1. 技术文章
  2. Connecting html form to php page according to primary key

Connecting html form to php page according to primary key

拥有回忆 提交于 2020-01-14 05:41:14

问题


Ok so essentially what I'm trying to do is add a q&a component to my website (first website, so my current php knowledge is minimal). I have the html page where the user's input is recorded, and added to the database, but then I'm having trouble pulling that specific info from the database.

My current php page is pulling info where the questiondetail = the question detail (detail='$detail') in the database, but that could potentially present a problem if two users enter the same information as their question details (unlikely, but still possible, especially if the same person accidentally submits the question twice). What I want to do is have the page load according to the database's question_id (primary key) which is the only thing that will always be unique.

HTML CODE:

<form id="question_outline" action="process.php" method="get">
<p><textarea name="title" id="title_layout" type="text"  placeholder="Question Title" ></textarea> </p>
<textarea name="detail"  id= "detail_layout" type="text" placeholder="Question Details"  ></textarea>
<div id="break"> </div>
<input id="submit_form" name="submit_question" value="Submit Question" type="submit" /> 
</form>

PROCESS.PHP CODE:

$name2 = $_GET['name2'];
$title = $_GET['title'];
$detail = $_GET['detail'];

$query= "INSERT INTO questions (title, detail) VALUES ('$title', '$detail')";

$result = mysql_query("SELECT * FROM questions where detail='$detail' ") 
or die(mysql_error());

The info is being stored correctly in the database, and is being pulled out successfully when detail=$detail, but what I'm looking to do is have it pulled out according to the question_id because that is the only value that will always be unique. Any response will be greatly appreciated!

Updated Version

QUESTION_EXAMPLE.PHP CODE

<?php
$server_name = "my_servername";
$db_user_name ="my_username";
$db_password = "my_password";
$database = "my_database";
$submit = $_GET['submit'];
$title = $_GET['title'];
$detail = $_GET['detail'];
$conn = mysql_connect($server_name, $db_user_name, $db_password);

mysql_select_db($database) or die( "Unable to select database");

$result = mysql_query("SELECT title, detail FROM questions WHERE id =" .
mysql_real_escape_string($_GET["id"]), $conn);

$row = mysql_fetch_assoc($result);

mysql_close($conn);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>

回答1:


Firstly, if that is code to be used in production, please make sure you are escaping your SQL parameters before plugging them in to your statement. Nobody enjoys a SQL injection attack. I would recommend using PDO instead as it supports prepared statements and parameter binding which is much much safer.

How can I prevent SQL injection in PHP?

So you have a form...

[title]

[details]

[submit]

And that gets inserted into your database...

INSERT INTO questions (title, details) VALUES (?, ?)

You can get the last insert id using mysql_insert_id, http://php.net/manual/en/function.mysql-insert-id.php.

$id = mysql_insert_id();

Then you can get the record...

SELECT title, details FROM questions WHERE id = ?

And output it in a preview page.

I have written an example using PDO instead of the basic mysql functions.

form.php:

<form action="process.php" method="post">
    <label for="question_title">Title</label>
    <input id="question_title" name="title"/>
    <label for="question_detail">Detail</label>
    <input id="question_detail" name="detail"/>
    <button type="submit">Submit</button>
</form>

process.php:

<?php

// Create a database connection
$pdo = new PDO("mysql:dbname=test");
// Prepare the insert statement and bind parameters
$stmt = $pdo->prepare("INSERT INTO questions (title, detail) VALUES (?, ?)");
$stmt->bindValue(1, $_POST["title"], PDO::PARAM_STR);
$stmt->bindValue(2, $_POST["detail"], PDO::PARAM_STR);
// Execute the insert statement
$stmt->execute();
// Retrieve the id
$id = $stmt->lastInsertId();

// Prepare a select statement and bind the id parameter
$stmt = $pdo->prepare("SELECT title, detail FROM questions WHERE id = ?");
$stmt->bindValue(1, $id, PDO::PARAM_INT);
// Execute the select statement
$stmt->execute();
// Retrieve the record as an associative array
$row = $stmt->fetch(PDO::FETCH_ASSOC);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>

Without PDO...

form.php:

<form action="process.php" method="post">
    <label for="question_title">Title</label>
    <input id="question_title" name="title"/>
    <label for="question_detail">Detail</label>
    <input id="question_detail" name="detail"/>
    <button type="submit">Submit</button>
</form>

process.php:

<?php

// Create a database connection
$conn = mysql_connect();
// Execute the insert statement safely
mysql_query("INSERT INTO questions (title, detail) VALUES ('" . 
    mysql_real_escape_string($_POST["title"]) . "','" .
    mysql_real_escape_string($_POST["detail"]) . "')", $conn);
// Retrieve the id
$id = mysql_insert_id($conn);
// Close the connection
mysql_close($conn);

header("Location: question_preview.php?id=$id");

question_preview.php:

<?php

// Create a database connection
$conn = mysql_connect();
// Execute a select statement safely
$result = mysql_query("SELECT title, detail FROM questions WHERE id = " .
    mysql_real_escape_string($_GET["id"]), $conn);
// Retrieve the record as an associative array
$row = mysql_fetch_assoc($result);
// Close the connection
mysql_close($conn);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>



回答2:


I assume you want to sort the questions according to the question_id. You could try using the ORDER BY command

example -

$result = mysql_query("SELECT * FROM questions where detail='$detail' ORDER BY question_id")



回答3:


For these type of examples, you need to run Transaction within database below are the

http://dev.mysql.com/doc/refman/5.0/en/commit.html

Or else

Create an random variable stored in session and also insert into database and you call it from database and you can preview it easily.

id | question_code | q_title

question_code is the random value generated before insertion into database,

and save the question_code in a session and again call it for preview.



来源:https://stackoverflow.com/questions/12548671/connecting-html-form-to-php-page-according-to-primary-key

标签
php
mysql
html
database
primary-key
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!