操作下拉列表的默认值答案

【问题标题】：Manipulating the default value of a drop down list操作下拉列表的默认值
【发布时间】：2015-11-05 22:47:02
【问题描述】：

我有一个下拉输入选择“评估测试类型”，基于该选择，某些数据出现在其下方，并带有一个提交按钮。现在我添加到：“评估测试类型”默认值<option selected='selected'></option> 但是如果选择此选项并单击提交1，我想阻止提交按钮出现

$options = '';
$filter=mysql_query("select afnumber from employees WHERE Status='Employed'");
while($row = mysql_fetch_array($filter)) {
    $options .="<option >" . $row['afnumber'] . "</option>";
}
$menu="<form id='filter' name='filter' method='post' action=''>
AFNumber : <select name='SelectAF' id='filter' style='color:grey;'>" . $options . "</select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Evaluation Test Type : <select name='Type' id='type' style='color:grey;'><option selected='selected'></option><option value='loyalty'>Loyalty</option><option value='performance'>Performance</option></select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type='submit' name='submit1' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
</form>
<br>
";
 echo $menu;

if(isset($_POST['submit1']))

{   
$type = $_POST['Type'];

$mysqli = new mysqli("localhost", "root", "Js", "jr");
/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

 if ( $result = $mysqli->query( "SELECT questiontext FROM questioninfo WHERE type='$type'" ) ) {


        $html=array();

        $html[]="
        <form action='' method='post' id='quiz'>
            <ol>";

        $counter=1;

        while( $row = $result->fetch_array() ) {


            $question=$row['questiontext'];
            $answerA=1;
            $answerB=2;
            $answerC=3;
            $answerD=4;
            $answerE=5;

            $html[]="
             <br/>
                <h3>Question {$counter}:&nbsp; {$question}</h3>

                <li>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-$counter-answersA' value='1' />
                    <label for='question-{$counter}-answers-A'> {$answerA} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersB' value='2' />
                    <label for='question-{$counter}-answers-B'> {$answerB} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersC' value='3' />
                    <label for='question-{$counter}-answers-C'> {$answerC} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersD' value='4' />
                    <label for='question-{$counter}-answers-D'> {$answerD} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersE' value='5' />
                    <label for='question-{$counter}-answers-E'> {$answerE} </label>

                </li>";

            $counter++;

        }

        $html[]="
            </ol>
        <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
        <input type='hidden' name='type' value='{$type}' />
        </form>";

        echo implode( PHP_EOL, $html );



    $result->close();

 }
}

if( isset( $_POST['submit'] ) ){ 

    $mysqli = new mysqli("localhost", "root", "Js", "jr");
    if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();}

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;
    $result->close();
}
if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='loyalty'")) {

    $row_cnt1 = $result->num_rows;
    $result->close();
} 

$numQuestions=$row_cnt;
$numQuestions1=$row_cnt1; 
    $type = $_POST['type']; 
if($type == 'performance')
{
for( $counter=1; $counter <= $numQuestions; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 
}
    else if($type == 'loyalty')
    {
for( $counter=1; $counter <= $numQuestions1; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 

}
    else
    {
    }

}

【问题讨论】：

通过echo $_SERVER['REQUEST_METHOD']; 和var_dump($_REQUEST); 在PHP 中检查你得到了什么。
您的代码对 SQL 注入开放。 Please take use of mysqli's preparation and binding of variables to avoid hackers taking advantage of your security hole.
@h2ooooooo sql 注入在插入语句上？
@dan 我没有看到任何插入语句，但"SELECT questiontext FROM questioninfo WHERE type='$type'" 有$type 被注入。而是绑定它。
@h2ooooooo 因为 $type 是用户提供的？

标签： php html html-select

【解决方案1】：

这个答案与 cbugs 基本相同，但更容易阅读/理解。请注意，第三个 $html[] 赋值现在取决于类型 (if ($type) { ....) 的值。

$options = '';
$filter=mysql_query("select afnumber from employees WHERE Status='Employed'");
while($row = mysql_fetch_array($filter)) {
    $options .="<option >" . $row['afnumber'] . "</option>";
}
$menu="<form id='filter' name='filter' method='post' action=''>
AFNumber : <select name='SelectAF' id='filter' style='color:grey;'>" . $options . "</select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Evaluation Test Type : <select name='Type' id='type' style='color:grey;'><option selected='selected'></option><option value='loyalty'>Loyalty</option><option value='performance'>Performance</option></select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type='submit' name='submit1' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
</form>
<br>
";
 echo $menu;

if(isset($_POST['submit1']))

{   
$type = $_POST['Type'];

$mysqli = new mysqli("localhost", "root", "Js", "jr");
/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

 if ( $result = $mysqli->query( "SELECT questiontext FROM questioninfo WHERE type='$type'" ) ) {


        $html=array();

        $html[]="
        <form action='' method='post' id='quiz'>
            <ol>";

        $counter=1;

        while( $row = $result->fetch_array() ) {


            $question=$row['questiontext'];
            $answerA=1;
            $answerB=2;
            $answerC=3;
            $answerD=4;
            $answerE=5;

            $html[]="
             <br/>
                <h3>Question {$counter}:&nbsp; {$question}</h3>

                <li>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-$counter-answersA' value='1' />
                    <label for='question-{$counter}-answers-A'> {$answerA} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersB' value='2' />
                    <label for='question-{$counter}-answers-B'> {$answerB} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersC' value='3' />
                    <label for='question-{$counter}-answers-C'> {$answerC} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersD' value='4' />
                    <label for='question-{$counter}-answers-D'> {$answerD} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersE' value='5' />
                    <label for='question-{$counter}-answers-E'> {$answerE} </label>

                </li>";

            $counter++;

        }


        if ($type)
        {

            $html[]="
             </ol>
             <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
             <input type='hidden' name='type' value='{$type}' />
             </form>";

        } else {

            $html[]="
            </ol>
            <input type='hidden' name='type' value='{$type}' />
            </form>";

        }
        echo implode( PHP_EOL, $html );



    $result->close();

 }
}

if( isset( $_POST['submit'] ) ){ 

    $mysqli = new mysqli("localhost", "root", "Js", "jr");
    if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();}

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;
    $result->close();
}
if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='loyalty'")) {

    $row_cnt1 = $result->num_rows;
    $result->close();
} 

$numQuestions=$row_cnt;
$numQuestions1=$row_cnt1; 
    $type = $_POST['type']; 
if($type == 'performance')
{
for( $counter=1; $counter <= $numQuestions; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 
}
    else if($type == 'loyalty')
    {
for( $counter=1; $counter <= $numQuestions1; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 

}
    else
    {
    }

}

所以，更改的代码部分是：

    if ($type)
    {

        $html[]="
         </ol>
         <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
         <input type='hidden' name='type' value='{$type}' />
         </form>";

    } else {

        $html[]="
        </ol>
        <input type='hidden' name='type' value='{$type}' />
        </form>";

    }

【讨论】：

【解决方案2】：

空默认值有什么意义？我相信你是有原因的。如果它是空的（默认），我可能会检查它的值。如果不为空，则渲染提交，否则不渲染。

【讨论】：

【解决方案3】：

您可以检查 $type 值并仅当它不为空时才包含提交按钮：-

$html[]="
    </ol>
".if($type!=""){"<input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>"}.
<input type='hidden' name='type' value='{$type}' />
</form>";

另外一件事，我没有看到使用条件的必要性：-

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;....

你可以这样做：

$result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='$type'");

不需要条件。

【讨论】：

如果出现错误/失败，$mysqli->query() 将返回 false。所以，条件确实是有目的的。如果没有条件，查询失败会导致$result->num_rows 或$result->fetch_array() 抛出异常，因为$result 将等于false，当然它没有num_rows 属性或fetch_array 方法。
查询只会返回空行数。 $type 值来自下拉列表，如果查询只包含 '$type' 而不是条件，它将更加动态。如果在下拉菜单中添加了新选项，这将避免再次添加新条件。
"查询将只返回空行数。"这是不正确的。您正在做出一个巨大的假设，即没有其他问题。如果网络断了怎么办？数据库挂了？机器内存不足？磁盘空间不足？或任何其他无限数量的查询失败的原因。我不是在谈论返回空结果集。我在谈论失败。 php.net/manual/en/mysqli.query.php 这就是条件的原因。拥有这些条件是完全有意义的。假设查询每次都返回一个结果集是短视的imo。
"失败时返回 FALSE。对于成功的 SELECT、SHOW、DESCRIBE 或 EXPLAIN 查询，mysqli_query() 将返回一个 mysqli_result 对象。对于其他成功的查询，mysqli_query() 将返回 TRUE。" -php.net，关于mysqli的返回值->query()

【解决方案4】：

如果您只想阻止用户选择空白选项，只需在其上使用disabled 属性即可。然后对 select 元素使用required 属性，以防止他们提交空白的“评估测试类型”值。不要忘记在空白选项上添加 value='' 以使所需属性按回答 here 工作。

Evaluation Test Type : 
<select name='Type' id='type' style='color:grey;' required>
    <option value='' selected disabled></option>
    <option value='loyalty'>Loyalty</option>
    <option value='performance'>Performance</option>
</select>

【讨论】：

【解决方案5】：

这必须在 PHP 中完成吗？看起来您在按下 submit1 后重新加载页面，这不是一种非常用户友好的方法。

通常解决此类接口问题的最佳方法是 jQuery，根据需要使用 ajax 请求来查询数据库。这使您可以使用 jQuery 直接评估和操作 DOM，PHP 不是很好。

基本模式：点击 submit1 时，检查下拉列表的值。使用 Ajax 使用该值查询数据库，以便您可以填充并显示第二个下拉列表。如果第一个下拉列表的值是默认值，则隐藏第二个提交按钮。如果不是，则显示第二个提交按钮。

所以是这样的：

$('#submit1').click(function() {
    selectValue = $('#EvaluationTestType').val();
    $.post('path-to-php-script.php',{testType:selectValue},function(data) {
        //get new data from database, build second dropdown

        //show second dropdown
        $('#secondDropdown').show();
        //conditionally show second submit button
        if(selectValue != 'defaultValue') {
            $('#submit2').show();
        }
});

【讨论】：

问题是我不能用js

【解决方案6】：

利用while循环。您正在使用 while 循环意味着将减少代码数量，并且它会自动调整下拉列表。如果数据库中有 5 个列表，那么它将自动调整为 5 。谢谢

【讨论】：