
...

然后

details.php

...
  <form action="paypal.php" method="post">

  Pupil No:   <input type="text" name="pupilid" value="<?php $_GET['pupil'] ?>"><p/>

  pupil Name: <input type="text" name="sponsored" value="<?php $_GET['name'] ?>"><p/>

  Your Name:  <input type="text" name="name"><p/>

  Your Email :<input type="text" name="email"><p/>

  Phone No:   <input type="text" name="phone"><p/r>

  Country:    <input type="text" name="country"><p/>

  Contribution:<input type="text" name="con"><p/>



<input type="submit" value="Send it!">
</form>
...

然而，还需要做更多的事情来验证 POST/GET 变量并保护自己免受 add.php 页面上的 SQL 注入(inject) - 我会结合 add.php 和details.php 脚本，但这是基于根据您的示例的简单化观点，可能还有其他原因将它们分开。

php mysql 函数也已被弃用 ( http://www.php.net/mysql_query )，现在考虑将脚本更新为 mysqli_query 或 PDO 并阅读 SQL 注入(inject)预防: How can I prevent SQL injection in PHP?