您的位置: 首页  >  技术问答  >  使用表单选项值作为PHP变量来执行准备好的SQL语句

使用表单选项值作为PHP变量来执行准备好的SQL语句

分类: 技术问答 2022-03-02 11:21:16

使用表单选项值作为PHP变量来执行准备好的SQL语句

问题描述:

I just started using PHP last week and I've been searching around for a solution for this quite extensively but I can't wrap my brain around the answers I've come across.

I essentially have a form that looks like this in index.html:

<form method="post" action="actionTest.php">
    <select name="courseID">
        <option value = "111">Course 1</option>
        <option value = "222"> Course 2 </option>
        <option value ="333"> Course 3 </option>
    </select>
    <input type="submit" />
</form>

And then a prepared statement in my actionTest.php file

//variable for selected option value?
//$courseSelect = [???]

//query
$sql = "SELECT * FROM courses WHERE course_id = ?";

//prepare the query
$q = $con->prepare($sql);

//execute the statement
$q->execute();

//setting fetch mode for statement
$q->setFetchMode(PDO::FETCH_ASSOC);

//display fetched data
while($r = $q->fetch()){
    echo $r['name'] . "
";
    echo $r['course_id'] . "
";
    echo $r['description'] . "
";
    echo "</br>";
}

I've written a simple PHP script that will echo what value has been selected when you submit the form, so I know I can retrieve the value I need. I guess I'm generally confused about how to store the option value in a variable to pass to the query. Any help or references to help are greatly appreciated!

By reading from the manual (http://nl1.php.net/pdo.prepared-statements) you can bind your param in this way:

$q = "SELECT * FROM courses WHERE course_id = ?";
$q->bindParam(1, $myValue, PDO::PARAM_INT);

// insert one row
$myValue = $_POST['courseID'];
$q->execute();

It seems you are looking for PDO bindParam()

First, get your posted value. This code sets the variable to false if no value is posted:

$course_id= isset($_POST['courseID']) ? $_POST['courseID'] : false;

Then prepare your query:

// query
$sql = "SELECT * FROM courses WHERE course_id = ?";

// prepare query
$q = $con->prepare($sql);

// bind the parameter to the query
$q->bindParam(1,$course_id,PDO::PARAM_INT);

//execute the statement
$q->execute();

//display fetched data
while($r = $q->fetch(PDO::FETCH_ASSOC)){
    echo $r['name'] . "
";
    echo $r['course_id'] . "
";
    echo $r['description'] . "
";
    echo "</br>";
}

Alternatively, in your context you can skip the bind and just execute with your parameter:

$q->execute(array($course_id));

相关推荐