I make a pop-up form like this, in home.php :
我在home.php中创建了一个这样的弹出窗体:
<script src="js/submit.js"></script>
.........
.........
.........
<div id="abc">
<!-- Popup Div Starts Here -->
<div id="popupContact">
<!-- Form -->
<form action="#" id="form" method="post" name="form">
<input id="month" name="month" placeholder="MONTH" type="text">
<a href="javascript:%20check_empty()" id="submit">ADD</a>
</form>
</div>
<!-- Popup Div Ends Here -->
</div>
I fill the form. When I click 'ADD' button, it runs javascript function. The code in submit.js :
我填写表格。当我点击“添加”按钮时,它会运行javascript功能。 submit.js中的代码:
function check_empty() {
if (document.getElementById('month').value == ""){
alert("Fill column!");
} else {
document.getElementById('form').submit();
$.get("application/insertdata.php");
return false;
}
}
//Function To Display Popup
function div_show() {
document.getElementById('abc').style.display = "block";
}
//Function to Hide Popup
function div_hide(){
document.getElementById('abc').style.display = "none";
}
I want to run query in insertdata.php as below. It needs the value from 'month'.
我想在insertdata.php中运行查询,如下所示。它需要'月'的价值。
<?php
require("phpsqlajax_dbinfo.php");
$conn = mysqli_connect('localhost', $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$data = isset($_POST['month']);
$monthstring = mysqli_real_escape_string($conn, $data);
$sql = "INSERT INTO `databasea`.`tablea` (`MONTH`, `TEST`) VALUES ('". $monthstring ."', 'xxx');";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
The query run successfully, and row is added in my table. 'TEST' column is added with 'xxx'. But in 'MONTH' column, it generates no value, just empty.
查询成功运行,并在我的表中添加了行。 “TEST”列添加了“xxx”。但是在“MONTH”列中,它不会生成任何值,只会为空。
So, how to get the 'month' value? Thank you.
那么,如何获得'月'值?谢谢。
3 个解决方案
#1
4
Since you're using JavaScript/jQuery there is no real need for inline code in your HTML, so let's start there by removing the inline JavaScript:
由于您使用的是JavaScript / jQuery,因此不需要在HTML中使用内联代码,所以让我们从删除内联JavaScript开始:
<script src="js/submit.js"></script>
.........
.........
.........
<form action="#" id="form" method="post" name="form">
<input id="month" name="month" placeholder="MONTH" type="text">
<a href="#" id="submit">ADD</a>
</form>
Much cleaner, no? You weren't passing any data in your function call which may have caused problems for you down the line.
更清洁,不是吗?您没有在函数调用中传递任何数据,这可能会给您带来问题。
Now a simpler setup in your JavaScript/jQuery in which we'll capture the click event and pass the data via $.post:
现在,在JavaScript / jQuery中进行更简单的设置,我们将捕获click事件并通过$ .post传递数据:
$('#submit').click(function(event) {
event.preventDefault(); // prevent the default click action
var month = $('#month').val();
if('' == month) {
alert('fill the column!');
} else {
$.post("application/insertdata.php", {month: month}); // notice how the data is passed
}
});
So far, so good, the code is much tighter and more readable and it actually posts the data from the form to the AJAX call.
到目前为止,这么好,代码更紧凑,更易读,它实际上将表单中的数据发布到AJAX调用。
Finally the PHP, testing to see if the variable month is set properly:
最后PHP,测试是否正确设置变量month:
<?php
require("phpsqlajax_dbinfo.php");
$conn = mysqli_connect('localhost', $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['month'])) {
$data = $_POST['month'];
$monthstring = mysqli_real_escape_string($conn, $data);
$sql = "INSERT INTO `databasea`.`tablea` (`MONTH`, `TEST`) VALUES ('". $monthstring ."', 'xxx');";
mysqli_query($conn, $sql);
}
mysqli_close($conn);
?>
NOTE: I am concerned that you might have more than one of these forms on your page and you may be duplicating ID's which will not work and the duplicate ID's will need to be removed. If this is the case the jQuery code I've written needs to be changed. Here is one way to do that:
注意:我担心您的页面上可能有多个这样的表单,并且您可能正在复制不起作用的ID,并且需要删除重复的ID。如果是这种情况,我写的jQuery代码需要更改。这是一种方法:
$('a').click(function(event) {
event.preventDefault(); // prevent the default click action
var month = $(this).prev('input').val(); // get the input next to the link
if('' == month) {
alert('fill the column!');
} else {
$.post("application/insertdata.php", {month: month});
}
});
As I stated in comments Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe! Changing to prepared statements will make your code cleaner and safer.
正如我在评论中所说,Little Bobby说你的脚本存在SQL注入攻击的风险。了解MySQLi的预准备语句。即使逃避字符串也不安全!更改为准备好的语句将使您的代码更清晰,更安全。
#2
2
Hi use $data = $_POST['month'];
嗨使用$ data = $ _POST ['month'];
isset will return true or false not value of month
isset将返回true或false而不是month的值
#3
2
Replace
$data = isset($_POST['month']);
by
if(isset($_POST['month'])) {
$data=$_POST['month'];
}
#1
4
Since you're using JavaScript/jQuery there is no real need for inline code in your HTML, so let's start there by removing the inline JavaScript:
由于您使用的是JavaScript / jQuery,因此不需要在HTML中使用内联代码,所以让我们从删除内联JavaScript开始:
<script src="js/submit.js"></script>
.........
.........
.........
<form action="#" id="form" method="post" name="form">
<input id="month" name="month" placeholder="MONTH" type="text">
<a href="#" id="submit">ADD</a>
</form>
Much cleaner, no? You weren't passing any data in your function call which may have caused problems for you down the line.
更清洁,不是吗?您没有在函数调用中传递任何数据,这可能会给您带来问题。
Now a simpler setup in your JavaScript/jQuery in which we'll capture the click event and pass the data via $.post:
现在,在JavaScript / jQuery中进行更简单的设置,我们将捕获click事件并通过$ .post传递数据:
$('#submit').click(function(event) {
event.preventDefault(); // prevent the default click action
var month = $('#month').val();
if('' == month) {
alert('fill the column!');
} else {
$.post("application/insertdata.php", {month: month}); // notice how the data is passed
}
});
So far, so good, the code is much tighter and more readable and it actually posts the data from the form to the AJAX call.
到目前为止,这么好,代码更紧凑,更易读,它实际上将表单中的数据发布到AJAX调用。
Finally the PHP, testing to see if the variable month is set properly:
最后PHP,测试是否正确设置变量month:
<?php
require("phpsqlajax_dbinfo.php");
$conn = mysqli_connect('localhost', $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['month'])) {
$data = $_POST['month'];
$monthstring = mysqli_real_escape_string($conn, $data);
$sql = "INSERT INTO `databasea`.`tablea` (`MONTH`, `TEST`) VALUES ('". $monthstring ."', 'xxx');";
mysqli_query($conn, $sql);
}
mysqli_close($conn);
?>
NOTE: I am concerned that you might have more than one of these forms on your page and you may be duplicating ID's which will not work and the duplicate ID's will need to be removed. If this is the case the jQuery code I've written needs to be changed. Here is one way to do that:
注意:我担心您的页面上可能有多个这样的表单,并且您可能正在复制不起作用的ID,并且需要删除重复的ID。如果是这种情况,我写的jQuery代码需要更改。这是一种方法:
$('a').click(function(event) {
event.preventDefault(); // prevent the default click action
var month = $(this).prev('input').val(); // get the input next to the link
if('' == month) {
alert('fill the column!');
} else {
$.post("application/insertdata.php", {month: month});
}
});
As I stated in comments Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe! Changing to prepared statements will make your code cleaner and safer.
正如我在评论中所说,Little Bobby说你的脚本存在SQL注入攻击的风险。了解MySQLi的预准备语句。即使逃避字符串也不安全!更改为准备好的语句将使您的代码更清晰,更安全。
#2
2
Hi use $data = $_POST['month'];
嗨使用$ data = $ _POST ['month'];
isset will return true or false not value of month
isset将返回true或false而不是month的值
#3
2
Replace
$data = isset($_POST['month']);
by
if(isset($_POST['month'])) {
$data=$_POST['month'];
}