如果else语句和Java脚本编码问题

if else statement and java script coding problems

本文关键字:脚本 编码 问题 Java else 语句 如果      更新时间:2023-09-26

我的想法是系统会弹出一个框,显示是或取消,如果取消被选中,那么它不会存储在MYSQL数据库中,如果是,则存储在数据库中,现在的问题是它存储在数据库中,无论我点击是或取消,我该如何解决这个问题?

if(isset($_POST['submit'])){

if($favour=="Chocolate"and $topping=="Chocolate Chip"){
    ?>
    <script type="text/javascript">
        if(window.confirm("You have selected chocolate's favour and chocolate's topping, are you sure?")) { alert("You have apply successfully");window.location="index.php";
        } else {
            window.location="customization.php";
        }
    </script>
    <?php
}
elseif($favour=="Fruit"and $topping=="Mix Fruit"){
    ?>
    <script type="text/javascript">
        if(window.confirm("You have selected Fruit's favour and Fruit's topping, are you sure?")) { alert("You have apply successfully");window.location="index.php";
        } else {
            window.location="customization.php";
        }
    </script>
<?php
}
mysql_query("INSERT INTO customization (cakesize,cfavour,topping, ccolor, cmessage,customizeMessage, C_date, Member_ID,status) VALUES ('$cakesize','$favour' ,'$topping', '$color' ,'$cmessage','$cumessage', '$date', '$uname','pending')");
}
?>

显然你有一个问题,那是JS和PHP的混合物,对代码的想法将不能很好地工作,你需要把它们分开。这样做:(你只需要根据你的需要来调整)

<?php
if(isset($_POST['submit'])){
    extract($_POST);
    $con = new mysqli('localhost', 'username', 'password', 'database');
    $stmt = $con->prepare('
        INSERT INTO customization (cakesize,cfavour,topping, ccolor, cmessage,customizeMessage, C_date, Member_ID,status)' 
        VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)
    );
    $stmt->bind_param('sssssssis', $cakesize, $favour, $topping, $color, $cmessage, $cumessage, $date, $uname, 'pending');
    $stmt->execute();
    if($stmt->affected_rows > 0) {
        // insert success!
        echo '<script>alert("Success!");</script>';
    }
}
?>
<form method="POST" name="form" onsubmit="handle_form()">
    <!-- your input forms blah blah -->
</form>
<script type="text/javascript">
function handle_form() {
    var favour = document.forms['form']['favour'].value;
    var topping = document.forms['form']['topping'].value;
    var message = '';
    if(favour == 'Chocolate Chip' && topping == 'Chocolate Chip') {
        message = 'You have selected chocolate's favour and chocolate's topping, are you sure?';
    } elseif(favour == 'Fruit' && topping == 'Mix Fruit') {
        message = 'You have selected Fruit's favour and Fruit's topping, are you sure?';
    }
    if(confirm(message)) {
        document.getElementsByName('form').submit();
    } else {
        window.location = "customization.php";
    }
}
</script>

旁注:你有sql注入倾向,使用mysql或PDO,使用参数化语句。

相关文章: