【发布时间】:2022-01-16 08:31:51
【问题描述】:
我希望当用户选择哪个品牌时,模型选择也会按品牌显示。我的问题是,由于我需要第一个品牌的回复,因此无法显示时,如何根据所选品牌获取型号名称。
<div class="col-sm">
<form class="needs-validation" method="post" novalidate>
<div class="form-row">
<div class="col-md-6 mb-10">
<label for="validationCustom03">Select Brand</label>
<select class="form-control custom-select" name="brandname" required>
<option value="">Select Brand</option>
<?php
$ret=mysqli_query($con,"select brandName from tbl_brand");
while($row=mysqli_fetch_array($ret))
{?>
<option value="<?php echo $row['brandName'];?>" ><?php echo $brandnameSelect = $row['brandName'];?></option>
<?php } ?>
</select>
<div class="invalid-feedback">Please select Item.</div>
</div>
</div>
<div class="form-row">
<div class="col-md-6 mb-10">
<label for="validationCustom03">Model</label>
<select class="form-control custom-select" name="modelname" required>
<option value="">Select Model</option>
<?php
$ret=mysqli_query($con,"select modelName from tbl_model WHERE brandID='$brandnameSelect'");
while($row=mysqli_fetch_array($ret))
{?>
<option value="<?php echo $row['modelName'];?>" ><?php echo $row['modelName'];?></option>
<?php } ?>
</select>
<div class="invalid-feedback">Please select Item.</div>
</div>
</div>
<div class="form-row">
<div class="col-md-6 mb-10">
<label for="validationCustom03">Item Name</label>
<input type="text" class="form-control" id="validationCustom03" placeholder="Brand Name" name="brandname" required>
<div class="invalid-feedback">Please provide a valid item name.</div>
</div>
</div>
<button class="btn btn-primary" type="submit" name="submit">Submit</button>
</form>
</div>
</div> ```
【问题讨论】:
-
到目前为止您尝试过什么?你被困在哪里了?另外,请注意,给定的
SELECT查询对于 SQL 注入是广泛开放的 - 更好地使用准备好的语句以避免被黑客入侵 -
到目前为止我被困住了。是的,我知道它很容易发生 SQL 注入,但出于项目目的我必须这样做,但我会在未来解决问题,现在,我需要弄清楚。
-
我在这个问题stackoverflow.com/questions/37497157/… 之后使用ajax 取得了进展,但它不会显示输出。只是没有价值。
-
<?php if(isset($_POST['brandChange'])) { //GETTING THE BRAND ID $brandName = $_POST['brandChange']; $brand = mysqli_query($con,"select * from tbl_brand WHERE brandName = '.$brandName.'"); $brandID= $brand['brandID']; //GETTING THE MODEL DATA $ret = mysqli_query($con,"select * from tbl_model WHERE brandID = '.$brandID.'"); $data=""; while($row=mysqli_fetch_assoc($ret)) { $data .="<option value='".$row['modelName']."'>".$row['modelName']."</option>"; $flag++; } if($flag==0) { $data .="<option value=''>No Model</option>"; } echo $data; } ?> -
警告:您对SQL Injections 持开放态度,应该使用参数化的prepared statements,而不是手动构建查询。它们由PDO 或MySQLi 提供。永远不要相信任何形式的输入!即使您的查询仅由受信任的用户执行,you are still in risk of corrupting your data。 Escaping is not enough!