0

1 つのテーブル 'category' (2 つの列 cat_id とカテゴリ名がある) からデータを取得するドロップダウンを作成し、別のテーブル GALLERY に列の値を挿入したい.. cat_id を取得することはできますが、できませんfetch categoryname ..助けてください..SQL インジェクションは問題ありません

 <?php
    include_once("header.php");
    include ("connection.php");
    if(isset($_REQUEST['ansave']))
    {
    $a=$_REQUEST['choosecategory'];
    $image=$_FILES['uploadgallery']['name'];// name given in input type 
    $ext=substr(strchr($image,'.'),1);//it breaks the string in part so that format can be matched
    if($ext!='jpg' && $ext!='jpeg' && $ext!='png' && $ext!='gif' && $ext!='JPG' && $ext!='JPEG')
    {
    echo "please select image";
    }
    else
    {
    $path="gallery/".$image; //folder in which image to be saved
    $action=copy($_FILES['uploadgallery']['tmp_name'],$path);//name given in input type (line72)
    $query="insert into gallery (`cat_id`,`galimage`) values('$a','$image')";
    $result=mysql_query($query);`enter code here`
    echo "insert successfully";
    }
    }
    ?>


         <option selected> -- select -- </option>';
           <?php $sql = "SELECT * FROM category";
        $result = mysql_query($sql);
        while($row=mysql_fetch_array($result)){
        echo '<option value="'.$row['cat_id'].'">'.$row['categoryname'].'</option>';
        }


   ?>
4

1 に答える 1

0

お役に立てば幸いです。

      <?php
             include_once("header.php");
             include ("connection.php");
             if(isset($_REQUEST['ansave']))
             {
                $a=$_REQUEST['choosecategory'];
                $image=$_FILES['uploadgallery']['name'];// name given in input type
                $ext=substr(strchr($image,'.'),1);//it breaks the string in part so that format can be matched
                if($ext!='jpg' && $ext!='jpeg' && $ext!='png' && $ext!='gif' && $ext!='JPG' && $ext!='JPEG')
                {
                     echo "please select image";
                 }else  {
                     $path="gallery/".$image; //folder in which image to be saved
                     $action=copy($_FILES['uploadgallery']['tmp_name'],$path);//name given in input type (line72)

                     $sqlCategory = "SELECT categoryname FROM category where cat_id='".$a."' ";
                     $resultCategory = mysql_query($sqlCategory);
                     $rowCategory=mysql_fetch_array($resultCategory);
                     $categoryname = $rowCategory['categoryname']; // category name

                     $query="insert into gallery (`cat_id`,`galimage`) values('$a','$image')";
                     $result=mysql_query($query);
                    echo "insert successfully";
                }
            }
          ?>
于 2013-10-31T19:47:45.680 に答える